However, it also allows remote attestation (authorized parties can see when you make certain changes to your computer) and may restrict the kinds of software your machine is allowed to run.
An updated and enabled TPM is a strong preventative against firmware attacks, which have risen steadily and drawn Microsoft's attention. TPMs are controversial among security specialists and governments. TPM 2.0 is the most recent version required. Previously, Microsoft required original equipment manufacturers of all models built to run Windows 10 to ensure that the machines were TPM 1.2-capable. A TPM has been a mandatory piece of tech on Windows machines since 2016, so machines older than this may not have the necessary hardware or firmware. Some TPMs are virtual or firmware varieties but, as a chip, a TPM is attached to your motherboard during the build and designed to enhance hardware security during computer startup. TPM microchips are small devices known as secure cryptoprocessors.
