Trusted Platform Module
A Trusted Platform Module (TPM) is a specialized chip on a computer’s motherboard that enhances security by securely storing cryptographic keys used for encryption and decryption. TPMs can be implemented as discrete chips or integrated solutions within the main processor. DigiCert supports TPM–based key storage on systems where TPM is available.
The key features of TPM include:
Generate and remove keys
Generate signatures
Import and delete certificates
注記
Key export is not supported because TPM-generated keys are non-exportable.
When the TPM is available on your computer, the Trusted Platform Module token appears in the Dashboard and under the Token menu.
Prerequisites
Before you begin, ensure that the following requirements are met:
Requirement | Description |
|---|---|
Operating system | Windows 11 |
TPM | Version 2.0 |
DigiCert® Trust Assistant | Version 1.3.0 or later |
Enabling TPM
TPM settings are managed through the UEFI BIOS (PC firmware) and may vary depending on the device manufacturer. To enable the TPM from a Windows system, perform the following steps:
Open Windows Settings app.
Navigate to Update & Security > Recovery > Restart now.
On the next screen, select Troubleshoot > Advanced options > UEFI Firmware Settings > Restart to make the changes.
TPM settings are typically configured in the UEFI BIOS. Depending on the system manufacturer, these settings may be located under the following sub-menus:
Advanced
Security
Trusted Computing
The option to enable TPM may appear under different labels, such as:
Security Device
Security Device Support
TPM State
AMD fTPM switch
AMD PSP TPM
Intel PTT
Intel Platform Trust Technology
If you are unsure of how to modify these settings, refer to your PC manufacturer’s documentation or contact their support center. For more details, see PC manufacturer TPM support resources.
For common TPM-related questions and issues, see the FAQ.