Do MacBook Pros with TouchID contain TPMs?

I'm considering a touch bar Macbook Pro, but the majority of the time it will be in Boot Camp. I need to use Bitlocker, so if the machine doesn't have a Trusted Platform Module (TPM) I need to enter a second password every time going to Windows which is frustrating.

Historically, Macs have not included a hardware security (TPM) chip, but the Touch ID sensor requires hardware that serves a similar function. (Apple's name for what a TPM does is "secure enclave" and the TouchID sensor comes with one of those) Is that hardware exposed as a TPM to Boot Camp, or will I continue to need to enter Bitlocker passwords on these new MBPs?


Solution 1:

Apple's iOS secure enclave is almost certainly the "flavor of TPM" that is built into the MacBook Pro. I would say it's a very, very long shot that it would be exposed to BootCamp or other virtualization apps, but there is of course hope when you have API for third party apps to get at the fingerprint sensor from macOS.

You are correct that this is the first time Apple has included this hardware on the Mac so maybe some time in the future you can expect the functionality you rightly desire. For now, I'd plan on yubikey or manual password entry.

Solution 2:

It seems very unlikely. The Touch ID sensor's secure enclave is sacrosanct as far as privacy and data protection are concerned, and the original iPhone 5s keynote mentioned that the data transfer between it and the main processor is minimal; as close to a pass/fail response as possible. This would make it quite a task to implement a secondary mode where the secure enclave acts as a TPM, in addition to Apple's reluctance to do so. It's worth noting that there's little hope for this being implemented by a third party as the firmware for the secure enclave, as for iOS, is signed.

As the owner of a 15" 2016 MacBook Pro I can confirm that no TPM shows up in macOS's System Information, but I don't use Bootcamp so can't test that.