Windows 11
Credit: Microsoft
Microsoft has released a new TPM verification tool for Windows 11 24H2 called the Attestation Readiness Verifier Tool. It helps users identify compatibility, security, and reliability issues at the hardware and firmware levels.
The tool shows information in the Event Viewer to help users check their TPM attestation status. It displays three health states: Attestable, Possibly attestable, and Not attestable. These states are logged in the Event Viewer each time the computer boots up or wakes up from sleep, as reported by Neowin.
An Attestable state means all checks have passed, and attestation will likely report an accurate state.
A possibly attestable state was found that a platform configuration register (PCR) issue was detected during boot. In this case, Microsoft recommends restarting the machine or contacting the device or UEFI vendor if the issue persists.
A Not attestable state means a critical check has failed, indicating the device booted in an unhealthy state.
This announcement comes as Microsoft removed a Windows 11 24H2 compatibility block, making the update available to previously affected users. The company has also added "enhanced" hardware-backed attestation for Windows 11 on Intune. This includes five additional hardware attestation settings specific to Windows 11, using new platform security features like Memory Integrity and Access Protection, firmware protection, virtualization-based security, and Early Launch Antimalware protection.
TPM attestation ensures TPM authenticity by verifying that the corresponding RSA keys are trusted by the certificate authority. This is very similar to how UEFI Secure Boot checks for secure bootloaders, but it focuses on the TPM itself.
Microsoft has published a detailed guide about the new tool in its announcement blog post.
Tagged In
Microsoft Windows 11