Parallels Desktop and a Virtualized Trusted Platform Module (vTPM)


Parallels Desktop® for Mac Pro Edition and Business Edition support the integration of a virtualized Trusted Platform Module (vTPM). Now users can add TPM to their virtual machine (VM) configuration.


Microsoft Windows utilizes TPM in Windows 10, Windows Server 2016 and Windows Server 2019. Users can run these popular Microsoft operating systems on Mac with the help of Parallels Desktop. 

What is a Trusted Platform Module?

The trusted platform module (TPM) is a physical cryptoprocessor chip on a device that manages encryption keys on a hardware level to ensure dedicated security. This chip includes intelligent security mechanisms that reduce the possibility of malicious software tampering with the security functions of TPM itself. 

vTPM Architecture
vTPM Architecture from USENIX.com

Whatis.com describes the keys associated to TPM: 

“Each TPM chip contains an RSA key pair called the Endorsement Key (EK). The pair is maintained inside the chip and cannot be accessed by software. The Storage Root Key (SRK) is created when a user or administrator takes ownership of the system. This key pair is generated by the TPM based on the Endorsement Key and an owner-specified password.” 

Special thanks to whatis.com for providing a clear description of how the keys associated with TPM function and perform.

Since 2006, many laptops have deployed with a built-in TPM chip. The chip can be used by some Microsoft Windows security features, such as BitLocker or Windows Hello. 

An IT admin in an enterprise environment who needs to manage Mac® devices can utilize vTPM with Parallels Desktop for additional protection and security. For example, Parallels Desktop Pro Edition and Business Edition force the Apple® macOS® virtual memory to attach to a Microsoft Windows VM, just like the Microsoft Windows native memory. The programs are intelligent enough to apply the same parameters to both virtual and physical TPM How? Well, the TPM will use macOS security features to work and inform the Windows VM that the user already has a TPM. However, there are some functions that require a physical TPM, such as Face ID® or Touch ID®. Some additional and professional hardware is required to run these functions, but the added layer of security provides unparalleled peace of mind for IT admins and end users. 

Virtual machine encryption is one of the top-used features of Parallels Desktop. It’s used to protect data from unauthorized access. If you’re looking to encrypt your virtual machine, you can learn how to do that in this Parallels knowledge base article

Get started with running Windows on Mac without rebooting with a free 14-day trial—download a copy of Parallels Desktop instantly. 

2 comments on “Parallels Desktop and a Virtualized Trusted Platform Module (vTPM)