Self-Remediation via Okta
Engage end-users during auth to self-remediate issues
Security & Compliance Checks
Monitor your entire Linux, Mac, and Windows fleet
Device Inventory
Your fleet represented in thousands of data points
Implement Zero Trust Access
Prevent unsecure devices from accessing your apps
Achieve 100% Device Compliance
Measure, achieve, and maintain your compliance goals
Gain Fleet Visibility
Become "all knowing" across Linux, Mac, and Windows
Help / Docs Product Changelog App Security Company
From the blog

Blog

Contents

Changelog

New Device Inventory: TPM Chips

Jason Meller
July 6th, 2022

We are excited to introduce a new Device Property to Kolide’s data collection capabilities, TPM Chips.

You can read more about our TPM support in our new Inventory docs.

What is a TPM?

A TPM (or Trusted Platform Module) is a piece of hardware embedded into modern consumer and enterprise PCs shipped in the last few years. The TPM is used to power many of the advanced security features of the host operating system.

For example, if a TPM is available on Windows, it can be used to encrypt the disk of a Windows PC securely. Other Windows features enabled by a modern TPM include Credential Guard, Device Health Attestations, Windows Hello Passwordless Access, Virtual Smart Cards, and more.

Why Did Kolide Add TPM Visibility?

A modern TPM is a core requirement for upgrading to Windows 11. Knowing this, understanding the state of your device’s TPMs is essential. For example, you may want to find devices without a TPM or an older TPM that may not be as secure.

Kolide’s Inventory Docs now include example queries you may wish to run in our Reporting DB.

Unlike Apple’s Secure Enclave, which is essentially entirely abstracted from the end user’s experience, users can configure TPMs directly. This means administrative users can clear, deactivate, or even change the ownership of the built-in TPM chip using convenient UI-based tools built right into Windows. Kolide can enumerate the state of the TPM and help you locate TPMs that have been tampered with.

For TPMs that adhere to the 1.2 version of the spec, end users have a lot of hands-on control via the `tpm.msc` control panel.

End users have far fewer options for TPMs that adhere to version 2.0 of the spec.

How Does TPM Visibility Work?

Kolide’s agent takes advantage of osquery’s tpm_info table, which enumerates TPM information using the WMI class Win32_Tpm. Kolide parses this information to make it easier to query and stores it in Inventory and our Reporting DB feature.

Kolide parses the spec_info and breaks it into number-based fields to make it easier to compare versions.

Privacy Center and Data Collection

Like all of our device properties, we have included relevant information about TPMs in the Privacy Center. This includes:

  • The purpose of the collection
  • Privacy information
  • A representative data set of what information the device will return

We collect TPM info by default. If you don’t want to collect this data from your fleet, you can also take advantage of our new data collection opt-out feature.

We hope you enjoy this new addition to Inventory. As always, we encourage you to reach out to us for more suggestions, questions, and feedback. If there is something Kolide should be enumerating, we want to know about it!

Share this story:

More articles you
might enjoy:

Deep Dives
Windows 11 Security: What You Need to Know (22H2 Update)
Kolide
Changelog
New Inventory: Windows Defender and XProtect Reports
Kolide
Changelog
Introducing Deeper Integration With Your SSO Provider
Blaed Johnston
Watch a Demo
Zero Trust Access
Designed for Okta
Watch a Demo