So I'm getting round to preparing my PC for Windows 11, and I just have to activate TPM 2.0. I have found it in UEFI BIOS and went to activate it and this warning came up. Where can I find/set the firmware TPM key.
I'd rather know this before activating TPM, than get caught with my pants down at a later date.
The whole point of the TPM is that the encryption keys are securely stored on the device. There's nowhere you can "get them," and keys are set automatically.
What it looks like it's saying is that if you decide to use the optional BitLocker, the encryption keys will be stored in the TPM. If you were to replace your motherboard (or the TPM board, if it's a separate hardware device), you would only be able to recover your Windows drive if you had "the recovery key."
I've never bothered with BitLocker, but I would suspect that they'll generate a recovery key for you in the event you need to decrypt your device manually later on.
Ok thanks, so nothing for me to securely store. I'll proceed with the activation then.
If it's any consolation, I have an AMD processor with an fTPM (their version of TPM on the CPU), and I didn't have any issues upgrading to Win 11 Pro. BitLocker is optional, so if you don't plan to encrypt your drive, I wouldn't worry about it.
Most likely, they're just covering their asses in the event somebody upgrades their hardware and gets locked out of their boot drive.
Thanks, thought it may just be a arse covering clause
Can confirm, if you enable bit locker, it'll force you into saving the recovery key!