How to Install TPM Diagnostics Tool in Windows 11

|

|

The article provides a guide to installing or uninstalling the Trusted Platform Module (TPM) Diagnostics tool on Windows 11. The TPM technology offers hardware-based security functions, while the TPM Diagnostics tool gathers data on your device’s TPM chip capabilities. Installation and uninstallation can be done via the Settings app or Command Prompt, but require administrator…

This article describes the steps to install or uninstall the Trusted Platform Module (TPM) Diagnostics tool in Windows 11.

TPM technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure cryptoprocessor that helps you generate, store, and limit the use of cryptographic keys.

The TPM Diagnostics tool is an optional feature in Windows that allows you to gather and collect your device’s TPM chip capabilities.

The tool doesn’t do much but provides you with diagnostic information about the TPM chip installed on your computer.

You must be an administrator to install or uninstall the tool in Windows 11.

How to install or uninstall the TPM Diagnostics tool using the Settings app

As described above, the TPM Diagnostics tool is an optional feature in Windows that allows you to gather and collect your device’s TPM capabilities.

Here’s how to install it in Windows 11

Click on the Start menu button and click Settings to open the Windows Settings app. You can also use a keyboard shortcut (Windows key + I) to launch the Settings app.

windows 11 new settings button
windows 11 new settings button

When the Settings app opens, click the Apps button on the left.

windows 11 settings apps on menu
Windows 11 settings apps on the menu

On the right, click on the Optional features tile to expand.

windows 11 optional features tile
Windows 11 optional features tile

On the Apps -> Optional features settings pane, click on the “Add an optional feature” (View features) button.

windows 11 optional features view features button
Windows 11 optional features view features button

On the Apps -> Optional features -> View feature window, under Add an optional feature, use the search box to search for TPM.

Under Sort by Name, check the box next to TPM Diagnostics, then click Next to install.

windows 11 add an optional feature window
Windows 11 add an optional feature window.

In the next window, click the Install button to install the app.

windows 11 add an optional feature install button
Windows 11 add an optional feature install button.

To uninstall, reverse the steps above, and uncheck the box for the TPM Diagnostics app.

Install the TPM Diagnostics app via the Command Prompt

Alternatively, users can install the TPM Diagnostics app using the Command Prompt.

To do that, launch the Command Prompts as an administrator. When the Command Prompt app opens, run the commands below to install the TPM Diagnostics app.

DISM /Online /Add-Capability /CapabilityName:Tpm.TpmDiagnostics~~~~0.0.1.0​

If you want to uninstall, run the commands below.

DISM /Online /Remove-Capability /CapabilityName:Tpm.TpmDiagnostics~~~~0.0.1.0

With the app installed, you can run the TPM Diagnostics tool commands below to view details of the TPM chip on your machine.

TpmDiagnostics.exe GetCapabilities

Simply typing the TpmDiagnostics.exe command will provide help on how to use it.

TpmDiagnostics.exe : A tool for Windows 10 build 22000
Copyright (c) Microsoft Corporation. All rights reserved.

Flags:
        PrintHelp ( /h -h )
        PromptOnExit ( -x /x )
        UseECC ( -ecc /ecc )
        UseAes256 ( -aes256 /aes256 )
        QuietPrint ( -q /q )
        PrintVerbosely ( -v /v )

Use the 'help' command to get more information about a command.
Commands:

TpmInfo:
        GetLockoutInfo
        IsOwned
        PlatformType
        CheckFIPS
        ReadClock
        GetDeviceInformation
        IfxRsaKeygenVulnerability
        GatherLogs <full directory path>
        PssPadding
        IsReadyInformation

TpmTask:
        MaintenanceTaskStatus
        ShowTaskStatus
        IsEULAAccepted
        ProvisionTpm [force clear] [allow PPI prompt]

TpmProvisioning:
        PrepareTPM
        CanUseLockoutPolicyClear
        CanClearByPolicy

AutoProvisioning:
        IsAutoProvisioningEnabled
        EnableAutoProvisioning
        DisableAutoProvisioning [-o]

EK:
        EkInfo
        ekchain
        EkCertStoreRegistry
        GetEkCertFromWeb [-ecc] <cert file>
        GetEkCertFromNVR [-ecc] <cert file>
        GetEkCertFromReg [-ecc] [ output file ]
        GetEk [-ecc] [key file]
        CheckEkCertState
        InstallEkCertFromWeb
        InstallEkCertFromNVR
        InstallEkCertThroughCoreProv
        EKCertificateURL

WindowsAIK:
        InstallWindowsAIK [-skipCert]
        WinAikPersistedInTpm
        UninstallWindowsAIKCert
        GetWindowsAIKCert [cert file]
        IsWindowsAIKInstalledInNCrypt
        EnrollWindowsAIKCert
        GetWindowsAIKPlatformClaim ["fresh"] [output file]

OtherKeys:
        PrintPublicInfo < srk / aik / ek / handle > [-asBcryptBlob / -RsaKeyBitsOnly / -RsaSymKeyBitsOnly] [-ecc]
        TestParms < SYMCIPHER | RSA > < algorithm specific arguments >
        EnumerateKeys

NVStorage:
        EnumNVIndexes
        DefineIndex <index> <size> [attribute flags]
        UndefineIndex <index>
        ReadNVIndexPublic <index>
        WriteNVIndex <index> <data in hex format | -file filename>
        ReadNVIndex <index>
        NVSummary

NVBootCounter:
        CheckBootCounter
        ReadBootCounter [/f]

PCRs:
        PrintPcrs

PhysicalPresence:
        GetPPTransition
        GetPPVersionInfo
        GetPPResponse
        GetPPRequest

TPMCommandsAndResponses:
        CommandCode <hex command code>
        ResponseCode <hex response code>

Tracing:
        EnableDriverTracing
        DisableDriverTracing
        FormatTrace <etl file> [output json file]

DRTM:
        DescribeMle <MLE Binary File>

Misc:
        Help [command name]
        DecodeBase64File <file to decode from base 64>
        EncodeToBase64File <file to encode>
        ReadFileAsHex <file to read>
        ConvertBinToHex <file to read> <file to write to>
        ConvertHexToBin <file to read> <file to write to>
        Hash <hex bytes or raw value to hash>
        GetCapabilities

That should do it!

Reference:

https://learn.microsoft.com/en-us/windows/security/information-protection/tpm/trusted-platform-module-top-node

Conclusion:

This post showed you how to install or uninstall the TPM Diagnostics tool on Windows 11. Please use the comment form below if you find any errors above or have something to add.

Like this:



One response to “How to Install TPM Diagnostics Tool in Windows 11”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.