How to Keep Your Computer Secure with TPM 2.0 and Secure Boot
If you’re using Windows 10 on your computer, you can help keep it secure by using two features together: Trusted Platform Module (TPM) 2.0 and Secure Boot. TPM 2.0 uses hardware encryption to help protect your computer from outside threats, while Secure Boot helps protect against malware or viruses before they can take over your computer. In this article, we’ll show you how to get these features up and running in Windows 10 so that you can enjoy peace of mind when you use your computer!
What is TPM 2.0
TPM 2.0 is a security standard that defines how cryptographic keys can be securely stored on a computer. One of the key benefits of TPM 2.0 is that it allows for the secure boot process, which helps ensure that your computer only boots up using trusted software. Here’s how you can enable TPM 2.0 and Secure Boot on your Windows 10 computer
What is Secure Boot
Secure Boot is a security feature that helps ensure that your computer boots using only software that is trusted by the PC manufacturer. When Secure Boot is enabled, the computer checks for a digital signature from each piece of boot software, including firmware images, drivers, and operating system loaders. If any of these components are missing or have been tampered with, the boot process will be halted. This helps prevent malicious code from running on your PC and keeps your data safe.
What is Unified Extensible Firmware Interface (UEFI)
Unified Extensible Firmware Interface (UEFI) is a specification that defines a software interface between an operating system and platform firmware. UEFI replaces the legacy Basic Input/Output System (BIOS) firmware interface originally present in all IBM PC-compatible personal computers. In practice, most new PCs shipping today have UEFI firmware installed.
Turning on UEFI
In order to take advantage of TPM 2.0 and Secure Boot, you’ll need to make sure your computer’s BIOS is set to use UEFI mode. Here’s how to change the BIOS settings in Windows 10: From the Start menu, search for Edit the boot options or BIOS setup. Press Enter on either option. Select Boot and then choose UEFI Firmware Settings. Scroll down until you see an option that says Windows Boot Manager. Select it and click the button labeled Change Setting. Choose the UEFI firmware version from the list (if available) and press enter. Click OK when done.
Turning on both features
By turning on both the TPM 2.0 and Secure Boot features in Windows 10, you can help keep your
computer more secure from malicious software and attacks. Here’s how to turn on both features
- Open Settings by clicking the gear icon in the Start menu or pressing Windows+I on your keyboard.
- Select Update & Security and then select Windows Update.
- Click Check for Updates. Windows will now check for updates, including security updates that may be required for some of these settings to work properly.
Enabling BitLocker
BitLocker is a feature of Windows 10 that lets you encrypt your hard drive to protect your data from hackers and thieves. To enable BitLocker, you’ll need to go to the Control Panel and find the BitLocker settings. Once you’ve enabled BitLocker, you can choose to encrypt your entire hard drive or just specific files and folders. You’ll also need to set a password that will be required every time you boot up your computer.
Enabling BitLocker To Go
If you’re using BitLocker To Go to encrypt your portable data, you’ll need to enable it in the BIOS first. Here’s how go to ‘BIOS setup’ -> ‘Security’ -> ‘BitLocker Drive Encryption.’ From there, simply check the box next to Require additional authentication at startup before saving your changes.
Enabling SmartScreen Filter for better internet security
Windows 10 has a security feature called SmartScreen Filter that helps protect your computer from malicious websites and downloads. When you enable SmartScreen Filter, it checks the websites you visit and the files you download against a list of known malicious sites and programs. If it finds a match, it will warn you and block the site or file.