none
TPM: do I need Intel TXT? RRS feed

  • Question

  • I have been using TPM 1.2 in previous motherboard for years without any issues and also without any concern or questions how it really works. Now I have a new motherboard and I am currently struggling with process of obtaining compatible TPM 2.0.  Vendor does not have (yet) pre-provisioned client version of TPM, suppliers offer only server or unprovisioned versions. Provisioning is lengthy (mainly) bureaucratic process and also only legal (not natural) person can apply for Intel provisioning tools which are needed for TPM provisioning.

    I hope that I understand it correctly, but IMHO operating system cannot utilize Intel TXT with unprovisioned TPM.
    I also have found contradicting statements that Bitlocker needs (others say can utilize) Intel TXT.

    I am running workstation with Windows 10 Prof. I use virtualization only for testing purposes.
    My main goal is not typing any passwords for unlocking Bitlocker drives neither using USB sticks for storing Bitlocker keys.

    Do you know any scenario in desktop environment where Intel TXT is a must or recommended feature?




    • Edited by marianh Tuesday, December 4, 2018 5:54 AM
    Tuesday, December 4, 2018 5:51 AM

All replies

  • Hi marianh,

    Thanks for posting here.


    1. Firstly, BitLocker can be used with or without a Trusted Platform Module (TPM) chip, so Intel TXT  is not necessary for Bitlocker without TPM. TPM is a dependency of TXT but not the other way around. The TPM is where TXT will store the measurements - hash of components - of the platform.

    2. You will be asked to enter a password that must be entered every time you turn on your PC, before you even get to the Windows login screen. Windows gives you a choice of either entering the password manually or inserting a USB key. Choose whichever method you prefer, but I recommend sticking with the manual password so you aren’t depending on a single USB key for authentication.



    Besides, The following combinations of the above authentication mechanisms are supported, all with an optional escrow recovery key:

    TPM only(the transparent mode operation of BitLocker in conjunction with TPM and that no startup PIN is required)

    TPM + PIN
    TPM + PIN + USB Key
    TPM + USB Key
    USB Key
    Password only


    3. One example of TXT usage is Bitlocker. It can also block rootkits on hypervisors if supported by the hypervisor.

    Best regards,


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, December 5, 2018 8:11 AM
    Moderator
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best regards,


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, December 11, 2018 8:27 AM
    Moderator
  • One example of TXT usage is Bitlocker.
    Can you elaborate more or point me where I can find more info about it?
    Wednesday, December 12, 2018 6:21 AM
  • Hi marianh,

    Thanks for your replying.

    The TPM is a vital part of Intel TXT. Without it Intel TXT does not work. So, when you use bitlocker encryption with TPM, intel TXT came in handy.

    Please check this link: http://theinvisiblethings.blogspot.com/2009/01/why-do-i-miss-microsoft-bitlocker.html

    Note: This is a third-party link and we do not have any guarantees on this website. This is just for your convenience. And Microsoft does not make any guarantees about the content. 

    Best regards,


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Wednesday, December 12, 2018 7:13 AM
    Moderator