Clear method of the Win32_Tpm class

  • Article

The Clear method of the Win32_Tpm class resets the TPM to its factory-default state. A TPM owner can use this method to cancel TPM ownership and invalidate cryptographic materials created by the previous owner. This method suspends BitLocker if calling could cause BitLocker recovery to be required. BitLocker would automatically resume once TPM has been provisioned.

Caution

By clearing the TPM, you will lose all TPM keys created and used by applications. If these keys were used to encrypt data, ensure that you have another way to access the data before clearing the TPM.

 

Syntax

uint32 Clear(
  [in, optional] string OwnerAuth
);

Parameters

OwnerAuth [in, optional]

Type: string

A string that identifies the TPM owner. This string must be a base64-encoded string that contains exactly 20 bytes of binary data. Use the ConvertToOwnerAuth method to translate a passphrase to this expected format. The OwnerAuth parameter is read from the registry if none is provided.

Return value

Type: uint32

All TPM errors as well as errors specific to TPM Base Services can be returned.

The following table lists some of the common return codes.

Return code/value Description
S_OK
0 (0x0)
 The method was successful.
TPM_E_AUTHFAIL
2150105089 (0x80280001)
 The provided owner authorization value cannot perform the request.
TPM_E_DEFEND_LOCK_RUNNING
2150107139 (0x80280803)
 The TPM is defending against dictionary attacks and is in a time-out period. For more information, see the ResetAuthLockOut method.

 

Remarks

Running this method can help prepare a TPM-equipped computer for recycling.

To clear the TPM but no longer have the TPM owner authorization, you need physical access to the computer. The SetPhysicalPresenceRequest method includes functionality to help clear the TPM without TPM owner authorization.

Managed Object Format (MOF) files contain the definitions for Windows Management Instrumentation (WMI) classes. MOF files are not installed as part of the Windows SDK. They are installed on the server when you add the associated role by using the Server Manager. For more information about MOF files, see Managed Object Format (MOF).

Requirements

Requirement Value
Minimum supported client
 Windows Vista [desktop apps only]
Minimum supported server
 Windows Server 2008 [desktop apps only]
Namespace
 Root\CIMV2\Security\MicrosoftTpm
MOF
Win32_tpm.mof
DLL
Win32_tpm.dll

See also

Win32_Tpm