How to Update and Clear TPM security processor firmware

If you have a TPM  enabled laptop or PC, and you are receiving a message in Windows Defender Security Center telling you that you need to update your security processor or TPM firmware, then you should update it on priority. In this guide, I will share how you can Clear TPM & Update TPM security processor firmware.

What is TPM in Windows 10

In case you do not know, TPM or Trusted Platform Module is a specialized chip on an endpoint device. It can store RSA encryption keys specific to the host system for hardware authentication. The TPM chip also holds an RSA key pair called the Endorsement Key. The pair is maintained inside the chip and cannot be accessed by software. In short, it can store crucial data including Fingerprints, Facial data, etc. in the chip, and it’s not easily accessible.

How to Update TPM security processor firmware

The update for TPM usually holds a patch for a security vulnerability which can impact operating system security. The update will address the vulnerability which you will need to download and install. It is also possible that firmware updates are sent by OEMs which are usually faster compared to Windows Update. 

Download & install Windows Updates

This is the best way to update your TPM. So in case you have set your update to manual mode,  check if you have an update and if it includes a security patch. In case of the automatic update, it will download and install. You will get an idea when you see a notification in Action Center asking you to restart your computer.

Here is a small warning. Do not apply TPM firmware update from OEMs before installing the Windows operating system update. Windows will be unable to determine if your system is affected.

Install Firmware updates by OEMs

Many OEMs including Microsoft offers Firmware Updates separately. If TPM firmware update was not included in Windows Update, you would have to manually download, and apply it. Below is the list of OEMs from where you can download the update. You can always check your manufacturer from here.

How to clear TPM

Once you have installed the firmware update either through the Windows Update or from the OEM website, you will also need to clear your TPM. This is important to make sure that the data is secured.

Before you go ahead, and follow the steps, make sure to backup your TPM data so that you can restore them later. Clearing your TPM will reset your security processor to its default settings. Also, it’s important that unless you own the PC, you should not do it at all. This may be needed if you see a message here – Reset your security processor to fix functionality issues.

Update and Clear TPM security processor firmware

To clear your TPM, follow the steps below:

Go to Start  > Settings  > Update & Security  > Windows Security > Device security. This will launch the Windows Defender Security Center.

Select Device Security again, and then under Security processor, select Security processor details.

On the next screen, select Security processor troubleshooting, and then under Clear TPM click on the Clear TPM button.

This will reset your security processor to its default settings.

Your device will need to restart before the process is complete.

Clear TPM using PowerShell

The Clear-Tpm cmdlet resets the Trusted Platform Module to its default state and removes the owner authorization value and any keys stored in the TPM.

Clear-Tpm

This command uses the owner authorization value stored in the registry instead of specifying a value or using a value in a file. You can read more on thia at docs.microsoft.com.

Hope this helps!

Posted by on , in Category Security with Tags
Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP Awardee in Windows (2006-16) & a Windows Insider MVP. Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.