How to Clear the TPM in Windows 11 (2026)
Clearing the TPM can fix Windows Hello and BitLocker errors, but it wipes your encryption keys. Here is how to do it safely without getting locked out.

The TPM is the tiny security chip that stores your BitLocker keys, Windows Hello PIN, and other secrets. When Windows Hello starts failing with cryptic errors or BitLocker acts up, clearing the TPM often fixes it, but it also wipes every key the chip holds. Do it wrong and you can lock yourself out of your own drive.
Quick answer
Before you clear anything, back up your BitLocker recovery key. Then press Windows+R, type tpm.msc, and choose Clear TPM from the Actions pane, or use Windows Security under Device security, Security processor, troubleshooting. The PC restarts, the TPM resets to an unowned state, and Windows automatically re-initializes it. Clearing wipes all keys, so any data protected by them, including a BitLocker drive without its recovery key, becomes unrecoverable.
Key takeaways
- Clearing the TPM wipes every key it stores, including BitLocker keys and your Windows Hello PIN.
- Back up your BitLocker recovery key first; without it, a clear can lock you out of your drive permanently.
- Windows re-initializes the TPM automatically after a clear and takes ownership again.
- Four methods exist: TPM management console, Windows Security, PowerShell, and BIOS.
- You will need to re-enroll Windows Hello (PIN, fingerprint, face) afterward.
When clearing the TPM actually helps
Clearing is a legitimate fix for a specific set of problems, not a routine maintenance step. Reach for it when:
- Windows Hello PIN setup fails with errors that survive removing and re-adding the PIN.
- BitLocker behaves inconsistently or refuses to bind to the TPM.
- You are decommissioning or handing off a PC and want to erase stored secrets.
- Firmware or a motherboard swap left the TPM in a confused state.
If your issue is a specific Windows Hello error, try the targeted fix first; our guide to fixing the Windows Hello PIN error 0x80090016 resolves many cases without a full clear.
Warning
This is the one step you cannot undo. If BitLocker is on and you clear the TPM without your recovery key saved, you may be unable to unlock the drive. Save the recovery key to your Microsoft account, a file on another device, or paper before proceeding.
Back up your recovery key first
Before touching the TPM:
- Search for Manage BitLocker and open it. For each encrypted drive, choose Back up your recovery key and save it to your Microsoft account and to a separate device or printout.
- Note that your Windows Hello PIN, fingerprints, and face enrollments will be cleared too, so be ready to set them up again after the restart.
- If you use a virtual smart card or certificate-based sign-in, understand those credentials will be invalidated.
For a broader refresher on disk encryption and recovery-key discipline, see encrypting your laptop with BitLocker and FileVault.
Four ways to clear the TPM
| Method | Where | Best for |
|---|---|---|
| TPM management console | Run tpm.msc, Actions, Clear TPM | Quick, standard clear |
| Windows Security | Device security, Security processor troubleshooting | Guided, with a reason prompt |
| PowerShell | Clear-Tpm as admin | Scripts and remote sessions |
| BIOS/UEFI | Security tab, Clear TPM | When Windows will not boot |

Clear the TPM step by step
- Back up your BitLocker recovery key for every encrypted drive and confirm you can access it elsewhere.
- Press Windows+R, type
tpm.msc, and press Enter to open the TPM management console. - In the Actions pane on the right, click Clear TPM.
- Confirm and let the PC restart; you may be asked to press a key during boot to approve the clear.
- After Windows loads, re-enroll your Windows Hello PIN, fingerprint, or face, and verify BitLocker is protected.
If Windows will not boot at all, use the BIOS route instead: enter UEFI (often F2 or Del), open the Security tab, select the option to clear the TPM, save, and exit.
After clearing
Windows re-initializes the TPM and takes ownership automatically, so you do not need to "turn it back on." Your job is to restore what depended on it:
- Set up your Windows Hello PIN and biometrics again.
- Confirm each BitLocker drive shows as protected in Manage BitLocker.
- Test the credentials or apps that previously threw errors to confirm the clear resolved them.
What to do right now
- Back up your BitLocker recovery key to your Microsoft account and a separate device.
- Confirm you are ready to re-enroll Windows Hello after the restart.
- Try the targeted Windows Hello fix first if that is your only symptom.
- Open
tpm.msc, choose Clear TPM, and restart, approving the clear during boot if prompted. - After reboot, re-enroll Windows Hello and verify BitLocker protection is on.
Frequently asked questions
Is it safe to clear the TPM?
It is safe as long as you back up your BitLocker recovery key first. Clearing wipes all keys the TPM holds, so without the recovery key you could lose access to an encrypted drive. With the key saved, the risk is minimal.
Do I need to re-enable the TPM after clearing it?
No. Windows automatically re-initializes the TPM and takes ownership after a clear. You will, however, need to set up your Windows Hello PIN and biometrics again.
Will clearing the TPM delete my files?
Not directly, but data protected by TPM-held keys becomes inaccessible if you lack the recovery key. On a BitLocker drive, that effectively means data loss, which is why backing up the recovery key is non-negotiable.
What is the difference between clearing from Windows and from BIOS?
The result is the same, but the BIOS method works even when Windows will not boot. Use tpm.msc or Windows Security when Windows runs normally; use the UEFI Security tab when it does not.
Why does my Windows Hello PIN stop working after a clear?
Clearing wipes the credentials the TPM stored, including your PIN and biometrics. That is expected. Just re-enroll them in Settings under Accounts, Sign-in options after the PC restarts.


