Information collected, processed or transmitted
TPM Services include TPM initialization functionality to help you turn on and create an owner for the TPM. As part of the initialization process, you are asked to create a TPM owner password. To use your computer's TPM, you must create a TPM owner password. The TPM owner password helps ensure that only you have access to the administrative functions of the TPM. Saving the TPM owner password allows you to easily manage access to the TPM.
The TPM Initialization Wizard allows you to print your TPM owner password or save it to a file on a USB flash drive. A saved file contains authorization information for the TPM owner that is derived from the TPM owner password. The file also contains the computer name, operating system version, creation user, and creation date information to assist you in recognizing the file. In an enterprise, administrators can configure Group Policy to automatically save this TPM owner information to Active Directory Domain Services.
Each TPM has a unique cryptographic "endorsement key" that it uses to indicate its authenticity. The endorsement key may be created and stored in the TPM by your computer's manufacturer, or Windows may need to create it as part of the TPM initialization process. Once Windows creates the endorsement key, it cannot be reset.
Once the TPM is initialized, applications can use the TPM to create and help secure additional unique cryptographic keys. For example, BitLocker Drive Encryption uses the TPM to help protect the key that encrypts the hard drive.
|
