Group Policy for TPM 1.2 and 2.0

Posted by robd on January 23, 2019
Encyrption

We have two GPO’s one for TPM 1.2 and one for TPM 2.0, the reason being is TPM 1.2 is not compataible with 256 encryption.

 

Here’s a handy table Dell have produced:

https://www.dell.com/support/article/us/en/04/sln312590/tpm-12-vs-20-features?lang=en

Algorithm Type Algorithm Name TPM 1.2 TPM 2.0
Asymmetric RSA 1024 Yes Optional
RSA 2048 Yes Yes
ECC P256 No Yes
ECC BN256 No Yes
Symmetric AES 128 Optional Yes
AES 256 Optional Optional
Hash SHA-1 Yes Yes
SHA-2 256 No Yes
HMAC SHA-1 Yes Yes
SHA-2 256 No Yes

 

We then use WMI filtering to distinguish TPM 1.2 from 2.0.

 

The TPM 1.2 WMI filter:

Namespace:

Query:

 

The TPM 2.0 WMI filter:

Namespace:

Query:

 

Tags: , ,

Leave a Reply

Your e-mail address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Copy Protected by Chetan's WP-Copyprotect.