How to Check if a Windows PC has a TPM Chip

Having a TPM (Trusted Platform Module) chip grants your Windows 11 PC access to modern security solutions, including BitLocker, Windows Hello, and Secure Boot, that can protect your system from various threats. If you’re a system administrator or an advanced user unsure of its presence and want to check for a TPM chip on your PC for security purposes, this article is for you.

This article discusses the various methods of verifying if your device is equipped with TPM, from using the TPM Management Console to visiting the Windows Security app.

What is a Trusted Platform Module (TPM)?

A Trusted Platform Module chip, or simply TPM, is a specialized chip that you may find in your PC’s motherboard. It is a dedicated cryptographic processor that provides hardware-level security for various functions, such as key management, disk encryption, and authentication.

Its main job is to ensure you have an authentic and untampered-with OS and firmware. Some Windows features, like Windows Hello and BitLocker, also leverage TPM to further enhance security.

TPM 2.0 Requirements

Before you follow the methods to check for TPM and its version, check the following requirements:

• Windows 11 (any edition): The latest version of the chip, TPM 2.0, is a required component to run Windows 11 on PCs.
• Administrator privileges: Some methods require admin permissions, such as running PowerShell and Command Prompt.

How to check for the TPM chip

If you want to verify whether or not you have a TPM chip installed, you can choose to do so via the TPM management console, PowerShell, Device Manager, Windows Security, or Command Prompt.

Method 1: Use the TPM Management console

One of the most basic methods is to use the TPM Management console. It is a GUI-based manual check that you can do quickly.

Note: Admin privileges may be required.

1. Press Windows key + R to open Run.
2. Type “tpm.msc” and hit Enter. (If it requires admin rights to access the information, press Ctrl + Shift + Enter instead after typing “tpm.msc.”)
3. Review TPM information.

If a TPM is present, you should see:

• Status: “The TPM is ready for use.”
• Manufacturer Information: Manufacturer ID and Version (e.g., 2.0 or 1.2)
• Other available options

If there is no TPM, you’ll get a message stating “Compatible TPM cannot be found.”

Method 2: Use PowerShell

This method is scriptable for checking multiple systems and can return rich TPM data, so it is ideal for remote audits or inventory tools.

Note: Admin privileges required.

1. Open an elevated PowerShell. Press Windows key + R, type “powershell,” and press Ctrl + Shift + Enter.
2. Type this command and hit Enter for a detailed list of TPM properties:
   • get-tpm
3. Alternatively, you can type this command for a non-detailed version:
   • get-tpm | select -ExpandProperty tpmpresent
4. Review the results. If TPM is installed, the value for TpmPresent is True. If not, it will be False.
5. You can also use this command for more detailed information about your device’s TPM:
   • Get-WmiObject -Namespace "Root\CIMV2\Security\MicrosoftTpm" -Class Win32_Tpm

Method 3: Use Device Manager

Using the Device Manager is another easy method to confirm hardware-level TPM presence quickly.

1. Press Windows key + X or right-click the Start button to open the Quick Link menu.
2. Select Device Manager from the list.
3. Find and expand Security devices.
4. If you see the Trusted Platform Module device with its version information at the end, your PC is equipped with TPM. If you cannot find the Security devices or Trusted Platform Module entry, it is not installed or enabled.

Method 4: Use the Windows Security app

Windows Security has a user-friendly interface that can help end users check for TPM and its version on their systems.

1. Open Settings by pressing Windows key + I.
2. Navigate to Privacy & Security → Windows Security → Device Security → Security processor details.
3. If TPM is installed, you should see the TPM version, manufacturer information, and other general specifications. If not, you won’t find the Security processor section.

Method 5: Use Command Prompt

Command Prompt can give raw data about TPM if you are using a legacy system (e.g., Windows 7 or older setups).

Note: Admin privileges required.

1. Open Command Prompt as an administrator.
   • Type “cmd” in the Start menu search bar
   • Right-click on Command Prompt
   • Choose Run as administrator.
2. Alternatively, you may press Windows key + R, type “cmd,” and press Ctrl + Shift + Enter.
3. Copy and paste the following command before hitting Enter:
   • wmic /namespace:\\root\CIMv2\Security\MicrosoftTpm path Win32_Tpm get /value
4. Review the results. If TPM is installed, it should return detailed TPM status and configuration. If not, you’ll see a “No instance(s) available” message.

Why check for TPM?

TPM has become a foundation for security architecture in modern PCs, so verifying its presence is crucial for various reasons:

• BitLocker drive encryption: TPM is a key enabler of BitLocker. Without a TPM, this built-in full disk encryption solution will need an alternative method to unlock the drive, like a password or a USB flash drive, which is not always secure.
• Windows 11 compatibility: TPM 2.0 is mandatory for Windows 11. PCs lacking TPM 2.0 may no longer receive updates or be forced to stay on Windows 10.
• Support for modern security features: TPM is useful in secure environments that use certificates, secure boots, or credential guards.
• Compliance and auditing requirements: Some industries, such as healthcare, government, and finance, often require TPM to pass security audits and meet regulatory compliance.

Notes and considerations

System administrators, IT professionals, and power users should keep these pointers in mind when checking for TPM in Windows environments.

• TPM 2.0 is required for Windows 11 installations, so checking for the TPM version may be more beneficial than only checking for TPM presence.
• TPM 1.2 supports BitLocker but lacks support for modern cryptographic algorithms. It relies on SHA-1 and RSA, both of which are considered outdated and potentially vulnerable.
• A TPM chip might be present, but it’s not always enabled by default. Therefore, you may need to enable TPM manually in the BIOS/UEFI firmware on some systems.

Troubleshooting

TPM not visible in Windows

If you get a False value, see a “TPM not found” message, or cannot find the TPM entry under Security Devices, it may be because your TPM is disabled in BIOS/UEFI. Reboot your PC and enter BIOS/UEFI settings. Look for an entry related to TPM (usually under Security), enable it, and then save and exit.

If TPM isn’t visible, it might be because your firmware is outdated. Check your BIOS/UEFI firmware version to see if you need an upgrade from your motherboard or PC manufacturer.

If your device doesn’t have a physical TPM chip, it may use firmware TPM (fTPM), which provides similar protection via the CPU.

TPM Management console won’t open

Insufficient permissions can prevent you from opening the TPM Management console. Try logging in using an administrator account or running the console as an administrator.

Incorrect TPM version

If you have an incorrect TPM version (1.2 instead of 2.0), look into updating your TPM firmware or changing the version in BIOS/UEFI (if it’s an available feature). However, this is not always possible, as the problem may be with your hardware. Make sure to check the upgradability of your TPM firmware.

Securing the future with TPM

Verifying the presence and version of a TPM chip is essential for securing modern Windows systems and preparing to upgrade to Windows 11. Whether for BitLocker, secure boot, or compliance audits, users can utilize multiple tools to reliably assess the status of their TPM.

By selecting the method best suited to their workflow, whether a graphical interface for quick checks or scriptable tools for large-scale audits, IT administrators can streamline TPM validation, minimize support overhead, and ensure systems meet modern security and compliance standards.