Windows 11 makes TPM Diagnostics tool its first optional feature


Windows 11 features a brand-new optional feature called ‘TPM Diagnostics’ that enables managers to quiz the information kept on a gadget’s TPM safety and security cpu.

When it pertains to Windows 11, Microsoft is putting all its bank on the TPM 2.0 safety and security cpu as a demand for the OS to power several of its safety and security attributes.

“PCs of the future need this modern hardware root-of-trust to help protect from both common and sophisticated attacks like ransomware and more sophisticated attacks from nation-states. Requiring the TPM 2.0 elevates the standard for hardware security by requiring that built-in root-of-trust,” describes Microsoft in a brand-new blog post.

“TPM 2.0 is a critical building block for providing security with Windows Hello and BitLocker to help customers better protect their identities and data. In addition, for many enterprise customers, TPMs help facilitate Zero Trust security by providing a secure element for attesting to the health of devices.”

A TPM is an equipment safety and security cpu that is made use of to firmly “protect encryption keys, user credentials, and other sensitive data behind a hardware barrier so that malware and attackers can’t access or tamper with that data.”

While this seems like a vital gadget, several individuals with older computer systems that run Windows 10 completely are distressed as they are currently being pushed into buying brand-new equipment if they wish to update to Windows 11.

While Microsoft has actually gotten significant pushback as a result of this brand-new demand, a brand-new optional feature demonstrates how severe they have to do with TPM safety and security cpus as well as their usage on Windows 11.

Windows 11 consists of a brand-new TPM Diagnostics tool

Microsoft’s financial investment in using TPM cpus displays in an all new Windows 11 command-line tool called “TPM Diagnostics” that enables managers to quiz a TPM for kept info.

New TPM Diagnostics option Windows 11 feature
New TPM Diagnostics choice Windows 11 feature

When mounted, there will certainly be a brand-new ‘tpmdiagnostics.exe’ executable situated in the C: Windows System32 folder that enables you to quiz different info from your mounted TPM.

While Microsoft currently consists of a Trusted Platform Module Management console (tpm.msc), it just supplies a percentage of info as well as the capacity to remove the TPM.

The TPmDiagnostics exe tool enables accessibility to far more substantial info, consisting of Windows Attestation Identity Keys, Endorsement Key certificates, others secrets kept in the TPM, boot counters, info concerning what jobs are running, info concerning the TPM, as well as far more.

As I just have Windows 11 set up in a digital equipment which does not have TPM abilities, I evaluated the program by duplicating the documents to a Windows 10 box that has a TPM 2.0 component mounted.

The TpmDiagnostics exe program just seems offered to Windows 10 Pro individuals as well as must be ranged from an Elevated Command Prompt, as well as when implemented on its own will certainly detail an aid data of offered commands.

For instance, the command TpmDiagnostics exe GetCapabilities will certainly detail the abilities as well as setups of the mounted TPM cpu, as revealed listed below.

Listing the capabilities of the installed TPM processor
Listing the abilities of the mounted TPM cpu

In enhancement to inquiring kept secrets as well as various other info, you can additionally utilize the TPM to do encoding/decoding of Base64, Hexadecimal, as well as Binary documents.

Decoding a Base64 encoded file
Decoding a Base64 inscribed data

Unless you recognize what information is being kept in your TPM, I do not suggest tinkering it way too much to stay clear of mistakenly getting rid of the secrets required for the procedure of your gadget.

However, the Microsoft Trusted Platform (TPM) documentation as well as the brand-new TpmDiagnostics exe tool can offer a wide range of info concerning the hidden safety and security technicians of Windows 11.

The full listing of commands offered in the tpmdiagnostics.exe tool are:

 tpmdiagnostics: A tool for Windows 10 develop 22000
Copyright (c)Microsoft Corporation All legal rights booked.

PublishHelp (/ h -h ).
Prompt OnExit (- x/ x ).
Use ECC (- ecc/ ecc ).
Use Aes256 (- aes256/ aes256 ).
QuietPrint (- q/ q ).
PrintVerbosely (- v/ v ).

Use the 'aid' command to obtain even more info concerning a command.

TpmIn fo:.
GetLockoutIn fo.
Platform Type.
GetDeviceIn development.
IfxRsaKey genVulnerability.
GatherLogs[full directory path]
IsReadyIn development.

Pro visionTpm[force clear] [allow PPI prompt]

TpmPro visioning:.
CanUse LockoutPolicyClear.

CarPro visioning:.
IsAutoPro visioningEnabled.
EnableAutoPro visioning.
DisableAutoPro visioning[-o]

EkIn fo.
GetEkCertFromWeb[-ecc] [cert file]
GetEkCertFromNVR[-ecc] [cert file]
GetEkCertFromReg[-ecc] [ output file ]
GetEk[-ecc] [key file]
In stallEkCertFromWeb.
In stallEkCertFromNVR.
In stallEkCertThroughCorePro v.

Windows AIK:.
In delayWindows AIK[-skipCert]
WinAikPersistedIn Tpm.
UninstallWindows AIKCert.
ObtainWindows AIKCert[cert file]
IsWindows AIKIn delayedIn NCrypt.
EnlistWindows AIKCert.
ObtainWindows AIKPlatform Claim["fresh"] [output file]

Various OtherKeys:.
PrintPublicIn fo[ srk / aik / ek / handle ] [-asBcryptBlob / -RsaKeyBitsOnly / -RsaSymKeyBitsOnly] [-ecc]
TestParms[ SYMCIPHER | RSA ] [ algorithm specific arguments ]

EnumNVIn dexes.
SpecifyIn dex[index] [size] [attribute flags]
UndefineIn dex[index]
ReadNVIn dexPublic[index]
WriteNVIn dex[index] [data in hex format | -file filename]
ReadNVIn dex[index]



GetPPVersionIn fo.

TPMCommands AndResponses:.
Command Code[hex command code]
ResponseCode [hex response code]

	For matTrace[etl file] [output json file]

DescribeMle [MLE Binary File]

Help [command name]
DecodeBase64File [file to decode from base 64]
EncodeToBase64File [file to encode]
ReadFileAs Hex[file to read]
ConvertBinToHex[file to read] [file to write to]
ConvertHexToBin[file to read] [file to write to]
	Hash [hex bytes or raw value to hash]

Comments are closed.

buy levitra buy levitra online