How to Determine the TPM 2.0 Secure Hash Algorithm of Latitude and Precision Computers
Summary: This article describes how to determine the Trusted Platform Module 2.0 Secure Hash Algorithm of Latitude xx10, xx20, Precision xx40, or xx50 series computers.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
Dell has made a BIOS change to TPM Encryption for the latest Latitude 10/20 series and Precision 40/50 series computers. This article covers how to determine the TPM encryption standard these computers are using.
In previous Dell BIOS configurations, selecting the SHA-256 option under TPM allowed the BIOS and TPM to use a Secure Hash Algorithm (SHA) for both SHA-1 and SHA-256. By unselecting it, only the SHA-1 hash algorithm would be used.
The change in the Latitude xx10, xx20 and Precision xx40, xx50 series BIOS is that when selecting the SHA-256 algorithm, the SHA-1 hash algorithm is no longer available.
You can verify the TPM SHA in the Windows Registry.
The following links can be used to reference more information:
The link in the Microsoft document refers to the PDF from Trusted Computing Group (TCG). The written table for the TPMActivePCRbanks only shows the bit and not the output in hexadecimal or decimal that will be seen in the Microsoft registry.
This table defines a bit field to concisely convey hash algorithms. An example of where this could be useful is a parameter returning the set of hash algorithms an interface supports.
Table 25 — Definition of (UINT32) TPMA_HASH_ALGS Bits
In previous Dell BIOS configurations, selecting the SHA-256 option under TPM allowed the BIOS and TPM to use a Secure Hash Algorithm (SHA) for both SHA-1 and SHA-256. By unselecting it, only the SHA-1 hash algorithm would be used.
The change in the Latitude xx10, xx20 and Precision xx40, xx50 series BIOS is that when selecting the SHA-256 algorithm, the SHA-1 hash algorithm is no longer available.
You can verify the TPM SHA in the Windows Registry.
- Open the Registry Editor (Type REGEDIT in the search bar then open the Registry Editor App.
- Browse the registry tree to the following key: Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\IntegrityServices\TPMActivePCRBanks
- The DWORD Data Hexadecimal value for this new BIOS is 0x00000002 (2) not the previous BIOS value of 0x00000003 (3). (Table 1.)
| Hexadecimal DWORD Value | Value Definition |
| 0x00000001 (1) | Indicates only SHA-1 hash algorithm in bank |
| 0x00000002 (2) | Indicates only SHA-256 hash algorithm in bank |
| 0x00000003 (3) | Indicates both SHA-1 and SHA-256 hash algorithms in the bank |
Note: The registry key: Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\IntegrityServices\TPMDigestAlgID can also be checked to be sure that SHA-256 has it being used. Its output would be the following: 0x0000000b (11)
The following links can be used to reference more information:
- Understanding PCR banks on TPM 2.0 devices (Windows 10) - Microsoft 365 Security | Microsoft Docs
- TCG-_Algorithm_Registry_r1p32_pub.pdf (trustedcomputinggroup.org)
The link in the Microsoft document refers to the PDF from Trusted Computing Group (TCG). The written table for the TPMActivePCRbanks only shows the bit and not the output in hexadecimal or decimal that will be seen in the Microsoft registry.
Table 25 is based on the chart from TCG after converted to Hexadecimal. Dell only supports the SHA-1 or the SHA-256 hash algorithm.
6.10 Hash Algorithms Bit FieldThis table defines a bit field to concisely convey hash algorithms. An example of where this could be useful is a parameter returning the set of hash algorithms an interface supports.
Table 25 — Definition of (UINT32) TPMA_HASH_ALGS Bits
| Bit | Registry Output | Name | Action |
| 0 | 0x00000001 (1) | hashAlgSHA1 | SET (1): Indicates the SHA1 hash algorithm CLEAR (0): Does not indicate SHA1 |
| 1 | 0x00000002 (2) | hashAlgSHA256 | SET (1): Indicates the SHA256 hash algorithm CLEAR (0): Does not indicate SHA256 |
| 2 | 0x00000006 (6) | hashAlgSHA384 | SET (1): Indicates the SHA384 hash algorithm CLEAR (0): Does not indicate SHA384 |
| 3 | 0x00000007 (7) | hashAlgSHA512 | SET (1): Indicates the SHA512 hash algorithm CLEAR (0): Does not indicate SHA512
|
Affected Products
Latitude 3310 2-in-1, Latitude 3310, Latitude 3320, Latitude 5310 2-in-1, Latitude 5310, Latitude 5320, Latitude 7310, Latitude 7320, Latitude 7320 Detachable, Latitude 5410, Latitude 7410, Latitude 7420, Latitude 9410, Latitude 9420, Latitude 3510
, Latitude 3520, Latitude 5510, Latitude 5520, Latitude 9510, Latitude 9520, Latitude 5420, Precision 3520, Precision 5520, Precision 7520, Precision 7720, Precision 3510, Precision 5510, Precision 7510, Precision 7710
...
Article Properties
Article Number: 000190913
Article Type: How To
Last Modified: 28 May 2025
Version: 9
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.