Trusted Platform Module (TPM) is a cryptographic module that adds hardware-based security benefits to a system. It restricts unauthorized access to your data, particularly from vectors like brute-force attacks.

Historically, TPM used to be implemented through a dedicated chip on the motherboard. On modern boards, manufacturers tend to integrate TPM into the chipset and implement it as a firmware-based solution rather than a discrete chip.

In either case, you may enable the Firmware TPM (fTPM) on ASRock motherboards from your firmware interface. The steps will vary slightly between Intel and AMD processors.

intel-platform-trust-technology-asrock

Why Should You Enable TPM

A major reason why TPM has suddenly become a mainstream concern is that TPM 2.0 is one of the minimum requirements for Windows 11. While there are ways tobypass this requirement, officially you may’t install Windows 11 without enabling TPM 2.0.

Besides this, it’s just a good idea to enable TPM for its security benefits. Some of the ones relevant to the end-user include:

TPM can create and store a hash key summary of your system configuration. Anti-malware software can use TPM’s log of boot components to determine whether this hash matches or not for each boot. If a system has been tampered with, the measurement won’t match and thesystem won’t bootto protect your data.

save-bios-changes-asrock

Some examples of tampering include malware, brute-force attacks, remote access attempt from an unauthorized source, or simply moving the HDD to a different system (usually done to bypass password protection at log-in).

BitLocker Drive Encryption

BitLocker encrypts the OS volume so that even if the volume is mounted to a different system to bypass protection methods, your data still remains secure. BitLocker works with TPM to ensure you may only access the data if system integrity is verified (through measured boot).

asrock-bios-advanced-cpu-configuration

Dictionary Attack Protection

Keys protected by TPM can use an authorization value like a PIN. TPM can limit the number of attempts to determine the PIN in a more secure manner compared to software solutions.

Windows Hello replaces passwords with other authentication methods like encrypted keys. Protecting these keys with TPM is more secure compared to software-based techniques.

amd-cpu-ftpm-switch-asrock

Enabling TPM On ASRock Intel Boards

As mentioned earlier, TPM is configured through yourfirmware interface. Here are the necessary steps if you’re using an Intel processor:

tpm-mmc-windows-1