TPN Administration
Windows 10
To access do the following
-
Open BitLocker
-
Click TPM Administration
A TPM is a microchip designed to provide
basic security-related functions, primarily involving encryption
keys. The TPM is usually installed on the motherboard of a computer
or laptop, and communicates with the rest of the system using a
hardware bus.
Computers that incorporate a TPM have the ability to create
cryptographic keys and encrypt them so that they can be decrypted
only by the TPM. This process, often called "wrapping" or "binding"
a key, can help protect the key from disclosure. Each TPM has a root
"wrapping" key, called the Storage Root Key (SRK), which is stored
within the TPM itself. The private portion of a key created in a TPM
is never exposed to any other component, software, process, or
person.
Computers that incorporate a TPM can also create a key that has not
only been wrapped, but also tied to certain platform measurements.
This type of key can only be unwrapped when those platform
measurements have the same values that they had when the key was
created. This process is called "sealing" the key to the TPM.
Decrypting it is called "unsealing." The TPM can also seal and
unseal data generated outside of the TPM. With this sealed key and
software like Windows® BitLocker™ Drive Encryption, you can lock
data until specific hardware or software conditions are met.
With a TPM, private portions of key pairs are kept separated from
the memory controlled by the operating system. Keys can be sealed to
the TPM, and certain assurances about the state of a system—that
define its "trustworthiness"—can be made before the keys are
unsealed and released for use. Because the TPM uses its own internal
firmware and logic circuits for processing instructions, it does not
rely upon the operating system and is not exposed to external
software vulnerabilities.
For more information,
click here