TPM 1.2 vs 2.0: Here’s everything you need to know – WindowsReport.com

by Milan Stanojevic

Deputy Editor

As you probably know, Windows 11 was recently announced, and it brings a wide array of new features as well as some specific requirements.

Regarding Windows 11 hardware requirements, the new change everybody is talking about is the TPM chip, and unless you have it, you wont be able to upgrade to Windows 11 due to TPM 2.0 errors.

There are two versions of TPM, and in this guide, were going to compare TPM 1.2 vs 2.0 and see which one is better.

TPM was first introduced by Trusted Computing Group in 2009, and since then it has been used in computers, ATM devices, and set-top boxes.

As for the TPM 1.2, it was released in 2005, and it has received the last revision in 2011. On the other hand, TPM 2.0 was released initially in 2014, while the latest revision being from 2019.

The two versions have various differences, but before we start comparing them, lets see what TPM does and how it protects your PC.

TPM stands for Trusted Platform Module, and its a dedicated microcontroller that provides encryption features and an additional layer of security to your PC.

TPM is usually a chip on your motherboard, but it can be also integrated inside of the CPU, or it can run in firmware separately. Some motherboards have TPM connectors, so you can add a TPM chip on your own.

Theres also a completely virtual TPM that runs on a software level, but many experts believe that its not as safe as its physical counterpart.

TPM is used mostly for encryption, and it will generate and store parts of the encryption keys. This means that if you want to unlock an encrypted drive, youll need to use the same TPM chip that generated the encryption key.

Since the encryption key isnt stored on your drive, its harder for hackers to decrypt your data since they need access to the TPM chip as well.

TPM chips also have tamper protection, and in case the chip or motherboard is tampered with by a hacker, the TPM should still be able to keep your data locked.

In addition to encryption, the TPM can protect your PC from bootloader malware by verifying the boot loader. In case your bootloader has been tempered with, TPM will prevent your system from booting.

TPM also has a Quarantine Mode that you can use to fix bootloader issues. Lastly, TPM stores all your passwords inside it, which makes them secure from hackers.

As for other uses, TPM is used for digital rights management, protection of software licenses, and in some cases, as prevention from cheating in video games.

TPM 2.0 is an improvement over TPM 1.2, and while they are similar, you should know that TPM 2.0 isnt compatible with TPM 1.2.

TPM 1.2 has a one-size-fits-all specification, while the 2.0 version has platform-specific specifications that define which parts of the library are mandatory or optional.

As for algorithms on TPM 1.2, SHA-1 and RSA are required, while the AES is optional. With TPM 2.0, SHA-1 and SHA-256 are required for hashes.

RSA and ECC with Barreto-Naehrig 256-bit curve and a NIST P-256 curve are used for public-key cryptography and asymmetric digital signature generation and verification in TPM 2.0.

As for symmetric digital signature generation, the TPM 2.0 is using the HMAC, and 128-bit AES for symmetric-key algorithms.

The difference between algorithms is noticeable, which makes TPM 2.0 a far secure solution.

Regarding the crypto primitives, the TPM 1.2 and 2.0 offer the following:

Despite sharing the same features, TPM 2.0 uses Direct Anonymous Attestation using the Barreto-Naehrig 256-bit curve, so its safer to use.

In terms of hierarchy, TPM 1.2 has just the storage hierarchy, while TPM 2.0 has a platform, storage, and endorsement hierarchy.

Regarding the root keys, only SRK RSA-2048 is supported with TPM 1.2, while the TPM 2.0 supports multiple keys and algorithms per hierarchy.

As for authorization, TPM 1.2 uses HMAC, PCR, locality, and physical presence. TPM 2.0 offers the same authorization features as well as password protection.

In terms of NVRAM, TPM 1.2 supports only unstructured data, while TPM 2.0 supports unstructured data, Counter, Bitmap, Extend, PIN pass and fail.

As you can see, TPM 2.0 offers a wide array of improvements, and its a more secure choice when it comes to data protection and encryption.

Heres a quick overview of the algorithms that TPM 1.2 and TPM 2.0 support.

TPM 1.2 only uses the SHA-1 hashing algorithm, which is a problem since SHA-1 isnt secure, and many agencies started moving to SHA-256 in 2014.

Microsoft and Google removed the support for SHA-1 based signing of certificates in 2017. Its also worth mentioning that TPM 2.0 supports newer algorithms that will improve drive signing and key generation performance.

TPM 2.0 also offers a more consistent experience, and the lockout policy is configured by Windows. With TPM 1.2, the implementations vary by policy settings, which can be a security concern.

We also have to mention that certain features such as device encryption, Windows Defender System Guard, Autopilot, and SecureBIO are available only when using TPM 2.0.

Heres a list of features that TPM 1.2 and TPM 2.0 support:

When it was first announced, the Windows 11 hardware requirements stated that Windows 11 will work with TPM 1.2 and TPM 2.0, with the latter being a more secure choice.

According to the documentation, an upgrade to Windows 11 would be allowed with a TPM 1.2 chip, but not advised. However, Microsoft has updated its documentation, and currently, the TMP 2.0 stands as the requirement for Windows 11.

This leads us to believe that TPM 2.0 is the requirement for Windows 11 and that users with TMP 1.2 chips wont be able to use Windows 11.

However, theres a way to install Windows 11 without TPM, if youre tech-savvy. On the bright side, it seems that some Windows 11 systems will work without TPM 2.0 chips, which is great news for many.

Although TPM was developed initially for business users, the technology is now available on home PCs as well.

While encrypting your data isnt essential for home users, if you want to ensure that your files are safe at all times, then encrypting your files and using TPM is a must.

Not all encryption requires TPM, but using it offers a layer of hardware security which makes it harder for hackers to access your data.

It offers tampering protection, so you can rest assured that your encrypted files will stay protected against hackers even if they try to modify your hardware.

TPM isnt just used for file encryption, and youre probably using it as a home user without even knowing it. If youre using Windows Hello feature, youre already using a TPM.

Your passwords and PINs are also stored in TPM, even for home users. Lastly, TPM provides you with a Secure Boot feature that stops bootloaders from infecting your PC.

So even if youre not a business user and you dont encrypt your data, you still benefit from TPM as a home user.

TPM 1.2 and TPM 2.0 have their benefits, and with recently announced Windows 11 requirements, the TPM chips will become a must-have, so if you dont own a TPM chip, you might want to consider buying a TPM chip.

So which version of the TPM is better? The answer is pretty simple, the TPM 2.0 is newer, more secure, and it offers more security features, it works better with Windows, and we can safely say that TPM 2.0 is a better choice than TPM 1.2.

Thank you!

Join the conversation

Read the rest here:
TPM 1.2 vs 2.0: Here's everything you need to know - WindowsReport.com