If you have a question – Can I check TPM status from command line during OSD ?. The answer is yes. You can find a lot about TPM status by running a simple command. We will jump onto that but let’s see a bit about TPM.
It is quite some time ago, I had shared a post on enabling BitLocker on Windows 10 without TPM. BitLocker is an encryption feature available in Windows 10 Professional and Enterprise editions. However, it requires a Trusted Platform Module (TPM) on the system. Furthermore, BitLocker provides the best security when used with TPM.
What is Trusted Platform Module
As per Microsoft “A Trusted Platform Module (TPM) is a microchip designed to provide basic security-related functions, primarily involving encryption keys. The TPM comes installed on motherboard of a computer, and it communicates to the system by using a hardware bus”. You can read more about TPM fundamentals here.
Check TPM Status from the Command Line
Coming to the actual topic, some organizations require TPM to be enabled and activated before you image the machine. The TS halts if TPM isn’t enabled (that’s the way the TS is configured). The task sequence checks the TPM status and halts if it is not activated. For example, I had covered an issue about BitLocker Error Configuration change was requested to disable TPM.
To Check TPM Status from Command Line
- Press F8 key while you are in WinPE phase.
- Enter the below command to get the TPM status.
wmic /namespace:\\root\CIMV2\Security\MicrosoftTpm path Win32_Tpm get /value
To find out if TPM on a computer is Enabled, Activated and Owned, enter the below commands.
wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get IsEnabled_InitialValue wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get IsActivated_InitialValue wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get IsOwned
Here is what you see as output when you enter the above command.
From the above screenshot we see several options in the output. We see Manufacturer ID, version. In addition to that, we see the TPM version and SpecVersion. The TPM version is either 1.2 or 2.0. Most of all, the first three lines of output mean a lot.