The Trusted Platform Module (TPM) is a hardware component located on the motherboard that securely stores cryptographic keys, typically utilized for digital rights management (DRM) purposes. Its primary function is to protect data such as encryption keys, user credentials, and certificates.
In recent versions of the Windows operating system, such as Windows 10 and 11, Microsoft has implemented automatic initialization and ownership of the TPM chip. Due to this, it is not recommended to modify the TPM settings using the TPM Management Utility.
However, if you intend to sell your computer or reset the TPM to its default state, clearing the TPM is necessary. By doing so, all stored keys and data protected by those keys will be lost.
Before Clearing the TPM
- Ensure that you have prepared a backup for the data that can be affected by TPM encryption. Clearing out TPM will reset the keys that are related to TPM and also erase the data protected by those keys.
- Use the Windows Security application for clearing out the TPM. Clearing the TPM directly from the UEFI can have negative consequences.
- Only clear the TPM on the devices that you own. Reset the TPM on the computers from your workplace or school PC only after the instructions from the IT administrator.
- Follow the instruction manuals of your computer or search over the manufacturer’s website before you clear out the TPM. As the TPM security hardware is a crucial physical component of the system, you need to properly follow the process for resetting the TPM.
From the Windows Security Application
Windows security application provides options to manage the security configurations such as Core isolation, secure boot, and also TPM. Microsoft recommends using this utility to clear out the TPM on Windows devices.
- Press Windows Key + R to open Run.
- Type
windowsdefender:, and hit enter. This will open the Windows security application.
- Go to the Device security section.
- Click on the Security processor details under the Security Processor.
- Click on Security processor troubleshooting.
- Click on the Clear TPM button.
- Your computer will restart to finish the process.
From the TPM Management Utility
Windows 10 and 11 have a Management utility that lets you get the status of the TPM and also helps you manage the device. You can clear the TPM ownership and revert it to factory default from this application.
- Press Windows Key + R, type
tpm.msc, and hit enter.
- Under the Actions panel on the right side of the TPM Management Window, click on Clear TPM.
- The system will restart to finish the TPM reset process. You also might need to give the confirmation to clear the TPM.
From the BIOS
The settings of the TPM and other security layers on the Windows layers can be configured using the BIOS. You can change the TPM status and even reset the TPM from the BIOS.
- Restart the computer and boot into the BIOS menu by pressing the dedicated key.
- Go to the Peripherals section.
- Navigate to the Peripheral operation and press enter.
- Select the TPM clear option.
Note: The location of the TPM configurations on the BIOS can vary with the manufacturer. On some BIOS the TPM option can be found in the Security section.
Using PowerShell
You can use cmdlets on PowerShell to reset the TPM on Windows.
- Press Windows Key + R, type
powershell, and hit enter. - Type
Clear-Tpm
- This command will reset the keys stored in the TPM and the authorization value.
