Using Live Discover to determine TPM enabled devices

The following query may allow you to get information from the registry for this purpose, though I couldn’t find a specific location that will work across all systems. 

SELECT * 
   FROM registry WHERE path LIKE 'HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\MMC\SnapIns\FX:{7d3830aa-e69e-4e17-8bd1-1b87b97099da}\%' 
   AND name IN ('RuntimeVersion', 'Type')

The built-in query "BitLocker info" may also work to get some information. 

I couldn’t locate TPM information referenced in the osquery or Sophos Schema documents, so this may need to be added as a feature improvement. I will reach out to our team to verify.

The following query may allow you to get information from the registry for this purpose, though I couldn’t find a specific location that will work across all systems. 

SELECT * 
   FROM registry WHERE path LIKE 'HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\MMC\SnapIns\FX:{7d3830aa-e69e-4e17-8bd1-1b87b97099da}\%' 
   AND name IN ('RuntimeVersion', 'Type')

The built-in query "BitLocker info" may also work to get some information. 

I couldn’t locate TPM information referenced in the osquery or Sophos Schema documents, so this may need to be added as a feature improvement. I will reach out to our team to verify.

SophosOsquery.exe (with date 26.07.2022) on our clients says it's version 5.0.1. Can you help us with a query regarding tpm_info? 

Beginning with osquery version 5.0.1 there is a table "tpm_info" which will be added. Currently, the version of osquery that's built into Sophos is running version 4.9, once this is updated, the tpm information will be made available.