Clearing the TPM resets your computer’s security chip to factory defaults, wiping every encryption key and credential stored inside it. The TPM (Trusted Platform Module) is a small processor on your motherboard that holds cryptographic keys for features like BitLocker drive encryption, Windows Hello login, and the Encrypting File System. When you clear it, all of those keys are permanently deleted, and anything that depended on them stops working until you set it up again.
What Gets Deleted
The TPM stores encryption keys, not your personal files. Clearing it doesn’t touch photos, documents, or applications on your hard drive. What it does erase is the set of cryptographic keys the chip generated to protect access to those files and to verify your identity. Specifically, you lose:
- BitLocker encryption keys, which unlock your encrypted drives at startup
- Windows Hello credentials, including fingerprint and facial recognition data tied to the chip
- Encrypting File System (EFS) keys, used to protect individual files and folders
- Any other keys or tokens that software stored in the TPM, such as VPN certificates or enterprise security credentials
Your files still physically exist on the drive after a TPM clear. The problem is that if those files were encrypted, you’ve just destroyed the key that unlocks them. Think of it like changing the lock on a safe and throwing away the old key: the contents are still inside, but you can’t get to them without a backup key.
The BitLocker Risk
BitLocker is the biggest concern for most people. If your drive is encrypted with BitLocker and you clear the TPM, the system enters recovery mode on the next boot. Windows will ask for a 48-digit recovery key before it lets you access anything on that drive.
If you saved that recovery key (to your Microsoft account, a USB drive, or a printout), you can type it in and regain access. If you never saved it or can’t find it, you’re locked out of the encrypted drive entirely. There’s no workaround. This is why backing up your BitLocker recovery key before clearing the TPM is critical. You can find it by signing into your Microsoft account at account.microsoft.com/devices/recoverykey, or by checking wherever your organization’s IT department stores them.
Why You’d Clear the TPM
Most people never need to touch the TPM. The situations where clearing it makes sense are fairly narrow:
- Troubleshooting security chip errors. If Windows can’t properly communicate with the TPM, clearing it lets the operating system reinitialize the chip from scratch. This resolves most firmware glitches and ownership conflicts.
- Preparing for a clean OS install. Before installing a fresh copy of Windows, clearing the TPM ensures the new installation can take full ownership of the chip without conflicts from the old setup.
- Selling or giving away your PC. Clearing the TPM removes your stored credentials from the chip so the next owner can’t access anything tied to your old keys. It’s a security hygiene step, similar to wiping the hard drive.
- Replacing the motherboard or TPM module. If you swap hardware that includes a different TPM, clearing and reinitializing prevents conflicts between the old chip’s data and the new one.
What Happens After You Clear It
After the TPM is cleared and your computer restarts, Windows automatically detects the empty chip and takes ownership of it. The operating system generates new keys and re-initializes the TPM without any manual steps on your part. You’ll typically see a brief prompt during boot confirming the TPM was cleared, and then Windows starts normally.
What won’t come back automatically is anything that relied on the old keys. You’ll need to re-enroll your fingerprint or face in Windows Hello. If BitLocker was active, you’ll either need to enter your recovery key to unlock the drive, then let BitLocker generate new keys with the fresh TPM, or you’ll need to set up BitLocker again from scratch. Any application that stored certificates or tokens in the old TPM will need to be reconfigured.
How to Clear the TPM
The simplest method in Windows 10 and 11 is through the Windows Security app. Open it, go to Device Security, click Security Processor Details, then click Clear TPM. Your computer will restart to complete the process. You can also clear it through the BIOS/UEFI settings by looking for a TPM or Security section in your firmware menu.
Before you do either, suspend BitLocker first (you can do this in Control Panel under BitLocker Drive Encryption) and back up your recovery key. Suspending BitLocker temporarily removes the TPM requirement for startup, so you won’t get locked out during the clear. Once the TPM reinitializes, you can resume BitLocker and it will bind to the new keys automatically.
If you’re not actively troubleshooting a problem, preparing a PC for a new owner, or doing a clean install, there’s no benefit to clearing the TPM. It’s a reset tool, not a maintenance step.