So I’m getting round to preparing my PC for Windows 11, and I just have to activate TPM 2.0. I have found it in UEFI BIOS and went to activate it and this warning came up. Where can I find/set the firmware TPM key.

I’d rather know this before activating TPM, than get caught with my pants down at a later date.

  • Telorand@reddthat.com
    link
    fedilink
    English
    arrow-up
    4
    ·
    26 days ago

    The whole point of the TPM is that the encryption keys are securely stored on the device. There’s nowhere you can “get them,” and keys are set automatically.

    What it looks like it’s saying is that if you decide to use the optional BitLocker, the encryption keys will be stored in the TPM. If you were to replace your motherboard (or the TPM board, if it’s a separate hardware device), you would only be able to recover your Windows drive if you had “the recovery key.”

    I’ve never bothered with BitLocker, but I would suspect that they’ll generate a recovery key for you in the event you need to decrypt your device manually later on.

    • LordOfLocksleyOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      26 days ago

      Ok thanks, so nothing for me to securely store. I’ll proceed with the activation then.

      • Telorand@reddthat.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        26 days ago

        If it’s any consolation, I have an AMD processor with an fTPM (their version of TPM on the CPU), and I didn’t have any issues upgrading to Win 11 Pro. BitLocker is optional, so if you don’t plan to encrypt your drive, I wouldn’t worry about it.

        Most likely, they’re just covering their asses in the event somebody upgrades their hardware and gets locked out of their boot drive.

      • AlexisFR@jlai.lu
        link
        fedilink
        English
        arrow-up
        1
        ·
        26 days ago

        Can confirm, if you enable bit locker, it’ll force you into saving the recovery key!