What does it mean when the TPM malfunction is on?

When your tire pressure monitoring system (TPMS) warning light comes on, flashes repeatedly, and then turns off, this indicates a malfunction with the vehicle's TPMS system. If the TPMS comes on and stays on, it means your tire has a dangerously low level of air pressure .

What causes TPM lockout?

These systems are designed to "Lockout" after 32 abrupt power down events (Power Failure, Pulling power cord to turn the device down). For every ungraceful shutdown(Power Failure, Pulling power cord to turn the device down). the TPM counter is incremented by 1 , after 32 such events the device goes into Lockout mode.

When the battery in a TPMS sensor dies, it will trigger a malfunction warning from the system, indicated by a blinking TPMS light on your dashboard. It may continue to flash, or it may turn solid after 60-90 seconds.

What happens if I reset TPM?

What happens when you clear a TPM? Clearing the TPM on your laptop erases encryption keys and security data, like wiping a clean slate.

How do I test my TPM on Windows?

Press [Windows Key] + R or select Start > Run. Type “tpm.msc” (do not use quotation marks) and choose OK . If you see a message saying a “Compatible TPM cannot be found,” your PC may have a TPM that is disabled.

Should I clear my computer TPM?

As discussed above, clearing TPM will lead to all TPM-protected keys and data loss such as BitLocker encrypted drive. So, it's crucial to back up the data beforehand. How to make a backup quickly? MiniTool Partition Wizard is a trustworthy tool.

What happens if TPM chip fails?

So in short, if the TPM 'breaks': Any data you encrypted with a key that only exists in the TPM, which isn't backed up, is lost (i.e. your encrypted hard disk) Any cryptographic identity based on the TPM (i.e. Identity Keys) is now lost. Any trust in the platform (i.e. during remote attestation) is now lost.

How do I update my TPM driver?

Navigate to System Settings > Security > Trusted Platform Module and update the TPM. Reboot the system once the update is complete.

Troubleshoot the TPM - Windows Security (2024)

Article
11/17/2023
Applies to:
✅ Windows 11, ✅ Windows 10, ✅ Windows Server 2022, ✅ Windows Server 2019, ✅ Windows Server 2016

This article provides information how to troubleshoot the Trusted Platform Module (TPM):

Troubleshoot TPM initialization
Clear all the keys from the TPM

With TPM 1.2 and Windows 11, you can also take the following actions:

Turn on or turn off the TPM

For information about the TPM cmdlets, see TPM Cmdlets in Windows PowerShell.

About TPM initialization and ownership

Windows automatically initializes and takes ownership of the TPM. There's no need for you to initialize the TPM and create an owner password.

TPM initialization

If you find that Windows isn't able to initialize the TPM automatically, review the following information:

You can try clearing the TPM to the factory default values, allowing Windows to reinitialize it. For important precautions for this process, and instructions for completing it, see Clear all the keys from the TPM
If the TPM is a TPM 2.0 and isn't detected by Windows, verify that your computer hardware contains a Unified Extensible Firmware Interface (UEFI) that is Trusted Computing Group-compliant. Also, ensure that in the UEFI settings, the TPM hasn't been disabled or hidden from the operating system
If you have TPM 1.2 with Windows 11, the TPM might be turned off, and need to be turned back on, as described in Turn on the TPM. When it's turned back on, Windows will reinitialize it
If you're attempting to set up BitLocker with the TPM, check which TPM driver is installed on the computer. We recommend always using one of the TPM drivers that is provided by Microsoft and is protected with BitLocker. If a non-Microsoft TPM driver is installed, it may prevent the default TPM driver from loading and cause BitLocker to report that a TPM isn't present on the computer. If you have a non-Microsoft driver installed, remove it, and then allow the operating system to initialize the TPM

Network connection issues for domain-joined Windows 11 devices

If you have Windows 11, the initialization of the TPM can't complete when your computer has network connection issues and both of the following conditions exist:

An administrator has configured your computer to require that TPM recovery information be saved in Active Directory Domain Services (AD DS). This requirement can be configured through group policy
A domain controller can't be reached. This scenario may occur on a device that is currently disconnected from the internal network, separated from the domain by a firewall, or experiencing a network component failure (such as an unplugged cable or a faulty network adapter)

If these issues occur, an error message appears, and you can't complete the initialization process. To avoid the issue, allow Windows to initialize the TPM while you're connected to the corporate network, and you can contact a domain controller.

Systems with multiple TPMs

Some systems may have multiple TPMs and the active TPM may be toggled in UEFI. Windows doesn't support this configuration. If you switch TPMs, Windows might not properly detect or interact with the new TPM. If you plan to switch TPMs, you should toggle to the new TPM, clear it, and reinstall Windows. For more information, see Clear all the keys from the TPM.

For example, toggling TPMs will cause BitLocker to enter recovery mode. We strongly recommend that, on systems with two TPMs, one TPM is selected to be used and the selection isn't changed.

Clear all the keys from the TPM

You can use the Windows Defender Security Center app to clear the TPM as a troubleshooting step, or as a final preparation before a clean installation of a new operating system. Preparing for a clean installation in this way helps ensure that the new operating system can fully deploy any TPM-based functionality that it includes, such as attestation. However, even if the TPM isn't cleared before a new operating system is installed, most TPM functionality will probably work correctly.

Clearing the TPM resets it to an unowned state. After you clear the TPM, the Windows operating system will automatically reinitialize it and take ownership again.

Warning

Clearing the TPM can result in data loss. For more information, see the next section, "Precautions to take before clearing the TPM."

Precautions to take before clearing the TPM

Clearing the TPM can result in data loss. To protect against such loss, review the following precautions:

Clearing the TPM causes you to lose all created keys associated with the TPM, and data protected by those keys, such as a virtual smart card or a sign-in PIN. Make sure that you have a backup and recovery method for any data that is protected or encrypted by the TPM
Don't clear the TPM on a device you don't own, such as a work or school PC, without being instructed to do so by your IT administrator
If you want to temporarily suspend TPM operations on Windows 11, you can turn off the TPM. For more information, see Turn off the TPM
Always use functionality in the operating system (such as TPM.msc) to the clear the TPM. Don't clear the TPM directly from UEFI
Because your TPM security hardware is a physical part of your computer, before clearing the TPM, you might want to read the manuals or instructions that came with your computer, or search the manufacturer's website

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To clear the TPM

Open the Windows Defender Security Center app.
Select Device security.
Select Security processor details.
Select Security processor troubleshooting.
Select Clear TPM.
- You'll be prompted to restart the computer. During the restart, you might be prompted by the UEFI to press a button to confirm that you wish to clear the TPM.
- After the device restarts, your TPM will be automatically prepared for use by Windows.

Turn on or turn off the TPM

Normally, the TPM is turned on as part of the TPM initialization process. You don't normally need to turn the TPM on or off. However, if necessary you can do so by using the TPM MMC.

Turn on the TPM

If you want to use the TPM after you've turned it off, you can use the following procedure to turn on the TPM.

Open the TPM MMC (tpm.msc).
In the Action pane, select Turn TPM On to display the Turn on the TPM Security Hardware page. Read the instructions on this page.
Select Shutdown (or Restart), and then follow the UEFI screen prompts.

After the device restarts, but before you sign in to Windows, you'll be prompted to accept the reconfiguration of the TPM. The acceptance ensures that the user has physical access to the computer and that malicious software isn't attempting to make changes to the TPM.

Turn off the TPM

If you want to stop using the services that are provided by the TPM, you can use the TPM MMC to turn off the TPM.

Open the TPM MMC (tpm.msc).
In the Action pane, select Turn TPM Off to display the Turn off the TPM security hardware page.
In the Turn off the TPM security hardware dialog box, select a method to enter your owner password and turning off the TPM:
- If you saved your TPM owner password on a removable storage device, insert it, and then select I have the owner password file. In the Select backup file with the TPM owner password dialog box, select Browse to locate the .tpm file that is saved on your removable storage device, select Open, and then select Turn TPM Off.
- If you don't have the removable storage device with your saved TPM owner password, select I want to enter the password. In the Type your TPM owner password dialog box, type your password (including hyphens), and then select Turn TPM Off.
- If you didn't save your TPM owner password or no longer know it, select I do not have the TPM owner password, and follow the instructions that are provided in the dialog box and subsequent UEFI screens to turn off the TPM without entering the password.

Use the TPM cmdlets

You can manage the TPM using Windows PowerShell. For details, see TPM Cmdlets in Windows PowerShell.

As an enthusiast deeply entrenched in the field of Windows operating systems and system security, my extensive experience and knowledge span across various Windows versions, including Windows 11, Windows 10, Windows Server 2022, Windows Server 2019, and Windows Server 2016. Over the years, I have actively engaged in troubleshooting and managing the Trusted Platform Module (TPM), a crucial component in ensuring the security of Windows-based systems.

In the article dated 11/17/2023, the focus is on providing comprehensive guidance on troubleshooting TPM-related issues and managing TPM initialization. Here's a breakdown of the key concepts discussed in the article:

1. TPM Initialization and Ownership:

Automatic Initialization: Windows automatically initializes and takes ownership of the TPM, eliminating the need for manual intervention or the creation of an owner password.
Troubleshooting Initialization Issues: If automatic initialization fails, users are advised to clear the TPM to reset it to factory default values, allowing Windows to reinitialize.
TPM 2.0 Detection: For TPM 2.0, ensure that the computer hardware is UEFI-compliant and that the TPM is not disabled or hidden in UEFI settings.
Turning on TPM 1.2: In the case of TPM 1.2 on Windows 11, if the TPM is turned off, it needs to be turned back on to initiate reinitialization.
BitLocker Considerations: When setting up BitLocker with TPM, ensure the use of Microsoft-provided TPM drivers to prevent issues with BitLocker reporting a missing TPM.

2. Network Connection Issues for Windows 11 Devices:

TPM Initialization and Network Connection: Windows 11 TPM initialization may fail if there are network connection issues, and TPM recovery information is configured to be saved in Active Directory. Connect to the corporate network to avoid these issues.

3. Systems with Multiple TPMs:

Unsupported Configuration: Windows does not support systems with multiple TPMs actively toggled in UEFI. Switching TPMs may cause detection and interaction issues, and it is recommended to select and stick with one TPM.

4. Clearing All Keys from the TPM:

Using Windows Defender Security Center: The article recommends using the Windows Defender Security Center app to clear the TPM either as a troubleshooting step or before a clean OS installation.
Precautions: Clearing the TPM results in data loss. Precautions include having backups for data protected by TPM keys, not clearing TPM on devices not owned by the user, and using OS functionality to clear TPM.
Clearing Process: The step-by-step process involves accessing the Windows Defender Security Center app and selecting the option to clear TPM, followed by a restart.

5. Turning On/Off TPM:

Turning On TPM: The TPM is typically turned on during initialization, but if necessary, users can use the TPM MMC to turn it on.
Turning Off TPM: The TPM MMC provides a method to turn off the TPM, with options to use an owner password or other authentication methods.

6. Using TPM Cmdlets in Windows PowerShell:

Management with PowerShell: Users can manage the TPM using Windows PowerShell cmdlets, offering a scriptable and automated approach to TPM management.

This detailed guide ensures that users can navigate through TPM-related issues on various Windows platforms with confidence, covering initialization, troubleshooting, and best practices for managing the Trusted Platform Module.