So I'm getting round to preparing my PC for Windows 11, and I just have to activate TPM 2.0. I have found it in UEFI BIOS and went to activate it and this warning came up. Where can I find/set the firmware TPM key.
I'd rather know this before activating TPM, than get caught with my pants down at a later date.
The whole point of the TPM is that the encryption keys are securely stored on the device. There's nowhere you can "get them," and keys are set automatically.
What it looks like it's saying is that if you decide to use the optional BitLocker, the encryption keys will be stored in the TPM. If you were to replace your motherboard (or the TPM board, if it's a separate hardware device), you would only be able to recover your Windows drive if you had "the recovery key."
I've never bothered with BitLocker, but I would suspect that they'll generate a recovery key for you in the event you need to decrypt your device manually later on.
Ok thanks, so nothing for me to securely store. I'll proceed with the activation then.
Can confirm, if you enable bit locker, it'll force you into saving the recovery key!