Trending News

Blog

TPM 1.2 vs 2.0: What’s the difference? Easy Guide
Guide

TPM 1.2 vs 2.0: What’s the difference? Easy Guide 

Microsoft has announced Windows 11, as we all know. The new OS offers a slew of new features and with it some specific requirements.

And When it comes to Windows 11 Hardware requirements, the TPM chip is the latest feature. And it is one of the main requirements that you need to fulfill to install Windows 11. And if your computer doesn’t have it, then you won’t be able to install Windows 11.

TPM comes in two versions, and in this guide, we will compare TPM 1.2 and TPM 2.0 to discover which is superior.

TPM 1.2 vs 2.0: Which Chip to use?

What is TPM?

The TPM (Trusted Platform Module) is a dedicated microcontroller. It protects your computer by encrypting data and adding an extra layer of security.

TPM is a chip that you can usually find on your motherboard. And sometimes, it is integrated into the CPU or run as firmware. You can find TPM connectors on most motherboards, which makes it easy to add a TPM chip on your own.

There is another type known as virtual TPM, which runs on a software level. But, many experts believe that it is not as secure as physical chips.

Brief History of TPM

Trusted Computing Group announced TPM in 2009. Since then, the chip is used in PCs, ATMs, and set-top boxes.

The TPM 1.2 was released in 2005, and the most recent revision it received was in 2011. TPM 2.0 was first released in 2014, with the most recent revision being in 2019.

Both versions differ in many ways, and before we discuss differences. Let’s first go through the process of how it works and protects your PC.

How TPM protects your PC?

TPM chips encrypt disks, and it generates and stores portions of encryption keys. This means that you will have to use the same TPM chip to encrypt the disk to unlock it.

Hackers will have a tough time decrypting your data because they will need access to TPM Chips. Because the encryption keys are not saved on your hard drive.

TPM chips also feature tamper protection, which keeps your data locked. So, even if the chip or motherboard has been tampered with, your data remains secure and locked.

TPM also protects your PC from bootloader malware by validating the boot loader. And it prevents your system from booting up in case the boot later is tampered with.

You can also use TPM’s Quarantine Mode to address bootloader issues. Finally, TPM keeps all your passwords within it, making them secure from hackers.

TPM is also used for digital rights management and software licensing protection. And in some cases, to prevent cheating in video games.

Difference between TPM 1.2 and 2.0

TPM 2.0 is a step forward from TPM 1.2, and while the two are comparable, TPM 2.0 is incompatible with TPM 1.2.

TPM 1.2 is a one size fits all specification, whereas TPM 2.0 has platform-specific specifications. That defines which part of the library is required and which one is optional.

SHA-1 and RSA are mandatory algorithms for TPM 1.2, whereas AES is optional. TPM 2.0 requires hashes to be SHA-1 and SHA-256.

In TPM 2.0, public-key cryptography and asymmetric digital signature generation and verification are performed using RSA and ECC using a Barreto-Naehrig 256-bit curve and a NIST P-256 curve.

TPM 2.0 uses HMAC and 128 bit AES symmetric key algorithms for digital signature generation.

The difference in algorithms is obvious, making TPM 2.0 a more secure option.

The TPM 1.2 and 2.0 offer the following crypto primitives:

  • Generation and verification of digital signatures
  • Mask generation function
  • Algorithm for public-key cryptography
  • Random number generation
  • Symmetric-key algorithms

TPM 2,0 is safer to use as it uses Direct Anonymous Attestation using Barreto Naehrig 256 bit curve.

As for TPM 1.2, it only has a storage hierarchy, whereas 2.0 has a platform, storage, and endorsement hierarchy.

TPM 1.2 only allows SRK RSA-2048 for root keys, but TPM 2.0 enables many keys and algorithms per hierarchy.

TPM 1.2 uses HMAC, PCR, locality, and physical presence for authorization. TPM 2.0 has the same authorization and password protection features.

TPM 1.2 only supports unstructured data in terms of NVRAM. TPM 2.0 supports unstructured data, as well as Counter, Bitmap, Extend, and PIN pass/fail.

TPM 2.0, as you can see, brings a slew of new features. And when it comes to data protection and encryption, it is a safer option.

Here’s a short rundown of the algorithms supported by TPM 1.2 and TPM 2.0.

Algorithm type: Name: TPM 1.2 TPM 2.0
Asymmetric RSA 1024 Yes Optional
RSA 2048 Yes Yes
ECC P256 No Yes
ECC BN256 No Yes
Symmetric AES 128 Optional Yes
AES 256 Optional Optional
Hash SHA-1 Yes Yes
SHA-2 256 No Yes
HMAC SHA-1 Yes Yes
SHA-2 256 No Yes

What makes TPM 2.0 superior to TPM 1.2?

TPM 1.2 only employs the insecure SHA-1 hashing algorithm, which is a concern. In 2014. And many organizations have started moving to SHA-256 in 2014.

In 2017, Microsoft and Google stopped supporting SHA-1-based certificate signing. TPM 2.0 also supports newer algorithms, which is worth noting. It will increase the performance of drive signing and key generation.

TPM 2.0 also provides a more consistent lock-out experience with Windows setup. TPM 1.2 differs depending on policy settings, which might constitute a security risk.

Certain features are only made available when using TPM 2.0. Following are the features:

  • Device Encryption
  • Windows Defender
  • System Guard
  • Autopilot
  • SecureBIO
  • Device Encryption
TPM 1.2 and TPM 2.0 both offer the following features:
TPM 1.2 TPM 2.0
Measured Boot
BitLocker
Device Encryption
Windows Defender Application Control
Windows Defender System Guard
Credential Guard
Device Health Attestation
Windows Hello
UEFI Secure Boot
TPM Platform Crypto Provider Key Storage Provider
Virtual Smart Card
Certificate storage
Autopilot
SecureBIO

Is TPM 2.0 required for Windows 11?

The Windows 11 hardware requirements indicated that Windows 11 will work with TPM 1.2 and TPM 2.0. And as stated above in our analysis the latter is a more safe option.

With a TPM 1.2 chip, an update to Windows 11 is possible, but not recommended, according to the documentation. Microsoft has revised its documentation, and the TMP 2.0 is now required for Windows 11.

This leads us to believe that TPM 2.0 is a Windows 11 requirement. Users using TMP 1.2 chips will also be unable to run Windows 11.

If you are tech-savvy, there is a way to install Windows 11 without TPM. And the great news is that some Windows 11 systems will function without TPM 2.0 chips.

Is TPM only for business users?

TPM was originally designed for business users, but it is now available for personal pcs as well.

Even though data encryption isn’t required for home users. But in case you want to keep your file safe, then TPM is a must to encrypt your files.

TPM is not required for all encryptions, but it adds a layer of security over hardware. Which makes it tougher for hackers to access your data.

TPM offers tamper security and ensures your encrypted data is safe from hackers. Even when they try to tamper with your hardware.

TPM is not simply for file encryption, and as a home user, you are using it without even recognizing it. If you are using Windows Hello, you are already utilizing a TPM.

TPM stores your passwords and PINs as well, even for home users. Finally, TPM has a feature that prevents bootloaders from infecting your system.

As a home user, you may still benefit from TPM even if you are not a business user or do not encrypt your data.

Wrapping up

With recently announced Windows 11 requirements, TPM 1.2 and 2.0 have their benefits. TPM chips will become a must-have, and if you don’t have one, you should consider getting one.

So, which TPM version is superior? TPM 2.0 is newer, more secure, and offers more security features; it also functions better with Windows. And so, we can conclude that TPM 2.0 is a better choice than TPM 1.2.

Related posts