Backup solutions and TPM security in Windows 11
Backup solutions and TPM security in Windows 11
TL;DR:
- Is it possible to downgrade from Windows 11 back to 10 with Macrium Reflect 7 while TPM is active?
- Does TPM protect only the OS drive or also internal storage? (Assuming no BitLocker)
- How can I carry out a BIOS update using fTPM alongside this?
- Can everything encrypted in my CPU’s fTPM be accessed only by that specific processor?
Let’s say TPM remains mysterious to me. I’m comfortable with backup methods but have never used them with TPM before (AMD fTPM). I plan to switch from Windows 10 to 11 just to test the upgrade. I’ll make a drive image of C:\ using Macrium right before switching, so I have a backup if needed.
My main worries:
- Will reverting from 11 back to 10 cause TPM to lock my drive?
- If I switch back with MR7, will my password/pin keys disappear and risk losing access?
- Does TPM protect all drives or just the C:\ folder? If I swap drives without a TPM-enabled OS, can I still read data from another machine?
- What happens if I run a BIOS update or CMOS reset while fTPM is active? Will I lose encryption keys and access to my system?
I’ve heard that performing a BIOS update or CMOS reset can erase the fTPM, potentially wiping out OS and encrypted data. Microsoft guidance suggests disabling TPM via tpm.msc without clearing it directly from BIOS. To avoid losing access, I’d need to:
1. Disable TPM in BIOS (tpm.msc)
2. Restart or use Windows Security settings to reset security processor info
3. Clear fTPM and restart after a reboot
If I land on the UEFI screen, I should check if I can boot into Windows without issues. After a successful BIOS update, a proper reboot (or clearing TPM again) should get me to the POST screen. Pressing F1 in BIOS and booting Windows confirms accessibility.
Once the update is done, rebooting should restore everything. If it works, I can proceed confidently.
Any clarification on these steps would be greatly appreciated.
TPM handles nothing concerning your concerns. You won’t face any issues beyond receiving the BitLocker recovery key when starting up a drive protected by BitLocker encryption.
I might be testing Windows 11 for more than ten days, so I'm wondering if Macrium Reflect could work for bringing back Windows 10, especially with TPM included. I'll perform a complete reinstall just in case things worsen. Appreciate the help. P.S. My i7-6700K stopped working once...
Are you certain? Would it be okay to update the BIOS or reset the CMOS without impacting your operating system’s availability? I’m trying to grasp the situation so issues can be handled easily and I know how to fix them if needed. I don’t want to act without understanding, risking permanent damage to my system. Could you clarify what happens if I connect these drives to another machine?
Got it, thanks for the advice. I’ll check back here (or create a fresh thread if merging old ones isn’t allowed) when I need help. Bye everyone!