Questions

[thekimpc]

It was interesting, well-written and informative to read your article on BitLocker.

How can I change from TPM to Microsoft Pluton processor without boot failure due to Secure Boot, BitLocker, etc? The PC has Microsoft Pluton processor. I'm thinking of removing Secure Boot and BitLocker plus clear TPM cache before I change which chip is being used.

[HotCakeX]

Thank you!

If you're currently using BitLocker, make sure to have the 48-characters recovery passwords of all your encrypted drives available (you can back them up using the Harden Windows Security module), you'll need to use the one for the OS drive in the boot screen. You also must have the ability to reset Windows Hello authentication at the lock screen when you change TPM device, so Internet connection will be required.

You'll have to refer to your device's manuals in manufacturer website to see how to make that change because it can be different for each device.

In the Windows Security app -> Device Security -> Security Processor you can see the details of your TPM.

If you are using a signed App Control policy, you'll have to remove it or deploy it as unsigned policy before making this change, otherwise there will be boot failure.

[thekimpc]

I can swap TPM to Microsoft Pluton processor by changing my UEFI settings. Before making such changes I want to avoid any errors by seeking your help. Thanks for the detailed and helpful answer!

Do I need to do anything with Secure Boot and TPM cache or just BitLocker, Windows Hello authentication and signed App Control policy?

[HotCakeX]

You can try clearing the TPM keys before making the switch but i don't think it's necessary, following what your hardware manufacturer/OEM recommends is the best way.

You don't need to touch Secure Boot. Just make sure you have the BitLocker recovery keys, you don't use signed App Control policies during the switch, and you can connect to the Internet from Windows Lock screen to reset Windows Hello authentication. I can't think of anything else to suggest at the moment.