diff --git a/.openpublishing.redirection.windows-security.json b/.openpublishing.redirection.windows-security.json index e573ac4d0a..1b6792578c 100644 --- a/.openpublishing.redirection.windows-security.json +++ b/.openpublishing.redirection.windows-security.json @@ -177,7 +177,12 @@ }, { "source_path": "windows/security/hardware-protection/tpm/trusted-platform-module-top-node.md", - "redirect_url": "/windows/security/hardware-security/tpm/trusted-platform-module-top-node", + "redirect_url": "/windows/security/hardware-security/tpm/trusted-platform-module-overview", + "redirect_document_id": false + }, + { + "source_path": "windows/security/hardware-security/tpm/trusted-platform-module-top-node.md", + "redirect_url": "/windows/security/hardware-security/tpm/trusted-platform-module-overview", "redirect_document_id": false }, { diff --git a/windows/security/hardware-security/toc.yml b/windows/security/hardware-security/toc.yml index 1b95b86db3..c941dc715a 100644 --- a/windows/security/hardware-security/toc.yml +++ b/windows/security/hardware-security/toc.yml @@ -6,10 +6,8 @@ items: - name: Windows Defender System Guard href: how-hardware-based-root-of-trust-helps-protect-windows.md - name: Trusted Platform Module - href: tpm/trusted-platform-module-top-node.md + href: tpm/trusted-platform-module-overview.md items: - - name: Trusted Platform Module overview - href: tpm/trusted-platform-module-overview.md - name: TPM fundamentals href: tpm/tpm-fundamentals.md - name: How Windows uses the TPM diff --git a/windows/security/hardware-security/tpm/backup-tpm-recovery-information-to-ad-ds.md b/windows/security/hardware-security/tpm/backup-tpm-recovery-information-to-ad-ds.md index e2b7facad8..9be58182e9 100644 --- a/windows/security/hardware-security/tpm/backup-tpm-recovery-information-to-ad-ds.md +++ b/windows/security/hardware-security/tpm/backup-tpm-recovery-information-to-ad-ds.md @@ -2,7 +2,7 @@ title: Back up TPM recovery information to Active Directory description: Learn how to back up the Trusted Platform Module (TPM) recovery information to Active Directory. ms.topic: conceptual -ms.date: 02/02/2023 +ms.date: 11/17/2023 --- # Back up the TPM recovery information to AD DS diff --git a/windows/security/hardware-security/tpm/change-the-tpm-owner-password.md b/windows/security/hardware-security/tpm/change-the-tpm-owner-password.md index 05ed6c63a9..29abbe115b 100644 --- a/windows/security/hardware-security/tpm/change-the-tpm-owner-password.md +++ b/windows/security/hardware-security/tpm/change-the-tpm-owner-password.md @@ -2,7 +2,7 @@ title: Change the TPM owner password description: This topic for the IT professional describes how to change the password or PIN for the owner of the Trusted Platform Module (TPM) that is installed on your system. ms.topic: conceptual -ms.date: 04/26/2023 +ms.date: 11/17/2023 --- # Change the TPM owner password @@ -14,12 +14,7 @@ This article for the IT professional describes how to change the password or PIN Starting with Windows 10, version 1607, Windows doesn't retain the TPM owner password when provisioning the TPM. The password is set to a random high entropy value and then discarded. > [!IMPORTANT] -> -> Although the TPM owner password isn't retained starting with Windows 10, version 1607, you can change a default registry key to retain it. However, we strongly recommend that you don't make this change. To retain the TPM owner password, under the registry key of -> -> `HKLM\Software\Policies\Microsoft\TPM` -> -> create a `REG_DWORD` value of `OSManagedAuthLevel` and set it to `4`. +> Although the TPM owner password isn't retained starting with Windows 10, version 1607, you can change a default registry key to retain it. However, we strongly recommend that you don't make this change. To retain the TPM owner password, under the registry key `HKLM\Software\Policies\Microsoft\TPM`, create a `REG_DWORD` value of `OSManagedAuthLevel` and set it to `4`. > > For Windows versions newer than Windows 10 1703, the default value for this key is 5. A value of 5 means: > @@ -52,4 +47,4 @@ You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets i ## Related articles -- [Trusted Platform Module](trusted-platform-module-top-node.md) +- [Trusted Platform Module](trusted-platform-module-overview.md) diff --git a/windows/security/hardware-security/tpm/how-windows-uses-the-tpm.md b/windows/security/hardware-security/tpm/how-windows-uses-the-tpm.md index e75ebe55d6..b513a67096 100644 --- a/windows/security/hardware-security/tpm/how-windows-uses-the-tpm.md +++ b/windows/security/hardware-security/tpm/how-windows-uses-the-tpm.md @@ -2,7 +2,7 @@ title: How Windows uses the TPM description: Learn how Windows uses the Trusted Platform Module (TPM) to enhance security. ms.topic: conceptual -ms.date: 02/02/2023 +ms.date: 11/17/2023 --- # How Windows uses the Trusted Platform Module @@ -31,11 +31,11 @@ The security features of Windows combined with the benefits of a TPM offer pract ## Platform Crypto Provider -Windows includes a cryptography framework called *Cryptographic API: Next Generation* (CNG), the basic approach of which is to implement cryptographic algorithms in different ways but with a common application programming interface (API). Applications that use cryptography can use the common API without knowing the details of how an algorithm is implemented much less the algorithm itself. +Windows includes a cryptography framework called Cryptographic API: Next Generation (CNG), the basic approach of which is to implement cryptographic algorithms in different ways but with a common application programming interface (API). Applications that use cryptography can use the common API without knowing the details of how an algorithm is implemented much less the algorithm itself. Although CNG sounds like a mundane starting point, it illustrates some of the advantages that a TPM provides. Underneath the CNG interface, Windows or third parties supply a cryptographic provider (that is, an implementation of an algorithm) implemented as software libraries alone or in a combination of software and available system hardware or third-party hardware. If implemented through hardware, the cryptographic provider communicates with the hardware behind the software interface of CNG. -The Platform Crypto Provider, introduced in the Windows 8 operating system, exposes the following special TPM properties, which software-only CNG providers can't offer or can't offer as effectively: +The Platform Crypto Provider, introduced in the Windows 8, exposes the following special TPM properties, which software-only CNG providers can't offer or can't offer as effectively: - **Key protection**. The Platform Crypto Provider can create keys in the TPM with restrictions on their use. The operating system can load and use the keys in the TPM without copying the keys to system memory, where they're vulnerable to malware. The Platform Crypto Provider can also configure keys that a TPM protects so that they aren't removable. If a TPM creates a key, the key is unique and resides only in that TPM. If the TPM imports a key, the Platform Crypto Provider can use the key in that TPM, but that TPM isn't a source for making more copies of the key or enabling the use of copies elsewhere. In sharp contrast, software solutions that protect keys from copying are subject to reverse-engineering attacks, in which someone figures out how the solution stores keys or makes copies of keys while they are in memory during use. @@ -49,7 +49,7 @@ These TPM features give Platform Crypto Provider distinct advantages over softwa Smart cards are physical devices that typically store a single certificate and the corresponding private key. Users insert a smart card into a built-in or USB card reader and enter a PIN to unlock it. Windows can then access the card's certificate and use the private key for authentication or to unlock BitLocker protected data volumes. Smart cards are popular because they provide two-factor authentication that requires both something the user has (that is, the smart card) and something the user knows (such as the smart card PIN). However, smart cards can be expensive because they require purchase and deployment of both smart cards and smart card readers. -In Windows, the *Virtual Smart Card* feature allows the TPM to mimic a permanently inserted smart card. The TPM becomes *something the user has* but still requires a PIN. While physical smart cards limit the number of PIN attempts before locking the card and requiring a reset, a virtual smart card relies on the TPM's dictionary attack protection to prevent too many PIN guesses. +In Windows, the Virtual Smart Card feature allows the TPM to mimic a permanently inserted smart card. The TPM becomes *something the user has* but still requires a PIN. While physical smart cards limit the number of PIN attempts before locking the card and requiring a reset, a virtual smart card relies on the TPM's dictionary attack protection to prevent too many PIN guesses. For TPM-based virtual smart cards, the TPM protects the use and storage of the certificate private key, so that it can't be copied when it is in use or stored and used elsewhere. Using a component that is part of the system rather than a separate physical smart card, can reduce total cost of ownership. The *lost card* or *card left at home* scenarios are not applicable, and the benefits of smart card-based multifactor authentication is preserved. For users, virtual smart cards are simple to use, requiring only a PIN to unlock. Virtual smart cards support the same scenarios that physical smart cards support, including signing in to Windows or authenticating for resource access. @@ -61,7 +61,7 @@ The adoption of new authentication technology requires that identity providers a Identity providers have flexibility in how they provision credentials on client devices. For example, an organization might provision only those devices that have a TPM so that the organization knows that a TPM protects the credentials. The ability to distinguish a TPM from malware acting like a TPM requires the following TPM capabilities (see Figure 1): -- **Endorsement key**. The TPM manufacturer can create a special key in the TPM called an *endorsement key*. An endorsement key certificate, signed by the manufacturer, says that the endorsement key is present in a TPM that the manufacturer made. Solutions can use the certificate with the TPM containing the endorsement key to confirm a scenario really involves a TPM from a specific TPM manufacturer (instead of malware acting like a TPM). +- **Endorsement key**. The TPM manufacturer can create a special key in the TPM called an endorsement key. An endorsement key certificate, signed by the manufacturer, says that the endorsement key is present in a TPM that the manufacturer made. Solutions can use the certificate with the TPM containing the endorsement key to confirm a scenario really involves a TPM from a specific TPM manufacturer (instead of malware acting like a TPM). - **Attestation identity key**. To protect privacy, most TPM scenarios do not directly use an actual endorsement key. Instead, they use attestation identity keys, and an identity certificate authority (CA) uses the endorsement key and its certificate to prove that one or more attestation identity keys actually exist in a real TPM. The identity CA issues attestation identity key certificates. More than one identity CA will generally see the same endorsement key certificate that can uniquely identify the TPM, but any number of attestation identity key certificates can be created to limit the information shared in other scenarios. @@ -129,16 +129,16 @@ The TPM adds hardware-based security benefits to Windows. When installed on hard
-|Feature | Benefits when used on a system with a TPM| -|---|---| -| Platform Crypto Provider | | -| Virtual Smart Card | | -| Windows Hello for Business | | -| BitLocker Drive Encryption | | -|Device Encryption | | -| Measured Boot | | -| Health Attestation | | -| Credential Guard | | +| Feature | Benefits when used on a system with a TPM | +|----------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Platform Crypto Provider | - If the machine is compromised, the private key associated with the certificate can't be copied off the device.
- The TPM's dictionary attack mechanism protects PIN values to use a certificate. | +| Virtual Smart Card | Achieve security similar to that of physical smart cards without deploying physical smart cards or card readers. | +| Windows Hello for Business | - Credentials provisioned on a device can't be copied elsewhere.
- Confirm a device's TPM before credentials are provisioned. | +| BitLocker Drive Encryption | Multiple options are available for enterprises to protect data at rest while balancing security requirements with different device hardware. | +| Device Encryption | With a Microsoft account and the right hardware, consumers' devices seamlessly benefit from data-at-rest protection. | +| Measured Boot | A hardware root of trust contains boot measurements that help detect malware during remote attestation. | +| Health Attestation | MDM solutions can easily perform remote attestation and evaluate client health before granting access to resources or cloud services such as Office 365. | +| Credential Guard | Defense in depth increases so that even if malware has administrative rights on one machine, it is significantly more difficult to compromise additional machines in an organization. |
diff --git a/windows/security/hardware-security/tpm/initialize-and-configure-ownership-of-the-tpm.md b/windows/security/hardware-security/tpm/initialize-and-configure-ownership-of-the-tpm.md index e9374612fe..11e1b60887 100644 --- a/windows/security/hardware-security/tpm/initialize-and-configure-ownership-of-the-tpm.md +++ b/windows/security/hardware-security/tpm/initialize-and-configure-ownership-of-the-tpm.md @@ -2,7 +2,7 @@ title: Troubleshoot the TPM description: Learn how to view and troubleshoot the Trusted Platform Module (TPM). ms.topic: conceptual -ms.date: 02/02/2023 +ms.date: 11/17/2023 ms.collection: - highpri - tier1 @@ -16,13 +16,14 @@ This article provides information how to troubleshoot the Trusted Platform Modul - [Clear all the keys from the TPM](#clear-all-the-keys-from-the-tpm) With TPM 1.2 and Windows 11, you can also take the following actions: + - [Turn on or turn off the TPM](#turn-on-or-turn-off) For information about the TPM cmdlets, see [TPM Cmdlets in Windows PowerShell](/powershell/module/trustedplatformmodule/?view=win10-ps&preserve-view=true). ## About TPM initialization and ownership -Windows automatically initializes and takes ownership of the TPM. This is a change from previous operating systems, where you had to initialize the TPM and create an owner password. +Windows automatically initializes and takes ownership of the TPM. There's no need for you to initialize the TPM and create an owner password. ### TPM initialization @@ -69,7 +70,7 @@ Clearing the TPM can result in data loss. To protect against such loss, review t Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure. -**To clear the TPM** +#### To clear the TPM 1. Open the Windows Defender Security Center app. 1. Select **Device security**. @@ -79,7 +80,7 @@ Membership in the local Administrators group, or equivalent, is the minimum requ - You'll be prompted to restart the computer. During the restart, you might be prompted by the UEFI to press a button to confirm that you wish to clear the TPM. - After the device restarts, your TPM will be automatically prepared for use by Windows. -## Turn on or turn off the TPM +## Turn on or turn off the TPM Normally, the TPM is turned on as part of the TPM initialization process. You don't normally need to turn the TPM on or off. However, if necessary you can do so by using the TPM MMC. @@ -103,7 +104,7 @@ If you want to stop using the services that are provided by the TPM, you can use - If you saved your TPM owner password on a removable storage device, insert it, and then select **I have the owner password file**. In the **Select backup file with the TPM owner password** dialog box, select **Browse** to locate the *.tpm* file that is saved on your removable storage device, select **Open**, and then select **Turn TPM Off**. - If you don't have the removable storage device with your saved TPM owner password, select **I want to enter the password**. In the **Type your TPM owner password** dialog box, type your password (including hyphens), and then select **Turn TPM Off**. - If you didn't save your TPM owner password or no longer know it, select **I do not have the TPM owner password**, and follow the instructions that are provided in the dialog box and subsequent UEFI screens to turn off the TPM without entering the password. - + ## Use the TPM cmdlets You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets in Windows PowerShell](/powershell/module/trustedplatformmodule/?view=win10-ps&preserve-view=true). diff --git a/windows/security/hardware-security/tpm/manage-tpm-commands.md b/windows/security/hardware-security/tpm/manage-tpm-commands.md index 52a9473f9b..d309758d11 100644 --- a/windows/security/hardware-security/tpm/manage-tpm-commands.md +++ b/windows/security/hardware-security/tpm/manage-tpm-commands.md @@ -2,7 +2,7 @@ title: Manage TPM commands description: This article for the IT professional describes how to manage which Trusted Platform Module (TPM) commands are available to domain users and to local users. ms.topic: conceptual -ms.date: 04/26/2023 +ms.date: 11/17/2023 --- # Manage TPM commands @@ -15,10 +15,9 @@ The following procedures describe how to manage the TPM command lists. You must ## Block TPM commands by using the Local Group Policy Editor -1. Open the Local Group Policy Editor (gpedit.msc). If the **User Account Control** dialog box appears, confirm that the action it displays is what you want, and then select **Yes**. +1. Open the Local Group Policy Editor (`gpedit.msc`). If the **User Account Control** dialog box appears, confirm that the action it displays is what you want, and then select **Yes**. > [!NOTE] - > > Administrators with appropriate rights in a domain can configure a Group Policy Object (GPO) that can be applied through Active Directory Domain Services (AD DS). 1. In the console tree, under **Computer Configuration**, expand **Administrative Templates**, and then expand **System**. @@ -32,7 +31,6 @@ The following procedures describe how to manage the TPM command lists. You must 1. For each command that you want to block, select **Add**, enter the command number, and then select **OK**. > [!NOTE] - > > For a list of commands, see links in the [TPM Specification](https://www.trustedcomputinggroup.org/tpm-main-specification/). 1. After you have added numbers for each command that you want to block, select **OK** twice. @@ -41,9 +39,7 @@ The following procedures describe how to manage the TPM command lists. You must ## Block or allow TPM commands by using the TPM MMC -1. Open the TPM MMC (tpm.msc) - -1. If the **User Account Control** dialog box appears, confirm that the action it displays is what you want, and then select **Yes**. +1. Open the TPM MMC (`tpm.msc`). If the **User Account Control** dialog box appears, confirm that the action it displays is what you want, and then select **Yes**. 1. In the console tree, select **Command Management**. A list of TPM commands is displayed. @@ -53,9 +49,7 @@ The following procedures describe how to manage the TPM command lists. You must ## Block new commands -1. Open the TPM MMC (tpm.msc). - - If the **User Account Control** dialog box appears, confirm that the action it displays is what you want, and then select **Yes**. +1. Open the TPM MMC (`tpm.msc`). If the **User Account Control** dialog box appears, confirm that the action it displays is what you want, and then select **Yes**. 1. In the console tree, select **Command Management**. A list of TPM commands is displayed. @@ -69,4 +63,4 @@ You can manage the TPM using Windows PowerShell. For details, see [TrustedPlatfo ## Related articles -- [Trusted Platform Module](trusted-platform-module-top-node.md) +- [Trusted Platform Module](trusted-platform-module-overview.md) diff --git a/windows/security/hardware-security/tpm/manage-tpm-lockout.md b/windows/security/hardware-security/tpm/manage-tpm-lockout.md index a281a8e40b..abf6374e8f 100644 --- a/windows/security/hardware-security/tpm/manage-tpm-lockout.md +++ b/windows/security/hardware-security/tpm/manage-tpm-lockout.md @@ -2,7 +2,7 @@ title: Manage TPM lockout description: This article for the IT professional describes how to manage the lockout feature for the Trusted Platform Module (TPM) in Windows. ms.topic: conceptual -ms.date: 04/26/2023 +ms.date: 11/17/2023 --- # Manage TPM lockout @@ -17,20 +17,19 @@ Windows takes ownership of the TPM ownership upon first boot. By default, Window In some cases, encryption keys are protected by a TPM by requiring a valid authorization value to access the key. A common example is configuring BitLocker Drive Encryption to use the TPM plus PIN key protector. In this scenario, the user must type the correct PIN during the boot process to access the volume encryption key protected by the TPM. To prevent malicious users or software from discovering authorization values, TPMs implement protection logic. The protection logic is designed to slow or stop responses from the TPM if it detects that an entity might be trying to guess authorization values. -### TPM 1.2 - -The industry standards from the Trusted Computing Group (TCG) specify that TPM manufacturers must implement some form of protection logic in TPM 1.2 and TPM 2.0 chips. TPM 1.2 devices implement different protection mechanisms and behavior. In general, the TPM chip takes exponentially longer to respond if incorrect authorization values are sent to the TPM. Some TPM chips may not store failed attempts over time. Other TPM chips may store every failed attempt indefinitely. Therefore, some users may experience increasingly longer delays when they mistype an authorization value that is sent to the TPM. These delays can prevent them from using the TPM for a period of time. - ### TPM 2.0 TPM 2.0 devices have standardized lockout behavior which Windows configures. TPM 2.0 devices have a maximum count threshold and a healing time. Windows configures the maximum count to be 32 and the healing time to be 10 minutes. This configuration means that every continuous 10 minutes of powered on operation without an event causes the counter to decrease by 1. If your TPM has entered lockout mode or is responding slowly to commands, you can reset the lockout value by using the following procedures. Resetting the TPM lockout requires the TPM owner's authorization. This value is no longer retained by default starting with Windows 10 version 1607 and higher. +### TPM 1.2 + +The industry standards from the Trusted Computing Group (TCG) specify that TPM manufacturers must implement some form of protection logic in TPM 1.2 and TPM 2.0 chips. TPM 1.2 devices implement different protection mechanisms and behavior. In general, the TPM chip takes exponentially longer to respond if incorrect authorization values are sent to the TPM. Some TPM chips may not store failed attempts over time. Other TPM chips may store every failed attempt indefinitely. Therefore, some users may experience increasingly longer delays when they mistype an authorization value that is sent to the TPM. These delays can prevent them from using the TPM for a period of time. + ## Reset the TPM lockout by using the TPM MMC > [!NOTE] -> > This procedure is only available if you have configured Windows to retain the TPM Owner Password. By default, this password isn't available in Windows 10 starting with version 1607 and higher. The following procedure explains the steps to reset the TPM lockout by using the TPM MMC. @@ -39,7 +38,7 @@ The following procedure explains the steps to reset the TPM lockout by using the 1. Open the TPM MMC (tpm.msc). -1 In the **Action** pane, select **Reset TPM Lockout** to start the Reset TPM Lockout Wizard. +1. In the **Action** pane, select **Reset TPM Lockout** to start the Reset TPM Lockout Wizard. 1. Choose one of the following methods to enter the TPM owner password: @@ -77,4 +76,4 @@ You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets i ## Related articles -- [Trusted Platform Module](trusted-platform-module-top-node.md) +- [Trusted Platform Module](trusted-platform-module-overview.md) diff --git a/windows/security/hardware-security/tpm/switch-pcr-banks-on-tpm-2-0-devices.md b/windows/security/hardware-security/tpm/switch-pcr-banks-on-tpm-2-0-devices.md index 01ddf58aa0..281201247a 100644 --- a/windows/security/hardware-security/tpm/switch-pcr-banks-on-tpm-2-0-devices.md +++ b/windows/security/hardware-security/tpm/switch-pcr-banks-on-tpm-2-0-devices.md @@ -2,14 +2,14 @@ title: UnderstandPCR banks on TPM 2.0 devices description: Learn about what happens when you switch PCR banks on TPM 2.0 devices. ms.topic: conceptual -ms.date: 02/02/2023 +ms.date: 11/17/2023 --- # PCR banks on TPM 2.0 devices For steps on how to switch PCR banks on TPM 2.0 devices on your PC, you should contact your OEM or UEFI vendor. This article provides background about what happens when you switch PCR banks on TPM 2.0 devices. -A *Platform Configuration Register (PCR)* is a memory location in the TPM that has some unique properties. The size of the value that can be stored in a PCR is determined by the size of a digest generated by an associated hashing algorithm. A SHA-1 PCR can store 20 bytes - the size of a SHA-1 digest. Multiple PCRs associated with the same hashing algorithm are referred to as a *PCR bank*. +A Platform Configuration Register (PCR) is a memory location in the TPM that has some unique properties. The size of the value that can be stored in a PCR is determined by the size of a digest generated by an associated hashing algorithm. A SHA-1 PCR can store 20 bytes - the size of a SHA-1 digest. Multiple PCRs associated with the same hashing algorithm are referred to as a *PCR bank*. To store a new value in a PCR, the existing value is extended with a new value as follows: `PCR[N] = HASHalg( PCR[N] || ArgumentOfExtend)` @@ -21,8 +21,7 @@ Some TPM PCRs are used as checksums of log events. The log events are extended i ## How does Windows use PCRs? -To bind the use of a TPM based key to a certain state of the device, the key can be sealed to an expected set of PCR values.\ -For instance, PCRs 0 through 7 have a well-defined value after the boot process, when the OS is loaded. When the hardware, firmware, or boot loader of the machine changes, the change can be detected in the PCR values. Windows uses this capability to make certain cryptographic keys only available at certain times during the boot process. For instance, the BitLocker key can be used at a certain point in the boot, but not before or after. +To bind the use of a TPM based key to a certain state of the device, the key can be sealed to an expected set of PCR values. For instance, PCRs 0 through 7 have a well-defined value after the boot process, when the OS is loaded. When the hardware, firmware, or boot loader of the machine changes, the change can be detected in the PCR values. Windows uses this capability to make certain cryptographic keys only available at certain times during the boot process. For instance, the BitLocker key can be used at a certain point in the boot, but not before or after. It's important to note that this binding to PCR values also includes the hashing algorithm used for the PCR. For instance, a key can be bound to a specific value of the `SHA-1 PCR[12]`, if using the SHA-256 PCR bank, even with the same system configuration. Otherwise, the PCR values won't match. @@ -30,7 +29,7 @@ It's important to note that this binding to PCR values also includes the hashing When the PCR banks are switched, the algorithm used to compute the hashed values stored in the PCRs during extend operations is changed. Each hash algorithm will return a different cryptographic signature for the same inputs. -As a result, if the currently used PCR bank is switched all keys that have been bound to the previous PCR values will no longer work. For example, if you had a key bound to the SHA-1 value of PCR\[12\] and subsequently changed the PCR bank to SHA-256, the banks wouldn't match, and you would be unable to use that key. The BitLocker key is secured using the PCR banks and Windows won't be able to unseal it if the PCR banks are switched while BitLocker is enabled. +As a result, if the currently used PCR bank is switched all keys that have been bound to the previous PCR values will no longer work. For example, if you had a key bound to the SHA-1 value of PCR[12] and subsequently changed the PCR bank to SHA-256, the banks wouldn't match, and you would be unable to use that key. The BitLocker key is secured using the PCR banks and Windows won't be able to unseal it if the PCR banks are switched while BitLocker is enabled. ## What can I do to switch PCRs when BitLocker is already active? @@ -42,7 +41,7 @@ You can configure a TPM to have multiple PCR banks active. When BIOS performs me - Registry key: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\IntegrityServices` - DWORD: `TPMActivePCRBanks` -- Defines which PCR banks are currently active. (This value should be interpreted as a bitmap for which the bits are defined in the [TCG Algorithm Registry](https://trustedcomputinggroup.org/resource/tcg-algorithm-registry/) Table 21 of Revision 1.27.) +- Defines which PCR banks are currently active. This value should be interpreted as a bitmap for which the bits are defined in the [TCG Algorithm Registry](https://trustedcomputinggroup.org/resource/tcg-algorithm-registry/) Table 21 of Revision 1.27. Windows checks which PCR banks are active and supported by the BIOS. Windows also checks if the measured boot log supports measurements for all active PCR banks. Windows will prefer the use of the SHA-256 bank for measurements and will fall back to SHA1 PCR bank if one of the pre-conditions isn't met. @@ -50,6 +49,6 @@ You can identify which PCR bank is currently used by Windows by looking at the r - Registry key: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\IntegrityServices` - DWORD: `TPMDigestAlgID` -- Algorithm ID of the PCR bank that Windows is currently using. (This value represents an algorithm identifier as defined in the [TCG Algorithm Registry](https://trustedcomputinggroup.org/resource/tcg-algorithm-registry/) Table 3 of Revision 1.27.) +- Algorithm ID of the PCR bank that Windows is currently using. This value represents an algorithm identifier as defined in the [TCG Algorithm Registry](https://trustedcomputinggroup.org/resource/tcg-algorithm-registry/) Table 3 of Revision 1.27. Windows only uses one PCR bank to continue boot measurements. All other active PCR banks will be extended with a separator to indicate that they aren't used by Windows and measurements that appear to be from Windows shouldn't be trusted. diff --git a/windows/security/hardware-security/tpm/tpm-fundamentals.md b/windows/security/hardware-security/tpm/tpm-fundamentals.md index 4393c94d01..d4612701db 100644 --- a/windows/security/hardware-security/tpm/tpm-fundamentals.md +++ b/windows/security/hardware-security/tpm/tpm-fundamentals.md @@ -2,24 +2,27 @@ title: Trusted Platform Module (TPM) fundamentals description: Learn about the components of the Trusted Platform Module and how they're used to mitigate dictionary attacks. ms.topic: conceptual -ms.date: 03/09/2023 +ms.date: 11/17/2023 --- # TPM fundamentals -This article provides a description of the *Trusted Platform Module* (TPM 1.2 and TPM 2.0) components, and explains how they're used to mitigate dictionary attacks. +This article provides a description of the Trusted Platform Module (TPM 1.2 and TPM 2.0) components, and explains how they're used to mitigate dictionary attacks. A TPM is a microchip designed to provide basic security-related functions, primarily involving encryption keys. The TPM is installed on the motherboard of a computer, and it communicates with the rest of the system by using a hardware bus. -Devices that incorporate a TPM can create cryptographic keys and encrypt them, so that the keys can only be decrypted by the TPM. This process, often called *wrapping* or *binding a key*, can help protect the key from disclosure. Each TPM has a *master wrapping key*, called the *storage root key*, which is stored within the TPM itself. The private portion of a storage root key, or *endorsement key*, that is created in a TPM is never exposed to any other component, software, process, or user. +Devices that incorporate a TPM can create cryptographic keys and encrypt them, so that the keys can only be decrypted by the TPM. This process, often called "wrapping" or "binding" a key, can help protect the key from disclosure. Each TPM has a primary wrapping key, called the **storage root key**, which is stored within the TPM itself. The private portion of a storage root key, or **endorsement key**, that is created in a TPM is never exposed to any other component, software, process, or user. -You can specify whether encryption keys that are created by the TPM can be migrated or not. If you specify that they can be migrated, the public and private portions of the key can be exposed to other components, software, processes, or users. If you specify that encryption keys can't be migrated, the private portion of the key is never exposed outside the TPM. +You can specify whether encryption keys that the TPM creates can be migrated or not. If you specify that they can be migrated, the public and private portions of the key can be exposed to other components, software, processes, or users. If you specify that encryption keys can't be migrated, the private portion of the key is never exposed outside the TPM. Devices that incorporate a TPM can also create a key wrapped and tied to certain platform measurements. This type of key can be unwrapped only when those platform measurements have the same values that they had when the key was created. This process is referred to as *sealing the key to the TPM*. Decrypting the key is called *unsealing*. The TPM can also seal and unseal data that is generated outside the TPM. With sealed key and software, such as BitLocker Drive Encryption, data can be locked until specific hardware or software conditions are met. With a TPM, private portions of key pairs are kept separate from the memory that is controlled by the operating system. Keys can be sealed to the TPM, and certain assurances about the state of a system (assurances that define the trustworthiness of a system) can be made before the keys are unsealed and released for use. The TPM uses its own internal firmware and logic circuits to process instructions. Hence, it doesn't rely on the operating system and it isn't exposed to vulnerabilities that might exist in the operating system or application software. -For information about which versions of Windows support which versions of the TPM, see [Trusted Platform Module technology overview](trusted-platform-module-overview.md). The features that are available in the versions are defined in specifications by the Trusted Computing Group (TCG). For more information, see the Trusted Platform Module page on the Trusted Computing Group website: [Trusted Platform Module](http://www.trustedcomputinggroup.org/developers/trusted_platform_module). +- For information about which versions of Windows support which versions of the TPM, see [Trusted Platform Module technology overview](trusted-platform-module-overview.md). +- For more information about which TPM services can be controlled centrally by using Group Policy settings, see [TPM Group Policy Settings](trusted-platform-module-services-group-policy-settings.md). + +The features that are available in the versions are defined in specifications by the Trusted Computing Group (TCG). For more information, see the [Trusted Platform Module page](http://www.trustedcomputinggroup.org/developers/trusted_platform_module) on the Trusted Computing Group website. The following sections provide an overview of the technologies that support the TPM: @@ -33,12 +36,9 @@ The following sections provide an overview of the technologies that support the - [TPM Key Attestation](#key-attestation) - [Anti-hammering](#anti-hammering) -The following article describes the TPM services that can be controlled centrally by using Group Policy settings: -[TPM Group Policy Settings](trusted-platform-module-services-group-policy-settings.md). - ## Measured Boot with support for attestation -The *Measured Boot* feature provides anti-malware software with a trusted (resistant to spoofing and tampering) log of all boot components. Anti-malware software can use the log to determine whether components that ran before it are trustworthy or infected with malware. It can also send the Measured Boot logs to a remote server for evaluation. The remote server can start remediation actions by interacting with software on the client or through out-of-band mechanisms, as appropriate. +The Measured Boot feature provides anti-malware software with a trusted (resistant to spoofing and tampering) log of all boot components. Anti-malware software can use the log to determine whether components that ran before it are trustworthy or infected with malware. It can also send the Measured Boot logs to a remote server for evaluation. The remote server can start remediation actions by interacting with software on the client or through out-of-band mechanisms, as appropriate. ## TPM-based Virtual Smart Card @@ -48,7 +48,7 @@ The Virtual Smart Card emulates the functionality of traditional smart cards. Vi ## TPM-based certificate storage -The TPM protects certificates and RSA keys. The TPM key storage provider (KSP) provides easy and convenient use of the TPM as a way of strongly protecting private keys. The TPM KSP generates keys when an organization enrolls for certificates. The TPM also protects certificates that are imported from an outside source. TPM-based certificates are standard certificates. The certificate can never leave the TPM from which the keys are generated. The TPM can now be used for crypto-operations through Cryptography API: Next Generation (CNG). For more info, see [Cryptography API: Next Generation](/windows/win32/seccng/cng-portal). +The TPM protects certificates and RSA keys. The TPM key storage provider (KSP) provides easy and convenient use of the TPM as a way of strongly protecting private keys. The TPM KSP generates keys when an organization enrolls for certificates. The TPM also protects certificates that are imported from an outside source. TPM-based certificates are standard certificates. The certificate can never leave the TPM from which the keys are generated. The TPM can also be used for crypto-operations through [Cryptography API: Next Generation (CNG)](/windows/win32/seccng/cng-portal). ## TPM Cmdlets @@ -68,7 +68,7 @@ A trusted application can use TPM only if the TPM contains an endorsement key, w ## Key attestation -*TPM key attestation* allows a certification authority to verify that a private key is protected by a TPM and that the TPM is one that the certification authority trusts. Endorsement keys proven valid are used to bind the user identity to a device. The user certificate with a TPM-attested key provides higher security assurance backed up by non-exportability, anti-hammering, and isolation of keys provided by a TPM. +TPM key attestation allows a certification authority to verify that a private key is protected by a TPM and that the TPM is one that the certification authority trusts. Endorsement keys proven valid are used to bind the user identity to a device. The user certificate with a TPM-attested key provides higher security assurance backed up by nonexportability, anti-hammering, and isolation of keys provided by a TPM. ## Anti-hammering @@ -84,12 +84,9 @@ TPM 2.0 has well defined anti-hammering behavior. This is in contrast to TPM 1.2 For systems with TPM 2.0, the TPM is configured by Windows to lock after 32 authorization failures and to forget one authorization failure every 10 minutes. This means that a user could quickly attempt to use a key with the wrong authorization value 32 times. For each of the 32 attempts, the TPM records if the authorization value was correct or not. This inadvertently causes the TPM to enter a locked state after 32 failed attempts. -Attempts to use a key with an authorization value for the next 10 minutes wouldn't return success or failure. Instead, the response indicates that the TPM is locked.\ -After 10 minutes, one authorization failure is forgotten and the number of authorization failures remembered by the TPM drops to 31. The TPM leaves the locked state and returns to normal operation.\ -With the correct authorization value, keys could be used normally if no authorization failures occur during the next 10 minutes. If a period of 320 minutes elapses with no authorization failures, the TPM doesn't remember any authorization failures, and 32 failed attempts could occur again. +Attempts to use a key with an authorization value for the next 10 minutes wouldn't return success or failure. Instead, the response indicates that the TPM is locked. After 10 minutes, one authorization failure is forgotten and the number of authorization failures remembered by the TPM drops to 31. The TPM leaves the locked state and returns to normal operation. With the correct authorization value, keys could be used normally if no authorization failures occur during the next 10 minutes. If a period of 320 minutes elapses with no authorization failures, the TPM doesn't remember any authorization failures, and 32 failed attempts could occur again. -Windows doesn't require TPM 2.0 systems to forget about authorization failures when the system is fully powered off or when the system has hibernated.\ -Windows requires that authorization failures are forgotten when the system is running normally, in a sleep mode, or in low power states other than off. If a Windows system with TPM 2.0 is locked, the TPM leaves lockout mode if the system is left on for 10 minutes. +Windows doesn't require TPM 2.0 systems to forget about authorization failures when the system is fully powered off or when the system has hibernated. Windows requires that authorization failures are forgotten when the system is running normally, in a sleep mode, or in low power states other than off. If a Windows system with TPM 2.0 is locked, the TPM leaves lockout mode if the system is left on for 10 minutes. The anti-hammering protection for TPM 2.0 can be fully reset immediately by sending a reset lockout command to the TPM, and providing the TPM owner password. By default, Windows automatically provisions TPM 2.0 and stores the TPM owner password for use by system administrators. @@ -99,18 +96,16 @@ TPM 2.0 allows some keys to be created without an authorization value associated ### Rationale behind the defaults -Originally, BitLocker allowed from 4 to 20 characters for a PIN. -Windows Hello has its own PIN for sign-in, which can be 4 to 127 characters. -Both BitLocker and Windows Hello use the TPM to prevent PIN brute-force attacks. +Originally, BitLocker allowed from 4 to 20 characters for a PIN. Windows Hello has its own PIN for sign-in, which can be 4 to 127 characters. Both BitLocker and Windows Hello use the TPM to prevent PIN brute-force attacks. Windows 10, version 1607 and earlier used Dictionary Attack Prevention parameters. The Dictionary Attack Prevention Parameters provide a way to balance security needs with usability. For example, when BitLocker is used with a TPM + PIN configuration, the number of PIN guesses is limited over time. A TPM 2.0 in this example could be configured to allow only 32 PIN guesses immediately, and then only one more guess every two hours. This totals a maximum of about 4415 guesses per year. If the PIN is four digits, all 9999 possible PIN combinations could be attempted in a little over two years. -Staring in Windows 10, version 1703, the minimum length for the BitLocker PIN was increased to six characters, to better align with other Windows features that use TPM 2.0, including Windows Hello. Increasing the PIN length requires a greater number of guesses for an attacker. Therefore, the lockout duration between each guess was shortened to allow legitimate users to retry a failed attempt sooner while maintaining a similar level of protection. In case the legacy parameters for lockout threshold and recovery time need to be used, make sure that GPO is enabled and [configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0](/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings#configure-the-system-to-use-legacy-dictionary-attack-prevention-parameters-setting-for-tpm-20). +Starting in Windows 10, version 1703, the minimum length for the BitLocker PIN was increased to six characters, to better align with other Windows features that use TPM 2.0, including Windows Hello. Increasing the PIN length requires a greater number of guesses for an attacker. Therefore, the lockout duration between each guess was shortened to allow legitimate users to retry a failed attempt sooner while maintaining a similar level of protection. In case the legacy parameters for lockout threshold and recovery time need to be used, make sure that GPO is enabled and [configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0](/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings#configure-the-system-to-use-legacy-dictionary-attack-prevention-parameters-setting-for-tpm-20). ### TPM-based smart cards The Windows TPM-based smart card, which is a virtual smart card, can be configured to allow sign in to the system. In contrast with physical smart cards, the sign-in process uses a TPM-based key with an authorization value. The following list shows the advantages of virtual smart cards: -- Physical smart cards can enforce lockout for only the physical smart card PIN, and they can reset the lockout after the correct PIN is entered. - With a virtual smart card, the TPM's anti-hammering protection isn't reset after a successful authentication. The allowed number of authorization failures before the TPM enters lockout includes many factors -- Hardware manufacturers and software developers can use the security features of the TPM to meet their requirements -- The intent of selecting 32 failures as the lock-out threshold is to avoid users to lock the TPM (even when learning to type new passwords or if they frequently lock and unlock their computers). If users lock the TPM, they must wait 10 minutes or use other credentials to sign in, such as a user name and password + +- Physical smart cards can enforce lockout for only the physical smart card PIN, and they can reset the lockout after the correct PIN is entered. With a virtual smart card, the TPM's anti-hammering protection isn't reset after a successful authentication. The allowed number of authorization failures before the TPM enters lockout includes many factors. +- Hardware manufacturers and software developers can use the security features of the TPM to meet their requirements. +- The intent of selecting 32 failures as the lock-out threshold is to avoid users to lock the TPM (even when learning to type new passwords or if they frequently lock and unlock their computers). If users lock the TPM, they must wait 10 minutes or use other credentials to sign in, such as a user name and password. diff --git a/windows/security/hardware-security/tpm/tpm-recommendations.md b/windows/security/hardware-security/tpm/tpm-recommendations.md index 1190a55d46..4fc8d8e9ae 100644 --- a/windows/security/hardware-security/tpm/tpm-recommendations.md +++ b/windows/security/hardware-security/tpm/tpm-recommendations.md @@ -2,7 +2,7 @@ title: TPM recommendations description: This topic provides recommendations for Trusted Platform Module (TPM) technology for Windows. ms.topic: conceptual -ms.date: 02/02/2023 +ms.date: 11/17/2023 ms.collection: - highpri - tier1 @@ -35,25 +35,15 @@ From an industry standard, Microsoft has been an industry leader in moving and s TPM 2.0 products and systems have important security advantages over TPM 1.2, including: - The TPM 1.2 spec only allows for the use of RSA and the SHA-1 hashing algorithm. - - For security reasons, some entities are moving away from SHA-1. Notably, NIST has required many federal agencies to move to SHA-256 as of 2014, and technology leaders, including Microsoft and Google have announced they will remove support for SHA-1 based signing or certificates in 2017. - - TPM 2.0 **enables greater crypto agility** by being more flexible with respect to cryptographic algorithms. - - TPM 2.0 supports newer algorithms, which can improve drive signing and key generation performance. For the full list of supported algorithms, see the [TCG Algorithm Registry](http://www.trustedcomputinggroup.org/tcg-algorithm-registry/). Some TPMs don't support all algorithms. - - For the list of algorithms that Windows supports in the platform cryptographic storage provider, see [CNG Cryptographic Algorithm Providers](/windows/win32/seccertenroll/cng-cryptographic-algorithm-providers). - - TPM 2.0 achieved ISO standardization ([ISO/IEC 11889:2015](https://www.microsoft.com/security/blog/2015/06/29/governments-recognize-the-importance-of-tpm-2-0-through-iso-adoption)). - - Use of TPM 2.0 may help eliminate the need for OEMs to make exception to standard configurations for certain countries and regions. - - TPM 2.0 offers a more **consistent experience** across different implementations. - - TPM 1.2 implementations vary in policy settings. This may result in support issues as lockout policies vary. - - TPM 2.0 lockout policy is configured by Windows, ensuring a consistent dictionary attack protection guarantee. - - While TPM 1.2 parts are discrete silicon components, which are typically soldered on the motherboard, TPM 2.0 is available as a **discrete (dTPM)** silicon component in a single semiconductor package, an **integrated** component incorporated in one or more semiconductor packages - alongside other logic units in the same package(s), and as a **firmware (fTPM)** based component running in a trusted execution environment (TEE) on a general purpose SoC. > [!NOTE] @@ -65,11 +55,9 @@ TPM 2.0 products and systems have important security advantages over TPM 1.2, in There are three implementation options for TPMs: -- Discrete TPM chip as a separate component in its own semiconductor package - -- Integrated TPM solution, using dedicated hardware integrated into one or more semiconductor packages alongside, but logically separate from, other components - -- Firmware TPM solution, running the TPM in firmware in a Trusted Execution mode of a general purpose computation unit +- Discrete TPM chip as a separate component in its own semiconductor package. +- Integrated TPM solution, using dedicated hardware integrated into one or more semiconductor packages alongside, but logically separate from, other components. +- Firmware TPM solution, running the TPM in firmware in a Trusted Execution mode of a general purpose computation unit. Windows uses any compatible TPM in the same way. Microsoft does not take a position on which way a TPM should be implemented and there is a wide ecosystem of available TPM solutions, which should suit all needs. @@ -95,22 +83,22 @@ For end consumers, TPM is behind the scenes but is still relevant. TPM is used f The following table defines which Windows features require TPM support. - Windows Features | TPM Required | Supports TPM 1.2 | Supports TPM 2.0 | Details | --|-|-|-|- - Measured Boot | Yes | Yes | Yes | Measured Boot requires TPM 1.2 or 2.0 and UEFI Secure Boot. TPM 2.0 is recommended since it supports newer cryptographic algorithms. TPM 1.2 only supports the SHA-1 algorithm which is being deprecated. - BitLocker | No | Yes | Yes | TPM 1.2 or 2.0 are supported but TPM 2.0 is recommended. [Device Encryption requires Modern Standby](../../operating-system-security/data-protection/bitlocker/index.md#device-encryption) including TPM 2.0 support - Device Encryption | Yes | N/A | Yes | Device Encryption requires Modern Standby/Connected Standby certification, which requires TPM 2.0. - Windows Defender Application Control (Device Guard) | No | Yes | Yes - Windows Defender System Guard (DRTM) | Yes | No | Yes | TPM 2.0 and UEFI firmware is required. - Credential Guard | No | Yes | Yes | Windows 10, version 1507 (End of Life as of May 2017) only supported TPM 2.0 for Credential Guard. Beginning with Windows 10, version 1511, TPM 1.2 and 2.0 are supported. Paired with Windows Defender System Guard, TPM 2.0 provides enhanced security for Credential Guard. Windows 11 requires TPM 2.0 by default to facilitate easier enablement of this enhanced security for customers. - Device Health Attestation| Yes | Yes | Yes | TPM 2.0 is recommended since it supports newer cryptographic algorithms. TPM 1.2 only supports the SHA-1 algorithm which is being deprecated. - Windows Hello/Windows Hello for Business| No | Yes | Yes | Microsoft Entra join supports both versions of TPM, but requires TPM with keyed-hash message authentication code (HMAC) and Endorsement Key (EK) certificate for key attestation support. TPM 2.0 is recommended over TPM 1.2 for better performance and security. Windows Hello as a FIDO platform authenticator will take advantage of TPM 2.0 for key storage. - UEFI Secure Boot | No | Yes | Yes - TPM Platform Crypto Provider Key Storage Provider| Yes | Yes | Yes - Virtual Smart Card | Yes | Yes | Yes - Certificate storage | No | Yes | Yes | TPM is only required when the certificate is stored in the TPM. - Autopilot | No | N/A | Yes | If you intend to deploy a scenario which requires TPM (such as white glove and self-deploying mode), then TPM 2.0 and UEFI firmware are required. - SecureBIO | Yes | No | Yes | TPM 2.0 and UEFI firmware is required. +| Windows Features | TPM Required | Supports TPM 1.2 | Supports TPM 2.0 | Details | +|--|--|--|--|--| +| Measured Boot | Yes | Yes | Yes | Measured Boot requires TPM 1.2 or 2.0 and UEFI Secure Boot. TPM 2.0 is recommended since it supports newer cryptographic algorithms. TPM 1.2 only supports the SHA-1 algorithm which is being deprecated. | +| BitLocker | No | Yes | Yes | TPM 1.2 or 2.0 are supported but TPM 2.0 is recommended. [Device Encryption requires Modern Standby](../../operating-system-security/data-protection/bitlocker/index.md#device-encryption) including TPM 2.0 support | +| Device Encryption | Yes | N/A | Yes | Device Encryption requires Modern Standby/Connected Standby certification, which requires TPM 2.0. | +| Windows Defender Application Control (Device Guard) | No | Yes | Yes | +| Windows Defender System Guard (DRTM) | Yes | No | Yes | TPM 2.0 and UEFI firmware is required. | +| Credential Guard | No | Yes | Yes | Windows 10, version 1507 (End of Life as of May 2017) only supported TPM 2.0 for Credential Guard. Beginning with Windows 10, version 1511, TPM 1.2 and 2.0 are supported. Paired with Windows Defender System Guard, TPM 2.0 provides enhanced security for Credential Guard. Windows 11 requires TPM 2.0 by default to facilitate easier enablement of this enhanced security for customers. | +| Device Health Attestation | Yes | Yes | Yes | TPM 2.0 is recommended since it supports newer cryptographic algorithms. TPM 1.2 only supports the SHA-1 algorithm which is being deprecated. | +| Windows Hello/Windows Hello for Business | No | Yes | Yes | Microsoft Entra join supports both versions of TPM, but requires TPM with keyed-hash message authentication code (HMAC) and Endorsement Key (EK) certificate for key attestation support. TPM 2.0 is recommended over TPM 1.2 for better performance and security. Windows Hello as a FIDO platform authenticator will take advantage of TPM 2.0 for key storage. | +| UEFI Secure Boot | No | Yes | Yes | +| TPM Platform Crypto Provider Key Storage Provider | Yes | Yes | Yes | +| Virtual Smart Card | Yes | Yes | Yes | +| Certificate storage | No | Yes | Yes | TPM is only required when the certificate is stored in the TPM. | +| Autopilot | No | N/A | Yes | If you intend to deploy a scenario which requires TPM (such as white glove and self-deploying mode), then TPM 2.0 and UEFI firmware are required. | +| SecureBIO | Yes | No | Yes | TPM 2.0 and UEFI firmware is required. | ## OEM Status on TPM 2.0 system availability and certified parts @@ -118,4 +106,4 @@ Government customers and enterprise customers in regulated industries may have a ## Related topics -- [Trusted Platform Module](trusted-platform-module-top-node.md) (list of topics) +- [Trusted Platform Module](trusted-platform-module-overview.md) diff --git a/windows/security/hardware-security/tpm/trusted-platform-module-overview.md b/windows/security/hardware-security/tpm/trusted-platform-module-overview.md index 8d35f5065b..fd028ba8e4 100644 --- a/windows/security/hardware-security/tpm/trusted-platform-module-overview.md +++ b/windows/security/hardware-security/tpm/trusted-platform-module-overview.md @@ -2,7 +2,7 @@ title: Trusted Platform Module Technology Overview description: Learn about the Trusted Platform Module (TPM) and how Windows uses it for access control and authentication. ms.topic: conceptual -ms.date: 02/22/2023 +ms.date: 11/17/2023 ms.collection: - highpri - tier1 @@ -14,21 +14,26 @@ This article describes the Trusted Platform Module (TPM) and how Windows uses it ## Feature description -The [*Trusted Platform Module (TPM)*](/windows/security/information-protection/tpm/trusted-platform-module-top-node) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper-resistant, and malicious software is unable to tamper with the security functions of the TPM. Some of the advantages of using TPM technology are: +The [Trusted Platform Module (TPM)](/windows/security/information-protection/tpm/trusted-platform-module-overview) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper-resistant, and malicious software is unable to tamper with the security functions of the TPM. Some of the advantages of using TPM technology are: -- Generate, store, and limit the use of cryptographic keys -- Use it for device authentication by using the TPM's unique RSA key, which is burned into the chip -- Help ensure platform integrity by taking and storing security measurements of the boot process +- Generate, store, and limit the use of cryptographic keys. +- Use it for device authentication by using the TPM's unique RSA key, which is burned into the chip. +- Help ensure platform integrity by taking and storing security measurements of the boot process. The most common TPM functions are used for system integrity measurements and for key creation and use. During the boot process of a system, the boot code that is loaded (including firmware and the operating system components) can be measured and recorded in the TPM. The integrity measurements can be used as evidence for how a system started and to make sure that a TPM-based key was used only when the correct software was used to boot the system. -TPM-based keys can be configured in a variety of ways. One option is to make a TPM-based key unavailable outside the TPM. This is good to mitigate phishing attacks because it prevents the key from being copied and used without the TPM. TPM-based keys can also be configured to require an authorization value to use them. If too many incorrect authorization guesses occur, the TPM will activate its dictionary attack logic and prevent further authorization value guesses. +TPM-based keys can be configured in various ways. One option is to make a TPM-based key unavailable outside the TPM. This is good to mitigate phishing attacks because it prevents the key from being copied and used without the TPM. TPM-based keys can also be configured to require an authorization value to use them. If too many incorrect authorization guesses occur, the TPM activates its dictionary attack logic and prevents further authorization value guesses. Different versions of the TPM are defined in specifications by the Trusted Computing Group (TCG). For more information, see the [TCG Web site](http://www.trustedcomputinggroup.org/work-groups/trusted-platform-module/). -### Automatic initialization of the TPM with Windows +[!INCLUDE [trusted-platform-module-tpm-20](../../../../includes/licensing/trusted-platform-module-tpm.md)] -Starting with Windows 10 and Windows 11, the operating system automatically initializes and takes ownership of the TPM. This means that in most cases, we recommend that you avoid configuring the TPM through the TPM management console, **TPM.msc**. There are a few exceptions, mostly related to resetting or performing a clean installation on a PC. For more information, see [Clear all the keys from the TPM](initialize-and-configure-ownership-of-the-tpm.md#clear-all-the-keys-from-the-tpm). We're [no longer actively developing the TPM management console](/windows-server/get-started-19/removed-features-19#features-were-no-longer-developing) beginning with Windows Server 2019 and Windows 10, version 1809. +## Automatic initialization of the TPM with Windows + +Starting with Windows 10 and Windows 11, the operating system automatically initializes and takes ownership of the TPM. This means that in most cases, we recommend that you avoid configuring the TPM through the TPM management console, **TPM.msc**. There are a few exceptions, mostly related to resetting or performing a clean installation on a PC. For more information, see [Clear all the keys from the TPM](initialize-and-configure-ownership-of-the-tpm.md#clear-all-the-keys-from-the-tpm). + +> [!NOTE] +> We're [no longer actively developing the TPM management console](/windows-server/get-started-19/removed-features-19#features-were-no-longer-developing) beginning with Windows Server 2019 and Windows 10, version 1809. In certain specific enterprise scenarios limited to Windows 10, versions 1507 and 1511, Group Policy might be used to back up the TPM owner authorization value in Active Directory. Because the TPM state persists across operating system installations, this TPM information is stored in a location in Active Directory that is separate from computer objects. @@ -38,21 +43,15 @@ Certificates can be installed or created on computers that are using the TPM. Af Automated provisioning in the TPM reduces the cost of TPM deployment in an enterprise. New APIs for TPM management can determine if TPM provisioning actions require physical presence of a service technician to approve TPM state change requests during the boot process. -Anti-malware software can use the boot measurements of the operating system start state to prove the integrity of a computer running Windows 10 or Windows 11 or Windows Server 2016. These measurements include the launch of Hyper-V to test that datacenters using virtualization aren't running untrusted hypervisors. With BitLocker Network Unlock, IT administrators can push an update without concerns that a computer is waiting for PIN entry. +Anti-malware software can use the boot measurements of the operating system start state to prove the integrity of a computer running Windows. These measurements include the launch of Hyper-V to test that datacenters using virtualization aren't running untrusted hypervisors. With BitLocker Network Unlock, IT administrators can push an update without concerns that a computer is waiting for PIN entry. The TPM has several Group Policy settings that might be useful in certain enterprise scenarios. For more info, see [TPM Group Policy Settings](trusted-platform-module-services-group-policy-settings.md). -[!INCLUDE [trusted-platform-module-tpm-20](../../../../includes/licensing/trusted-platform-module-tpm.md)] - -## New and changed functionality - -For more info on new and changed functionality for Trusted Platform Module in Windows, see [What's new in Trusted Platform Module?](/windows/whats-new/whats-new-windows-10-version-1507-and-1511#trusted-platform-module) - ## Device health attestation -Device health attestation enables enterprises to establish trust based on hardware and software components of a managed device. With device heath attestation, you can configure an MDM server to query a health attestation service that will allow or deny a managed device access to a secure resource. +Device health attestation enables enterprises to establish trust based on hardware and software components of a managed device. With device heath attestation, you can configure an MDM server to query a health attestation service that allows or denies a managed device access to a secure resource. -Some security issues that you can check on the device include the following: +Some security issues that you can check on the devices include: - Is Data Execution Prevention supported and enabled? - Is BitLocker Drive Encryption supported and enabled? diff --git a/windows/security/hardware-security/tpm/trusted-platform-module-services-group-policy-settings.md b/windows/security/hardware-security/tpm/trusted-platform-module-services-group-policy-settings.md index 586da21da4..4ea0c0f2d7 100644 --- a/windows/security/hardware-security/tpm/trusted-platform-module-services-group-policy-settings.md +++ b/windows/security/hardware-security/tpm/trusted-platform-module-services-group-policy-settings.md @@ -2,18 +2,12 @@ title: TPM Group Policy settings description: This topic describes the Trusted Platform Module (TPM) Services that can be controlled centrally by using Group Policy settings. ms.topic: conceptual -ms.date: 07/31/2023 +ms.date: 11/17/2023 --- # TPM Group Policy settings -This topic describes the Trusted Platform Module (TPM) Services that can be controlled centrally by using Group Policy settings. - -The Group Policy settings for TPM services are located at: - -**Computer Configuration\\Administrative Templates\\System\\Trusted Platform Module Services\\** - -The following Group Policy settings were introduced in Windows. +This topic describes the Trusted Platform Module (TPM) Services that can be controlled centrally by using Group Policy settings. The Group Policy settings for TPM services are located under **Computer Configuration** > **Administrative Templates** > **System** > **Trusted Platform Module Services**. ## Configure the level of TPM owner authorization information available to the operating system @@ -22,28 +16,27 @@ The following Group Policy settings were introduced in Windows. This policy setting configured which TPM authorization values are stored in the registry of the local computer. Certain authorization values are required in order to allow Windows to perform certain actions. -|TPM 1.2 value | TPM 2.0 value | Purpose | Kept at level 0?| Kept at level 2?| Kept at level 4? | -|--------------|---------------|---------|-----------------|-----------------|------------------| -| OwnerAuthAdmin | StorageOwnerAuth | Create SRK | No | Yes | Yes | -| OwnerAuthEndorsement | EndorsementAuth | Create or use EK (1.2 only: Create AIK) | No | Yes | Yes | -| OwnerAuthFull | LockoutAuth | Reset/change Dictionary Attack Protection | No | No | Yes | +| TPM 1.2 value | TPM 2.0 value | Purpose | Kept at level 0? | Kept at level 2? | Kept at level 4? | +|----------------------|------------------|-------------------------------------------|------------------|------------------|------------------| +| OwnerAuthAdmin | StorageOwnerAuth | Create SRK | No | Yes | Yes | +| OwnerAuthEndorsement | EndorsementAuth | Create or use EK (1.2 only: Create AIK) | No | Yes | Yes | +| OwnerAuthFull | LockoutAuth | Reset/change Dictionary Attack Protection | No | No | Yes | There are three TPM owner authentication settings that are managed by the Windows operating system. You can choose a value of **Full**, **Delegate**, or **None**. -- **Full** This setting stores the full TPM owner authorization, the TPM administrative delegation blob, and the TPM user delegation blob in the local registry. With this setting, you can use the TPM without requiring remote or external storage of the TPM owner authorization value. This setting is appropriate for scenarios that do not require you to reset the TPM anti-hammering logic or change the TPM owner authorization value. Some TPM-based applications may require that this setting is changed before features that depend on the TPM anti-hammering logic can be used. Full owner authorization in TPM 1.2 is similar to lockout authorization in TPM 2.0. Owner authorization has a different meaning for TPM 2.0. +- **Full**: This setting stores the full TPM owner authorization, the TPM administrative delegation blob, and the TPM user delegation blob in the local registry. With this setting, you can use the TPM without requiring remote or external storage of the TPM owner authorization value. This setting is appropriate for scenarios that do not require you to reset the TPM anti-hammering logic or change the TPM owner authorization value. Some TPM-based applications may require that this setting is changed before features that depend on the TPM anti-hammering logic can be used. Full owner authorization in TPM 1.2 is similar to lockout authorization in TPM 2.0. Owner authorization has a different meaning for TPM 2.0. -- **Delegated** This setting stores only the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting is appropriate for use with TPM-based applications that depend on the TPM antihammering logic. This is the default setting in Windows prior to version 1703. +- **Delegated**: This setting stores only the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting is appropriate for use with TPM-based applications that depend on the TPM antihammering logic. This is the default setting in Windows prior to version 1703. -- **None** This setting provides compatibility with previous operating systems and applications. You can also use it for scenarios when TPM owner authorization cannot be stored locally. Using this setting might cause issues with some TPM-based applications. +- **None**: This setting provides compatibility with previous operating systems and applications. You can also use it for scenarios when TPM owner authorization cannot be stored locally. Using this setting might cause issues with some TPM-based applications. > [!NOTE] > If the operating system managed TPM authentication setting is changed from **Full** to **Delegated**, the full TPM owner authorization value will be regenerated, and any copies of the previously set TPM owner authorization value will be invalid. **Registry information** -Registry key: HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\TPM - -DWORD: OSManagedAuthLevel +Registry key: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TPM` +DWORD: `OSManagedAuthLevel` The following table shows the TPM owner authorization values in the registry. @@ -68,9 +61,8 @@ This setting helps administrators prevent the TPM hardware from entering a locko For each standard user, two thresholds apply. Exceeding either threshold prevents the user from sending a command that requires authorization to the TPM. Use the following policy settings to set the lockout duration: -- [Standard User Individual Lockout Threshold](#standard-user-individual-lockout-threshold) This value is the maximum number of authorization failures that each standard user can have before the user is not allowed to send commands that require authorization to the TPM. - -- [Standard User Total Lockout Threshold](#standard-user-total-lockout-threshold) This value is the maximum total number of authorization failures that all standard users can have before all standard users are not allowed to send commands that require authorization to the TPM. +- [Standard User Individual Lockout Threshold](#standard-user-individual-lockout-threshold): This value is the maximum number of authorization failures that each standard user can have before the user is not allowed to send commands that require authorization to the TPM. +- [Standard User Total Lockout Threshold](#standard-user-total-lockout-threshold): This value is the maximum total number of authorization failures that all standard users can have before all standard users are not allowed to send commands that require authorization to the TPM. An administrator with the TPM owner password can fully reset the TPM's hardware lockout logic by using the Windows Defender Security Center. Each time an administrator resets the TPM's hardware lockout logic, all prior standard user TPM authorization failures are ignored. This allows standard users to immediately use the TPM normally. @@ -118,9 +110,7 @@ Introduced in Windows 10, version 1703, this policy setting configures the TPM t ## TPM Group Policy settings in Windows Security -You can change what users see about TPM in **Windows Security**. The Group Policy settings for the TPM area in **Windows Security** are located at: - -**Computer Configuration\\Administrative Templates\\Windows Components\\Windows Security\\Device security** +You can change what users see about TPM in **Windows Security**. The Group Policy settings for the TPM area in **Windows Security** are located under **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Security** > **Device security**. ### Disable the Clear TPM button @@ -132,6 +122,6 @@ If you don't want users to see the recommendation to update TPM firmware, you ca ## Related topics -- [Trusted Platform Module](trusted-platform-module-top-node.md) +- [Trusted Platform Module](trusted-platform-module-overview.md) - [TPM Cmdlets in Windows PowerShell](/powershell/module/trustedplatformmodule/?view=win10-ps&preserve-view=true) - [BitLocker planning guide](../../operating-system-security/data-protection/bitlocker/planning-guide.md) diff --git a/windows/security/hardware-security/tpm/trusted-platform-module-top-node.md b/windows/security/hardware-security/tpm/trusted-platform-module-top-node.md deleted file mode 100644 index c19e762bdf..0000000000 --- a/windows/security/hardware-security/tpm/trusted-platform-module-top-node.md +++ /dev/null @@ -1,25 +0,0 @@ ---- -title: Trusted Platform Module -description: This topic for the IT professional provides links to information about the Trusted Platform Module (TPM) and how Windows uses it for access control and authentication. -ms.topic: conceptual -ms.date: 02/02/2023 -ms.collection: -- highpri -- tier1 ---- - -# Trusted Platform Module - -Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that helps you with actions such as generating, storing, and limiting the use of cryptographic keys. The following topics provide details. - - - -| Topic | Description | -|-------|-------------| -| [Trusted Platform Module Overview](trusted-platform-module-overview.md) | Provides an overview of the Trusted Platform Module (TPM) and how Windows uses it for access control and authentication. | -| [TPM fundamentals](tpm-fundamentals.md) | Provides background about how a TPM can work with cryptographic keys. Also describes technologies that work with the TPM, such as TPM-based virtual smart cards. | -| [TPM Group Policy settings](trusted-platform-module-services-group-policy-settings.md) | Describes TPM services that can be controlled centrally by using Group Policy settings. | -| [Back up the TPM recovery information to AD DS](backup-tpm-recovery-information-to-ad-ds.md) | For Windows 10, version 1511 and Windows 10, version 1507 only, describes how to back up a computer's TPM information to Active Directory Domain Services. | -| [Troubleshoot the TPM](initialize-and-configure-ownership-of-the-tpm.md) | Describes actions you can take through the TPM snap-in, TPM.msc: view TPM status, troubleshoot TPM initialization, and clear keys from the TPM. Also, for TPM 1.2 and Windows 10, version 1507 or 1511, or Windows 11, describes how to turn the TPM on or off. | -| [Understanding PCR banks on TPM 2.0 devices](switch-pcr-banks-on-tpm-2-0-devices.md) | Provides background about what happens when you switch PCR banks on TPM 2.0 devices. | -| [TPM recommendations](tpm-recommendations.md) | Discusses aspects of TPMs such as the difference between TPM 1.2 and 2.0, and the Windows features for which a TPM is required or recommended. | diff --git a/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md index 38961897cb..69e56ca8f4 100644 --- a/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md +++ b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md @@ -81,6 +81,14 @@ Enhanced Phishing Protection can be configured using the [WebThreatDefense CSP][ By default, Enhanced Phishing Protection is deployed in audit mode, preventing notifications to the users for any protection scenarios. In audit mode, Enhanced Phishing Protection captures unsafe password entry events and sends diagnostic data through Microsoft Defender. Users aren't warned if they enter their work or school password into a phishing site, if they reuse their password, or if they unsafely store their password in applications. Because of this possibility, it's recommended that you configure Enhanced Phishing Protection to warn users during all protection scenarios. +| Setting | Default Value | Recommendation | +|---------------------------|------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Automatic Data Collection | **Enabled** for domain joined devices or devices enrolled with MDM.
**Disabled** for all other devices. | **Enabled**: Turns on collection of additional content for security analysis from a suspicious website or app to improve Microsoft's threat intelligence | +| Service Enabled | **Enabled** | **Enabled**: Turns on Enhanced Phishing Protection in audit mode, which captures work or school password entry events and sends diagnostic data but doesn't show any notifications to your users. | +| Notify Malicious | **Disabled** for devices onboarded to MDE.
**Enabled** for all other devices. | **Enabled**: Turns on Enhanced Phishing Protection notifications when users type their work or school password into one of the previously described malicious scenarios and encourages them to change their password. | +| Notify Password Reuse | **Disabled** | **Enabled**: Turns on Enhanced Phishing Protection notifications when users reuse their work or school password and encourages them to change their password. | +| Notify Unsafe App | **Disabled** | **Enabled**: Turns on Enhanced Phishing Protection notifications when users type their work or school passwords in Notepad and Microsoft 365 Office Apps. | + To better help you protect your organization, we recommend turning on and using these specific Microsoft Defender SmartScreen settings. #### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune)