TPM 2.0 is a dedicated microchip on your motherboard or CPU that acts as a secure vault for cryptographic keys and sensitive data. It works independently from your main processor, meaning malware running on your system cannot easily access what's stored inside it.
The chip performs three core functions: it encrypts and stores encryption keys, measures whether your operating system and firmware have been tampered with, and generates random numbers for security protocols. Windows 11 mandates TPM 2.0 for installation, making it essential if you want to upgrade to that OS.
Why it matters for buyers: TPM 2.0 protects your passwords, BitLocker encryption keys, and Windows Hello biometric data. If your laptop is stolen, thieves cannot easily extract these credentials even if they remove the storage drive. It also enables features like Windows Hello facial recognition and passwordless sign-in.
Common misconceptions: TPM 2.0 is not a complete security solution on its own. It only protects keys and integrity data, not your files. You still need strong passwords, regular updates, and antivirus software. Some older machines lack TPM 2.0 entirely, which may prevent Windows 11 installation without workarounds.
What to check: If you are planning to buy a new laptop or desktop, verify TPM 2.0 is present, especially if Windows 11 compatibility matters to you. Check your device manager on Windows 10 systems under 'Security devices'. OEM specs will confirm its presence in new machines.