Is It Safe to Clear TPM When Resetting Windows 10/11?
If you are asked whether to clear the Trusted Platform Module (TPM) prior to performing a system reset, it is essential to understand several important considerations to determine whether it is safe to proceed based on your current situation. Clearing the TPM may be beneficial or it may not be, depending on various factors. Therefore, in this guide, we will cover all the crucial points you need to know before deciding whether to clear the TPM.
What is TPM?
TPM, or Trusted Platform Module, is a specialized chip found on many motherboards that enhances security by providing hardware-based security functions. While TPM is commonly implemented as a discrete chip (a separate physical component), it can also be integrated into the CPU or other components in modern systems.
In short, TPM securely stores cryptographic keys (special codes used to protect information), passwords, and other sensitive data. It also performs crucial security tasks such as:
- Platform Integrity Verification (checking if the system hasn’t been tampered with)
- Secure Key Generation (creating safe cryptographic keys)
- Remote Attestation (proving to a remote system that your system is secure).
Many software applications and operating systems use TPM to protect data in hard drives, SSDs, and NVMe devices.
Whether you need to clear the TPM depends on specific situations. Clearing the TPM will delete all keys associated with it, which can result in loss of access to encrypted data (data that has been turned into a code to prevent unauthorized access).
Therefore, it is an action that should be taken with care, usually in scenarios like transferring ownership of the computer or addressing specific security concerns.
You can learn more about TPM here: PTT vs TPM
When Should You Clear the TPM?
If your intention is to sell your motherboard or your entire PC except for the disk drives, you should clear the TPM data to ensure all sensitive or personal data is removed. But if your drive is encrypted using BitLocker or any other encryption tool, then back up the recovery keys from the TPM first, as you will need them later to decrypt the drive.
When Not to Clear the TPM?
If you use BitLocker or any other encryption tools to encrypt data on your hard drive, clearing the TPM is not recommended because it will erase the recovery keys stored within it. This may cause the encryption tool to regard the drive as compromised, and without the recovery keys, you will lose access to the data.
If you are just performing a simple system reset and do not intend to sell your components, you should not clear the TPM unless you have safely backed up the recovery keys.
Below are the steps to back up the BitLocker recovery keys from TPM.
- Open the Control Panel and navigate to System & Security > BitLocker Drive Encryption.
- Then, select Back up your recovery key.
- Now select a backup method like Save to a file, Save to a USB drive, or Print the recovery key.
- Now follow the further prompts to complete the backup process.
How to Clear the TPM?
- Make sure to back up the BitLocker recovery keys if you have encrypted your drive.
- Right-click the Start Menu, and select Run, type the command tpm.msc and click OK to run the TPM management on your PC.
- Once the settings is opened, click on Clear TPM under Actions and then click Restart to proceed with the action.
- Once done, you can reset the PC safely.
