Share this article

Improve this guide

TPM 1.2 vs 2.0: Differences & How to Upgrade

7 min. read

Updated onApril 3, 2024

updated onApril 3, 2024

Share this article

Improve this guide

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Key notes

As you probably know, Windows 11 was recently announced, and it brings a wide array of new features as well as some specific requirements.

RegardingWindows 11 hardware requirements, the new change everybody is talking about is the TPM chip, and unless you have it, you won’t be able to upgrade to Windows 11 due toTPM 2.0 errors.

There are two versions of TPM, and in this guide, we’re going to compare TPM 1.2 vs 2.0 and see which one is better.

TPM 1.2 vs 2.0, which one should I use?

A quick history of TPM

TPM was first introduced by Trusted Computing Group in 2009, and since then it has been used in computers, ATM devices, and set-top boxes.

As for the TPM 1.2, it was released in 2005, and it has received the last revision in 2011. On the other hand, TPM 2.0 was released initially in 2014, while the latest revision being from 2019.

The two versions have various differences, but before we start comparing them, let’s see what TPM does and how it protects your PC.

What is TPM?

TPM stands for Trusted Platform Module, and it’s a dedicated microcontroller that providesencryptionfeatures and an additional layer of security to your PC.

TPM is usually a chip on your motherboard, but it can be also integrated inside of the CPU, or it can run in firmware separately. Some motherboards have TPM connectors, so you can add a TPM chip on your own.

There’s also a completely virtual TPM that runs on a software level, but many experts believe that it’s not as safe as its physical counterpart.

How does TPM work?

TPM is used mostly for encryption, and it will generate and store parts of the encryption keys. This means that if you want to unlock an encrypted drive, you’ll need to use the same TPM chip that generated the encryption key.

Since the encryption key isn’t stored on your drive, it’s harder for hackers to decrypt your data since they need access to the TPM chip as well.

TPM chips also have tamper protection, and in case the chip or motherboard is tampered with by a hacker, the TPM should still be able to keep your data locked.

In addition to encryption, the TPM can protect your PC from bootloader malware by verifying the boot loader. In case your bootloader has been tempered with, TPM will prevent your system from booting.

TPM also has a Quarantine Mode that you can use to fix bootloader issues. Lastly, TPM stores all your passwords inside it, which makes them secure from hackers.

As for other uses, TPM is used for digital rights management, protection of software licenses, and in some cases, as prevention from cheating in video games.

TPM 1.2 vs 2.0, what are the differences?

TPM 2.0 is an improvement over TPM 1.2, and while they are similar, you should know that TPM 2.0 isn’t compatible with TPM 1.2.

TPM 1.2 has a one-size-fits-all specification, while the 2.0 version has platform-specific specifications that define which parts of the library are mandatory or optional.

As for algorithms on TPM 1.2, SHA-1 and RSA are required, while the AES is optional. With TPM 2.0, SHA-1 and SHA-256 are required for hashes.

RSA and ECC with Barreto-Naehrig 256-bit curve and a NIST P-256 curve are used for public-key cryptography and asymmetric digital signature generation and verification in TPM 2.0.

As for symmetric digital signature generation, the TPM 2.0 is using the HMAC, and 128-bit AES for symmetric-key algorithms.

The difference between algorithms is noticeable, which makes TPM 2.0 a far secure solution.

Regarding the crypto primitives, the TPM 1.2 and 2.0 offer the following:

Despite sharing the same features, TPM 2.0 uses Direct Anonymous Attestation using the Barreto-Naehrig 256-bit curve, so it’s safer to use.

In terms of hierarchy, TPM 1.2 has just the storage hierarchy, while TPM 2.0 has a platform, storage, and endorsement hierarchy.

Regarding the root keys, only SRK RSA-2048 is supported with TPM 1.2, while the TPM 2.0 supports multiple keys and algorithms per hierarchy.

As for authorization, TPM 1.2 uses HMAC, PCR, locality, and physical presence. TPM 2.0 offers the same authorization features as well as password protection.

In terms of NVRAM, TPM 1.2 supports only unstructured data, while TPM 2.0 supports unstructured data, Counter, Bitmap, Extend, PIN pass and fail.

As you can see, TPM 2.0 offers a wide array of improvements, and it’s a more secure choice when it comes to data protection and encryption.

Here’s a quick overview of the algorithms that TPM 1.2 and TPM 2.0 support.

Why is TPM 2.0 better than TPM 1.2?

TPM 1.2 only uses the SHA-1 hashing algorithm, which is a problem since SHA-1 isn’t secure, and many agencies started moving to SHA-256 in 2014.

Microsoft and Google removed the support for SHA-1 based signing of certificates in 2017. It’s also worth mentioning that TPM 2.0 supports newer algorithms that will improve drive signing and key generation performance.

TPM 2.0 also offers a more consistent experience, and the lockout policy is configured by Windows. With TPM 1.2, the implementations vary by policy settings, which can be a security concern.

We also have to mention that certain features such as device encryption,Windows DefenderSystem Guard, Autopilot, and SecureBIO are available only when using TPM 2.0.

Here’s a list of features that TPM 1.2 and TPM 2.0 support:

Does Windows 11 require TPM 2.0?

When it was first announced, the Windows 11 hardware requirements stated that Windows 11 will work with TPM 1.2 and TPM 2.0, with the latter being a more secure choice.

According to the documentation, an upgrade to Windows 11 would be allowed with a TPM 1.2 chip, but not advised. However, Microsoft has updated its documentation, and currently, the TMP 2.0 stands as the requirement for Windows 11.

This leads us to believe that TPM 2.0 is the requirement for Windows 11 and that users with TMP 1.2 chips won’t be able to use Windows 11.

However, there’s a way toinstall Windows 11 without TPM, if you’re tech-savvy. On the bright side, it seems thatsome Windows 11 systems will work without TPM 2.0 chips, which is great news for many.

Is TPM intended only for business users?

Although TPM was developed initially for business users, the technology is now available on home PCs as well.

While encrypting your data isn’t essential for home users, if you want to ensure that your files are safe at all times, then encrypting your files and using TPM is a must.

Not all encryption requires TPM, but using it offers a layer of hardware security which makes it harder for hackers to access your data.

It offers tampering protection, so you can rest assured that your encrypted files will stay protected against hackers even if they try to modify your hardware.

TPM isn’t just used for file encryption, and you’re probably using it as a home user without even knowing it. If you’re usingWindows Hellofeature, you’re already using a TPM.

Your passwords and PINs are also stored in TPM, even for home users. Lastly, TPM provides you with aSecure Bootfeature that stops bootloaders from infecting your PC.

So even if you’re not a business user and you don’t encrypt your data, you still benefit from TPM as a home user.

Conclusion

TPM 1.2 and TPM 2.0 have their benefits, and with recently announced Windows 11 requirements, the TPM chips will become a must-have, so if you don’t own a TPM chip, you might want to considerbuying a TPM chip.

If you want to learn more, we also have a guide onTPM in Windows 11, so don’t miss it.

So which version of the TPM is better? The answer is pretty simple, the TPM 2.0 is newer, more secure, and it offers more security features, it works better with Windows, and we can safely say that TPM 2.0 is a better choice than TPM 1.2.

More about the topics:encryption,TPM,Windows 11

Milan Stanojevic

Windows Toubleshooting Expert

Milan has been enthusiastic about technology ever since his childhood days, and this led him to take interest in all PC-related technologies. He’s a PC enthusiast and he spends most of his time learning about computers and technology.

Before joining WindowsReport, he worked as a front-end web developer. Now, he’s one of the Troubleshooting experts in our worldwide team, specializing in Windows errors & software issues.

User forum

6 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Milan Stanojevic

Windows Toubleshooting Expert

Before joining WindowsReport, he worked as a front-end web developer. Now, he’s specialized in Windows errors & software issues.