The Trusted Platform Module (TPM) will lock itself to prevent tampering or attack; this is referred to as lockout. TPM lockout often lasts for a variable amount of time or until the computer is turned off. While the TPM is in lockout mode, it generally returns an error when it receives commands that require an authorization value. One exception is that the TPM always allows the owner at least one attempt to reset the TPM lockout when it is in lockout mode. If your TPM has entered lockout mode or is responding slowly to commands, we recommend resetting the lockout value. Resetting the TPM lockout requires the TPM owner authorization. TPM owner authorization is set when the administrator initially takes ownership of the TPM. The owner authorization password is hashed to create an owner authorization value, which is stored by the TPM. The administrator is encouraged to save the owner authorization hash value to a TPM owner password file ending with a .tpm extension that contains the owner authorization hash value within an XML structure. For security, the TPM owner password file does not contain the original owner password. TPM ownership is commonly taken the first time that BitLocker Drive Encryption is turned on for the computer. In this scenario, the TPM owner authorization password is saved along with the BitLocker recovery key. When the BitLocker recovery key is saved to a file, BitLocker also saves a TPM owner password file (.tpm) with the TPM owner password hash value. When the BitLocker recovery key is printed, the TPM owner password is printed at the same time. You can also save your TPM owner password hash value to Active Directory Domain Services (AD DS) if your organization's Group Policy settings are configured to do so.
Understanding TPM protection mechanisms
In some scenarios, encryption keys are protected by a TPM by requiring a valid authorization value to access the key. (A common example is BitLocker Drive Encryption configured to use the TPM + PIN key protector, where the user must type the correct PIN during the boot process to access the volume encryption key protected by the TPM.) To prevent malicious entities from discovering authorization values, TPMs implement protection logic. The protection logic is designed to slow or stop responses from the TPM if it detects that an entity might be trying to guess authorization values.
The industry standards from the Trusted Computing Group (TCG) organization specify that TPM manufacturers must implement some form of protection logic in TPM 1.2 chips. Different TPM manufacturers implement different protection mechanisms and behavior. The general guidance is for the TPM chip to take exponentially longer to respond if incorrect authorization values are sent to the TPM. Some TPM chips may not store failed attempts over time. Other TPM chips may store every failed attempt indefinitely. Therefore, some users may experience increasingly longer delays when mistyping an authorization value sent to the TPM, essentially preventing them from using the TPM for a period of time. Users may reset the protection mechanisms in the TPM by completing the following procedure.
The protection logic in the TPM also applies to the TPM owner authorization value. The industry standards specify that the user is allowed at least one attempt to reset the TPM lockout by using the owner authorization value, even when the TPM is locked out. If the wrong value is used when attempting to reset the TPM lockout, on subsequent attempts to enter the owner authorization value, the TPM may respond as if the correct value is incorrect or respond that the TPM is locked out.
|To reset the TPM lockout|
Open the TPM Management (tpm.msc) snap-in.
In the Action pane, click Reset TPM Lockout to start the Reset TPM Lockout wizard.
Choose the method for entering the TPM owner password:
- If you saved your TPM owner password to a
.tpm file, click I have the owner password file, and then
either type the path to the file or click Browse to navigate
to the file location.
- If you want to manually enter your TPM owner
password, click I want to enter the owner password, and then
type the password in the space provided. If you enabled BitLocker
and your TPM at the same time and chose to print your BitLocker
recovery password when you turned on BitLocker, your TPM owner
password may also have been printed on the same paper.
- If you saved your TPM owner password to a .tpm file, click I have the owner password file, and then either type the path to the file or click Browse to navigate to the file location.
Once the TPM owner password is authenticated, a dialog box confirming that the TPM lockout was reset is displayed.
Frequently Asked Questions (FAQ)
When should I reset the TPM lockout?
The most likely scenario is that during the boot process users will notice slow response times when using a key protector—which consists of the TPM and a PIN—and entering the incorrect PIN. The system may appear to freeze for a period of time before informing the user that the incorrect PIN was entered and that the TPM is locked out. When the TPM is locked out, it is also possible that the user will enter the correct PIN, but the TPM will respond as if the incorrect PIN was entered for a period of time. Similar behavior may occur for other applications that use the TPM with authorization values, but it is more likely only the application that is communicating with the TPM will be unresponsive if the operating system has already started. Because a TPM may indefinitely store all incorrect authorization attempts sent to it, users may want to proactively reset the TPM lockout if they often mistype authorization values such as the BitLocker PIN.
What behavior should I expect if the TPM protection logic is activated to protect authorization values?
The behavior of the hardware platform will vary depending on implementation choices made by the platform manufacturer. It is generally expected that hardware manufacturers will exponentially delay responses from the TPM chip. It is also possible that the TPM chip may be responsive but respond as if the correct authorization value is incorrect for a period of time. For more specific information about behavior, contact your platform manufacturer.
If the TPM is currently locked out when using BitLocker, there will be an opportunity during the boot process to either open the BitLocker recovery console or wait to reenter the PIN.
Once Windows has started, TPM Management will show the status of the TPM as currently locked out.
Any commands that involve authorization values or attempt to send the TPM owner password to the TPM will result in an error from the TPM while the TPM is locked out.
What should I do if I do not remember my TPM owner password?
It is possible that the TPM owner authorization hash value was saved to a file ending with a .tpm extension when the administrator originally took ownership of the TPM on your computer. Search your file system for a file ending with .tpm. If you printed your BitLocker recovery password, your TPM owner password may have been printed at the same time. If you cannot find your TPM owner password, you can clear the TPM and take ownership again. This should be done carefully because data encrypted with the TPM will be lost. If you are using BitLocker, make sure to suspend or turn off BitLocker before clearing the TPM. For more information about clearing your TPM, see Clear the TPM.
Is it important to keep my TPM owner authorization hash value secret?
Yes. If a malicious entity obtained your TPM owner authorization hash value, the entity could make several attempts to guess an encryption key authorization value (for example, the BitLocker PIN), use the TPM owner authorization hash value to reset the TPM lockout, and repeat indefinitely. Eventually it is likely that the authorization value could be discovered if the size was small.
How is the TPM owner password related to the TPM owner authorization hash value?
The TPM owner password is hashed by using SHA-1 and is base-64 encoded to create the TPM owner authorization hash value.