How to Clear TPM in Windows 10/11 and why to do it.
In this guide, we will discuss how to Clear the TPM on Windows 10 and explain why and when to do so.
Trusted Platform Module (TPM) technology is used to provide hardware-based security for modern computers and laptops. A TPM Chip enhances computer security and is used by services such as BitLocker disk encryption and Windows Hello to generate and store cryptographic keys to protect your system and data from hacks or malware.
Starting from Windows 10 and Windows 11, the operating system automatically initializes and takes ownership of the TPM so you don't need to do anything extra about it. But because in some cases you may need to reset the TPM keys, this guide will give you instructions on how to do so.
Why and when to clean/reset the TPM keys?
Clearing the TPM involves resetting the security keys and deleting all the data stored on the TPM chip. Deleting the TPM keys should be done when you encounter problems with the TPM or when you want to perform a clean Windows installation.
Here are some reasons why you may need to clear the TPM:
- TPM troubleshooting: e.g. you receive the error "TPM is ready for use, with reduced functionality" in TPM Management console. (tpm.msc)
- Installation of a new operating system: Before installing a new operating system, TPM cleanup will ensure that the new operating system can fully use any necessary TPM-based functionality.
- Clean Installation/Computer Reset: When you want to perform a clean installation or resetting your PC to its factory settings, especially when you want to sell your PC to someone else.
- Authentication & Encryption issues: If you are experiencing authentication issues with Windows Hello or encryption problems in BitLocker, clearing the TPM can help resolve them.
How to Safely Clear TPM Keys without Data Loss on Windows 10/11.
Precautions (IMPORTANT):
Clearing the TPM chip restores it to a non-proprietary state by deleting the security keys, and forces the Windows operating system to automatically restart it and take ownership of it again. Before clearing the TMP by using the methods below please consider the following and apply the necessary precaution steps:
1. Before clearing the TPM, is suggested to Disable BitLocker Encryption* (aka "Device Encryption), and to re-enable the encryption after clearing the TPM. To turn off the device encryption:
- On Windows 11 Home: go to Start -> Settings -> Privacy & security -> Device encryption. If device encryption is enabled, set the switch to OFF and then wait until your device is decrypted.
- On Windows 11 Pro: go to Control Panel -> System and Security -> BitLocker Drive Encryption. Then, click Turn Off BitLocker to disable the encryption if its enabled.
2. Clearing the TMP chip can result in data loss, so before proceeding, backup any data that protected or encrypted by the TPM (e.g. with BitLocker), to an external storage device (e.g. a USB Hard Drive).
3. If you sign-in to Windows using a PIN, you'll asked to reset your PIN after resetting the TPM using your account's password. If you haven't already specify a password for your account as an alternative Sign-in method, then you'll not be able to log to your computer. To avoid this, proceed and specify a password for your account before clearing the TPM, in Start -> Settings -> Accounts –> Sign-in options.
3. Don't clear the TPM on a device you don't own, such as a work or school PC, without being instructed to do so by your IT administrator
4. Always clear the TPM from within the operating system (e.g. by using the "tpm.msc" console), and not directly from UEFI.
5. Because your TPM security hardware is a physical part of your computer, before clearing the TPM, you might want to read the manuals or instructions that came with your computer, or search the manufacturer's website.
Method 1: Clear TPM keys using TPM Management Console.
The first way to reset the TPM keys, is by using the Trusted Platform Module Management Console (aka "tpm.msc"). TO do that:
1. Press Windows + R keys to open the run command box.
2. In the run command box, type: tpm.msc and hit Enter or click "OK" to open the Trusted Platform Module Management console.
Â
3. In the TPM Management console, click "Clear TPM…" on the "Actions" menu.*
* Important: If you use a PIN to log into Windows, then after clearing the TPM keys, you'll be prompted to set up a new PIN. To be able to set up your new PIN and log in to your computer, you'll need to know your account password. If you haven't set an account password  you won't be able to sign in to your device.
4. Choose "Restart," and then follow the on-screen instructions to complete the process. *
* Note: During the restart, you might be prompted by the UEFI to press a button to confirm that you want to clear the TPM.
5. After restart, you'll be asked to setup a new PIN. Type your account password and type the new PIN.
Method 2: Clean TPM from Windows Defender Security Center.
The second method to reset the TMP is through the Windows Security options.
1. On search box, type "Device Security" and then click to open the "Device Security" app.
Â
2. Click on "Security processor details" under "Security Processor".
3. Then click Security processor troubleshooting.
4. Now, in the "Clear TPM" section, click on Select and choose any of the reasons to clear the TPM. Then click the "Clear TPM" button below.*
* Important: If you use a PIN to log into Windows, then after clearing the TPM keys, you'll be prompted to set up a new PIN. To be able to set up your new PIN and log in to your computer, you'll need to know your account password. If you haven't set an account password  you won't be able to sign in to your device.
5. Finally, click Clear and Restart, and follow the steps on the screen to finish the process.*
* Note: During the restart, you might be prompted by the UEFI to press a button to confirm that you wish to clear the TPM.
6. When your computer restarts, Windows will automatically re-initialize the TPM and take ownership of it.
Method 3: Clear TPM through PowerShell. *
* Important: If you use a PIN to log into Windows, then after clearing the TPM keys, you'll be prompted to set up a new PIN. To be able to set up your new PIN and log in to your computer, you'll need to know your account password. If you haven't set an account password  you won't be able to sign in to your device.
To clean the TPM keys, using PowerShell (aka "Terminal")
1. On search box, type "powershell" or "terminal"
2. Click on Run as Administrator at Windows PowerShell app.
2. Enter the following cmdlet "clear-tpm" in PowerShell and then restart to clear the TPM. *
* Note: The above command ("clear-tpm") resets the TPM by using the owner authorization value stored in the registry instead of specifying a value or using a value in a file. If you face an error after running the above command try one of the other methods or use the following command:
-
Initialize-Tpm -AllowClear $true
That's it! Which method worked for you?
Let me know if this guide has helped you by leaving your comment about your experience. Please like and share this guide to help others.
We're hiring
We're looking for part-time or full-time technical writers to join our team! It's about a remote position that qualified tech writers from anywhere in the world can apply. Click here for more details.
- How to Easy Update to Windows 11 23H2 on Unsupported Hardware. - November 29, 2023
- How to Record in a PowerPoint presentation Audio & Video. - November 27, 2023
- How to fix: Microsoft Edge won't open, hangs, unresponsive, etc.. - November 22, 2023