How to Safely Reset or Clear TPM Without Losing Data on Windows 10/11.
The Trusted Platform Module (TPM) is a critical hardware component designed to enhance the security and integrity of computing devices. In Windows 10 and 11, the TPM is automatically initialized by the operating system and is primarily used to store encryption keys for BitLocker, a technology that encrypts and protects your computer's data. Typically, there is no need to clear TPM keys or reset the TPM to factory default settings. However, certain scenarios may necessitate this action, such as when Windows fails to initialize the TPM, when authentication issues arise, or when performing a clean installation of the operating system.
How to Reset/Clear TPM Keys Without Losing Your Data on Windows 11/10
Important: Clearing TPM keys, also known as resetting the TPM, can result in data loss. Therefore, it is crucial to follow the steps below meticulously to prevent data loss.
Step 1. Disable Encryption on Windows
Since the TPM stores all encryption keys used by BitLocker to protect your data, the first step is to disable device encryption to avoid losing data and access to your device after clearing the TPM.
Windows 10/11 Home:
- Search for "device encryption settings" and open the Device encryption settings.
- Depending on the Device Encryption status:
- If Device Encryption is OFF, skip to Step 2.
- If Device Encryption is ON, toggle the switch to OFF to disable encryption, then click Turn off when prompted. Wait for the decryption process to complete before proceeding to Step 2.
Windows 10/11 Pro & Enterprise:
- Type "manage bitlocker" in the search bar and click Manage BitLocker.
- On the 'BitLocker Drive Encryption' screen, check if BitLocker is On on the operating system drive. If so, click Turn off BitLocker and wait for the decryption to complete before proceeding to Step 2.
Step 2. Back Up Your Data (Precautionary Step)
IMPORTANT: Before clearing the TPM keys, it is advisable to back up all important personal folders and files to an external USB drive.
Typically, important files are stored in the following folders under C:\Users\<YOURUSERNAME>\:
- Desktop, Documents, Downloads, Music, Pictures, Videos.
Copy these folders to a USB drive, along with any other necessary files, before proceeding to reset the TPM.
Step 3. Specify a Password in Sign-in Options
If you sign in to Windows using a PIN, clearing the TPM keys will erase your PIN information, making it impossible to sign in using your PIN. To prevent this, set a password as an alternative sign-in method:
- Go to Start > Settings > Accounts > Sign-in options.
- Under Ways to sign in, click Password, then click Add to specify a password.
Step 4. Clear TPM Keys (Reset TPM)
After disabling encryption and backing up your data, proceed to clear the TPM using one of the methods below. Note: Microsoft recommends clearing TPM keys only from within Windows.
- Clear TPM from Windows Security.
- Clear TPM from TPM Management Console.
- Clear TPM from PowerShell.
- Clear TPM from BIOS Settings.
Method 1. Reset TPM Keys from Windows Security
The first method to delete TPM keys is through Windows Security settings.
- Type windows security in the search bar and open the Windows Security app.
- Select Device security on the left, then click Security processor details on the right.
- Click Security processor troubleshooting.
- Under Clear TPM, click the Select button, choose a reason to reset the TPM, then click Clear TPM.
- Read the information message carefully, then click Clear and restart.
- During the restart, you may be prompted by the UEFI to press a key to confirm clearing the TPM. Press the corresponding key to continue.
- Allow your computer to boot to Windows and set up a new PIN if prompted, using your account password.
Method 2. Clear TPM from TPM Management Console
- Press Windows + R to open the Run command box.
- Type
tpm.mscand press Enter to open the TPM Management Console. - In TPM Management, click Clear TPM in the Actions pane.
- Read the information message and click Restart to confirm.
- During the restart, you may be prompted by the UEFI to press a key to confirm clearing the TPM. Press the corresponding key to continue.
- Allow your computer to boot to Windows and set up a new PIN if prompted, using your account password.
Method 3. Clear TPM Keys from Terminal (PowerShell)
- Type powershell or terminal in the search box and click Run as administrator.
- Enter the command
Clear-Tpmand press Enter to reset the TPM. - Restart your computer to apply the change.
- During the restart, you may be prompted by the UEFI to press a key to confirm clearing the TPM. Press the corresponding key to continue.
- Allow your computer to boot to Windows and set up a new PIN if prompted, using your account password.
Method 4. Reset TPM to Default Values from BIOS Settings
If you cannot clear the TPM module from within Windows, proceed to reset it in BIOS settings:
- Shutdown your computer.
- Power on your computer and press the corresponding key (e.g., Del, F2, F10) to enter BIOS Setup Utility.
- In BIOS setup, ensure Secure Boot is Enabled.
- Navigate to the Security settings page and ensure a TPM Device is Available and the TPM State is Enabled.
- To clear the TPM keys:
- Select Clear TPM and press Enter, then Yes to reset the TPM.
- Alternatively, select Restore Security settings to Factory Defaults and press Enter.
- Save and exit BIOS setup.
- After the restart, you may be prompted to accept the change by pressing a key. Press the key to reset the TPM and clear all security keys.
- Allow your computer to boot to Windows, and you're done!
Additional Method: Enter in UEFI Settings & Reset TPM via Windows Recovery Environment
If the above methods fail, you can attempt to reset the TPM via the Windows Recovery Environment:
- Restart your computer and boot into the Windows Recovery Environment by holding Shift while clicking Restart.
- Navigate to Troubleshoot > Advanced options > UEFI Firmware Settings.
- Once in the UEFI settings, follow the BIOS method steps to clear the TPM.
Summary
Resetting or clearing the TPM without losing data involves several precautionary steps, including disabling encryption, backing up data, and setting a password for sign-in. The TPM can be cleared using Windows Security, the TPM Management Console, PowerShell, BIOS settings, or the Windows Recovery Environment. Following these steps ensures a secure reset of the TPM without compromising data integrity.
If you have any questions or feedback, please leave a comment below or share this guide to help others.
Frequently Asked Questions
What is a Trusted Platform Module (TPM)?
TPM, or Trusted Platform Module, is a hardware device used to enhance the security and integrity of computing devices. It is often used to store encryption keys, such as those for BitLocker in Windows 10/11.
Do I need to clear or reset TPM when using Windows 10/11?
Typically, there is no need to clear or reset TPM as it is automatically initialized by the operating system. However, you may need to clear it if you encounter authentication problems or are performing a clean installation of the operating system.
How can I disable BitLocker on Windows 10/11 before clearing TPM?
For Windows 10/11 Home, search for 'device encryption settings' to check if encryption is on and turn it off. For Windows 10/11 Pro and Enterprise, search for 'manage bitlocker' and turn off BitLocker if it's enabled on the operating system drive.
Why should I back up my data before clearing TPM?
Clearing TPM keys can cause data loss. Before clearing TPM, it's advisable to back up important files and folders to an external USB drive to prevent loss of critical data.
