How do I set a TPM PIN in UEFI? There seems to be no option

Our security guidelines require a TPM PIN to be set.

Under Security => I can set a Storage Password anda Master HDD Password but no TPM PIN.

Did I miss something?


On Windows you can enable this via a group policy. See for example.

1 Like

Thanks that what we did @fritzmg but I did not receive any popup in Windows asking for it.

So I thought this is a setting to be done in the UEFI - but it seems like I am wrong :slight_smile:

A bit strange though, isnt it? If you enable this after BitLocker has been activated, users have to console-do the whole thing? Hmmm

You’ll have to ask Microsoft :grin:

But they will probably want you to pay them to ask the question. :-1:

You don’t set a pin on the TPM itself, it’s by and large dumb.

What you usually do is use a pin to decrypt a blob of data using the TPM, hence Bitlocker being mentioned.

With Bitlocker, it defaults to an automatic decrypt mode, where it uses the TPM to validate a known, expected boot state, called measured boot.

You can add additional methods, or replace the automatic one, from the cmd line, and possibly by policy in Windows.