Bitlocker and TPM?

[Suspicious-Teach8788]

Do new computers have TPM installed on motherboards or something? I have a Gigabyte X58 motherboard and apparently when I tried to turn on Bitlocker, it told me I needed to enable the option to allow Bitlocker without TPM.

 

[razel]

Yes TPM is a chip on board the mother. TPM and Bitlocker are usually in tandem in the enterprise world. I suppose since you have TPM off or disallowed in the OS you may have set the setting as suggested in the BIOS... though at least with the computers I have encountered, I have only seen that option on workstation PCs.

 

[Suspicious-Teach8788]

Yes TPM is a chip on board the mother. TPM and Bitlocker are usually in tandem in the enterprise world. I suppose since you have TPM off or disallowed in the OS you may have set the setting as suggested in the BIOS... though at least with the computers I have encountered, I have only seen that option on workstation PCs.

Yes but is it in consumer boards? My motherboard is from 2010 which is why I'm wondering if it has it? I cannot find any mention of TPM in the BIOS. Downloading manual now to see.

There isn't much documentation out there, but if I go buy a standard consumer board, is there a TPM Chip on there already? Based on this Z97 review from Anandtech (http://www.anandtech.com/show/8249/asus-z97-pro-wifi-ac-review) it sounds like only the header is there. Same with this Asrock board (http://www.asrock.com/mb/Intel/Z97%20Extreme4/?cat=Specifications)

So is it safe to say that for consumer level hardware, we don't get TPM chips by default?

 

[It's Not Lupus]

You can disable the TPM requirement for BitLocker somewhere in gpedit.msc.

 

[Phynaz]

A consumer board from 2010 isn't going to have a TPM module.

 

[Suspicious-Teach8788]

Ok well I checked out Z170 boards today and they don't have TPM modules either. It's not a matter of 2010 or not. Consumer boards still don't have them today.

With that said, can someone explain the benefits of TPM? It sounds like if you have a TPM module, you can just boot up the system without entering a key. The TPM module checks if the data has been tampered with--but this seems like it doesn't address the threat of having your computer stolen right? If someone steals your computer physically, they can just access your data.

It seems to me requiring password would be the safer bet to counter that threat? Sounds like TPM is meant for other purposes than this? I wish there was more basic discussion of this as there seems to be very limited literature on the web about drive encryption for average users.

 

[quikah]

Z170 has TPM module header. You can add it by buying this http://www.amazon.com/Gigabyte-GC-TPM-Trusted-Platform-Module/dp/B00U07T0UE

 

[zir_blazer]

Desktop Motherboards don't have an onboard TPM, they at most provide you with a header. Even my Workstation class Supermicro X10SAT just have header, you need to purchase the module separately.

 

[Grooveriding]

You can change your settings to make Bitlocker not require a TPM module and use a password instead.