Windows 11 comes with an optional TPM Diagnostics tool

Microsoft has added a new Windows 11 feature that lets you test the Trusted Platform Module (TPM) chip on your computer. The TPM is a security chip that can be used to validate your computer digital signing certificates. The optional tool is called the Windows Device Recovery Tool (WDRT).

Back in the Windows 8 days, all Windows devices shipped with a TPM (Trusted Platform Module) module. This module is not only used to make sure that only the device itself can read and write to the data stored on the module, but also to ensure that all data on the module itself remains secure even if someone manages to hack into the system. However, a small bug in the Windows 10 variant of the TPM (called TPM 1.2) made it possible to read and write to the module’s data. This issue has been fixed in Windows 10, but it is still present in Windows 8.1.

The TPM stands for Trusted Platform Module, and is also known as the platform chip for managing security. In the past, for secure Windows builds, Microsoft has mandated that TPM be enabled by default. Now, as part of the release of Windows 11, Microsoft has made it optional, and players can enable TPM support before installing Windows.. Read more about when did windows 10 come out and let us know what you think.

Alexandru Polobok Editor-in-Chief

With an overwhelming desire to get to the bottom of things and get to the truth, Alex has spent much of his time as a reporter, presenter, on television and radio….. Read more

  • Microsoft is developing a new tool to help users make the most of TPM security chips.
  • Windows 11 comes with this additional software specifically designed to address one of the most criticized needs of the operating system.
  • Administrators can use TpmDiagnostics.exe to thoroughly query the information stored on TPM chips.
  • This article contains a complete list of commands you can use with this new software in Windows 11.

You might be interested to know that Windows 11 includes a new additional feature, TPM Diagnostics, a tool that allows administrators to view the TPM security processor of a particular device.

An obvious decision, given Microsoft’s insistence on these TPM 2.0 security processors as a prerequisite for certain security features to work.

New operating system has standard TPM diagnostic tool

As you probably already know from the endless discussions this Windows 11 requirement has generated, the TPM chip is actually a hardware-based security processor.

Its main purpose is to protect encryption keys, user data and other sensitive data from malware attacks and other forms of hacking or data mining.

Microsoft continues to emphasize this requirement and in a new blog post emphasizes the crucial importance of this small piece of hardware.

The PCs of the future will need this advanced hardware trust base to repel common and sophisticated attacks, such as ransomware and even more sophisticated nation-state attacks. The TPM 2.0 requirement increases the security level of hardware by requiring an embedded trust base.

A new Windows 11 command-line program called TPM Diagnostics now allows all administrators to query the TPM chip.

After installing the software, you will find a new executable file tpmdiagnostics.exe in the C:WindowsSystem32 folder.

TPM 2.0 is an essential part of securing your customers with Windows Hello and BitLocker to better protect their identity and data. In addition, TPMs help many enterprise customers implement Zero Trust security by providing a secure element for device validation.

What commands can I use with this new tool?

It is important to note that if you do not understand what data is stored on the TPM chip, it is not advisable to interfere too much with its storage.

Any error on your part may result in the accidental deletion of keys necessary for the operation of your unit.

Note that the Microsoft Trusted Platform documentation and the new TpmDiagnostics.exe utility can provide a wealth of information about basic Windows 11 security mechanisms.

Here’s the full list of commands you can use with the new Windows 11 TPM tool:

tpm diagnostics : Utility for Windows 10 build 22000
Copyright (c) Microsoft Corporation. All rights reserved.

Flags :
PrintHelp ( /h -h )
PromptOnExit ( -x /x )
UseECC ( -ecc /ecc )
UseAes256 ( -aes256 /aes256 )
QuietPrint ( -q /q )
PrintVerbosely ( -v /v )

Use the command ‘help’ to get more information about the command.
Teams:

TpmInfo :
GetLockoutInfo
IsOwned
PlatformType
CheckFIPS
ReadClock
GetDeviceInformation
IfxRsaKeygenVulnerability
GatherLogs [full directory path]
PssPadding
IsReadyInformation

TpmTask:
MaintenanceTaskStatus
ShowTaskStatus
IsEULAAccepted
ProvisionTpm [force delete] [allow PPI prompt].

TpmProvisioning :
PrepareTPM
CanUseLockoutPolicyClear
CanClearByPolicy

AutoProvisioning :
IsAutoProvisioningEnabled
EnableAutoProvisioning
DisableAutoProvisioning [-o

EK:
EkInfo
ekchain
EkCertStoreRegistry
GetEkCertFromWeb [-ecc] [certificate file]
GetEkCertFromNVR [-ecc] [certificate file]
GetEkCertFromReg [-ecc] [ output file ]
GetEk [-ecc] [key file]
CheckEkCertState
InstallEkCertFromWeb
InstallEkCertFromNVR
InstallEkCertThroughCoreProv
EKCertificateURL

FensterAIK :
InstallWindowsAIK [-skipCert]
WinAikPersistedInTpm
UninstallWindowsAIKCert
GetWindowsAIKCert [cert file]
IsWindowsAIKInstalledInNCrypt
EnrollWindowsAIKCert
GetWindowsAIKPlatformClaim [fresh] [output file].

OtherKi :
PrintPublicInfo [ srk / aik / ek / handle ] [-asBcryptBlob / -RsaKeyBitsOnly / -RsaSymKeyBitsOnly] [-ecc]
TestParms [ SYMCIPHER | RSA ] [ Arguments for a specific algorithm ]
EnumerateKeys

NVStorage:
EnumNVIndex
DefineIndex [index] [size] [attribute flags]
UndefineIndex [index]
ReadNVIndexPublic [index]
WriteNVIndex [index] [hex data | file filename]
ReadNVIndex [index]
NVSummary

NVBootCounter:
CheckBootCounter
ReadBootCounter[/f].

PCR:
PrintPcrs

Physical presence :
GetPPTransition
GetPPVersionInfo
GetPPResponse
GetPPRequest

TPMCommandsAndResponses:
CommandCode [hexadecimal command code]
ResponseCode [hexadecimal response code].

Continued:
EnableDriverTracing
DisableDriverTracing
FormatTrace [etl file] [output json file].

DRTM :
DescribeMle [Binary MLE]

Miscellaneous:
Help [command name]
DecodeBase64File [file to be decoded to base 64]
EncodeToBase64File [file to be encoded]
ReadFileAsHex [file to be read]
ConvertBinToHex [file to be read] [file to be written]
ConvertHexToBin [file to be read]
Hash [hex bytes or raw value to be hashed]
GetCapabilities

Was this page helpful? Thank you.

Not enough details.

It’s hard to understand

Other

Contact an expert

Take part in the discussion

Frequently Asked Questions

Is TPM required for Windows 11?

No, TPM is not required for Windows 11.

Does secure boot require TPM?

No, secure boot does not require a TPM.

How do I install TPM on Windows 10?

To install TPM on Windows 10, you must first enable the TPM in BIOS.

Related Tags:

when did windows 10 come outis windows 10 freewindows 10 21h1latest windows 10 update,People also search for,Feedback,Privacy settings,How Search works,when did windows 10 come out,is windows 10 free,windows 10 21h1,latest windows 10 update

Leave a Comment

Your email address will not be published. Required fields are marked *