Microsoft launches a new tool in Windows 11 to check TPM. The tool helps identify potential security and reliability issues.
TPM 2.0, or Trusted Platform Module, is, as you now know, a non-negotiable requirement for Microsoft to install Windows 11. The built-in module in your processor’s motherboard provides extra security, if it’s doing its job properly. There are few means to check that, and Microsoft is now addressing this.
read also
Installing Windows 11 on unsupported PC can be done ‘at your own risk,’ Microsoft says
Microsoft is launching a ‘reliability check’ for the TPM module, as announced in a blog. This attestation readiness verifier simulates a verification of Measured Boot logs to check if the TPM is present, working correctly, complies with version 2.0, and if necessary certificates are available. In addition to TPM information, the tool also collects status data of features such as Secure Boot, Virtualization-based Security (VBS), and System Guard.
Furthermore, it checks if the TPM’s platform configuration registers are correct. The goal is to detect early problems that affect BitLocker, Windows Hello, or other security features. The tool is available through the Windows Event Log via Event ID 1041.
Three Diagnoses
There are three possible outcomes of the reliability test:
- Reliable: all checks have passed.
- Potentially reliable: there is a potential issue with a platform configuration register.
- Not reliable: a critical error has affected the reliability of the boot process.
The tool is useful for IT administrators who want to monitor the security status of devices within their organization. Hardware and firmware developers can also use it to validate compatibility with Windows security requirements. Within Azure, the tool is integrated into existing verification tools to detect firmware issues on new hardware more quickly.
In combination with services such as BitLocker or Microsoft, the TPM checking tool helps improve reliability. It prevents erroneous assessments of system health that can lead to wrongly denied access and is intended for the latest version of Windows 11 24H2. Step by step, Microsoft is removing the last barriers to installing the update, although things went wrong again with the March security update.