Enabled TPM, But There is no Recovery Key

[kapserg]

I enabled TPM on BIOS and it said if I loose the recovery key, my PC will be inaccessible. It didn't give me a password nor wanted me to set a password. What does it mean by recovery key? The sign is something like this;  

[Murasaki]

Yeah I read that too and was curious. I think the TPM needs to be cleared first in order to get any key/password. Though im not sure if this is even necessary.

[Guest]

You don't "get" a key, you create one.

 

The TPM is for saving passwords for bios and operating system file passwords so they are not stored in the hard drive.

 

One of the draw backs of the TPM is if you remove a hard drive, the TPM module will lock the computer because it thinks the drive was tampered with or stolen.

 

I have a feeling TPM for people that have no idea what it's for or how to use it will create many problems. But all in the name of security though.

 

Good luck!

[kapserg]

41 minutes ago, ShrimpBrime said:

You don't "get" a key, you create one.

 

The TPM is for saving passwords for bios and operating system file passwords so they are not stored in the hard drive.

 

One of the draw backs of the TPM is if you remove a hard drive, the TPM module will lock the computer because it thinks the drive was tampered with or stolen.

 

I have a feeling TPM for people that have no idea what it's for or how to use it will create many problems. But all in the name of security though.

 

Good luck!

So if I disconnect something from the motherboard it will lock the PC? Will it unlock itself once I reconnect it?

[Mister Woof]

1 hour ago, ShrimpBrime said:

You don't "get" a key, you create one.

 

The TPM is for saving passwords for bios and operating system file passwords so they are not stored in the hard drive.

 

One of the draw backs of the TPM is if you remove a hard drive, the TPM module will lock the computer because it thinks the drive was tampered with or stolen.

 

I have a feeling TPM for people that have no idea what it's for or how to use it will create many problems. But all in the name of security though.

 

Good luck!

So I don't know anything about this feature - I thought the primary reason was to help encrypt drives.

 

Does this affect the hardware (not the drive) itself? How do you clear the hardware? For example getting second hand hardware with this feature enabled, how would you go about just wiping everything and starting over? 

What about TPM affected hard drives and storage? Can those be completely wiped to be able to be used again, or are they just bricked?

[Guest]

4 hours ago, Mister Woof said:

So I don't know anything about this feature - I thought the primary reason was to help encrypt drives.

 

Does this affect the hardware (not the drive) itself? How do you clear the hardware? For example getting second hand hardware with this feature enabled, how would you go about just wiping everything and starting over? 

What about TPM affected hard drives and storage? Can those be completely wiped to be able to be used again, or are they just bricked?

It will keep all that was passworded encrypted. 

 

Pushing TPM on everyone is going to be a micro-nightmare. 

 

Think of it like a laptop that is bios passworded.  There is no back door if you forget the password.

[Mister Woof]

31 minutes ago, ShrimpBrime said:

It will keep all that was passworded encrypted. 

 

Pushing TPM on everyone is going to be a micro-nightmare. 

 

Think of it like a laptop that is bios passworded.  There is no back door if you forget the password.

What happens if you remove the storage media that's encrypted? Is the motherboard hardware still bricked?

[freeagent]

Because of your posts in this thread I have put 10 back on my machine. I move hardware around all the time I can’t have components bricking because I moved a drive from one system to another, or some other issue caused by tpm. I didn’t know what it was I didn’t even google it.. Thanks buddy.

 

I did notice an option in the fTPM menu that deletes the key when you do a bios reset. I essentially did just that by switching to a new oc profile that did not have fTPM enabled. Wiping the 11 install was a nerve wracking moment.. it felt like Russian roulette lol. Only because I didn’t know what I was doing

 

Mind you I have not removed any hardware yet..

[Mister Woof]

1 minute ago, freeagent said:

Because of your posts in this thread I have put 10 back on my machine. I move hardware around all the time I can’t have components bricking because I moved a drive from one system to another, or some other issue caused by tpm. I didn’t know what it was I didn’t even google it.. Thanks buddy.

 

I did notice an option in the fTPM menu that deletes the key when you do a bios reset. I essentially did just that by switching to a new oc profile that did not have fTPM enabled. Wiping the 11 install was a nerve wracking moment.. it felt like Russian roulette lol. Only because I didn’t know what I was doing

 

Mind you I have not removed any hardware yet..

Please keep us posted with your findings.

 

This sounds like a pain in the ass.

[freeagent]

2 minutes ago, Mister Woof said:

Please keep us posted with your findings.

 

This sounds like a pain in the ass.

Will do

[Selle]

If you activate bitlocker your drive will be encrypted, en the encryption key will be stored in the tmp chip. You will find the recovery key under the bitlocker settings in windows. 
 

Before you do any HW changes you go in to the bitlocker settings, press suspend protection, shut down the system, do the HW change, and bitlocker will be reactivated when you boot to windows again

 

If you need the recovery key and don’t have a backup, you can log in with you Microsoft account at Microsoft.com, and find the recovery key there if you have used a personal account, if you have a business account you have to contact your system administrator. 
 

If you for some reason cant get the recovery key you will loose you data, but no HW will be bricked, you can wipe the drive and reinstall windows, and you are up and running again. Same if you get 2nd hand HW
 

Dont loose your bios password, in manny systems that cant be recovered. My recommendation is to not set any bios password unless you have a very specific reason for it

[Guest]

4 hours ago, Mister Woof said:

What happens if you remove the storage media that's encrypted? Is the motherboard hardware still bricked?

Sry for the late reply. Been SUPER busy lately.

 

There's different versions of TPM and of course Intels PPT found in OEMs.

 

So not really speaking of experience outside the OEM older 1.0 or 1.2v, while the latest is 2.0.

 

I'm not fond of hard core data protection like this. So it won't be an adventure for me personally.

 

The most issues would probably be using an encrypted drive once removed from the system. 

 

Be it a storage drive or a OS drive, this technology is protected on the firmware/hardware level as well as software.

 

I thing you can hot swap a storage drive for example and still use it providing you have the password, however the OS drive will only post on the original system it was setup on in most cases likely reliant on the Mac addressing and so forth depending on how the algorithm works.... 

 

And you don't need to install Windows 11 to use TPM. It's been around for quite a while now. So I'm not in full understanding why M$ needs to push this on people. I think it's a joke honestly.