Windows 11 requires a PC with TPM 2.0. So does your PC have TPM 2.0, TPM 1.2, or none of the above? Did your PC accompany TPM disabled in its BIOS? does one got to buy a TPM hardware module? And why does Windows even need a TPM within the first place?
What Is a TPM?
TPM stands for “Trusted Platform Module.” It’s a technology that gives security-related functions at the hardware level. It generates and stores encryption keys and performs functions during a tamper-resistant manner. It provides additional protection against malware and other sorts of attacks.
In a blog post, Microsoft explains that Windows 11 systems will all have “a hardware root-of-trust.” The TPM may be a tamper-resistant element at the core of the pc which will be used for security measures like disk encryption and secure biometric sign-ins with Windows Hello.
TPM “attestation” are often wont to remotely authenticate hardware and software. The TPM features a unique endorsement key (EK) burned into the hardware. Organizations can remotely check and verify that a tool is what it says it’s which the hardware and software haven’t been tampered with. for instance , this could be particularly useful for a corporation managing a fleet of labor laptops.
The TPM includes a hardware random number generator that the system can depend upon , too. Modern smartphones have security chips that perform specialized functions, so why shouldn’t computers?
Why Does Windows 11 Need It?
Here’s one example: BitLocker encryption can store encryption keys within the TPM to guard your files. When your computer boots, the key stored within the TPM is employed to unlock your drive. If an attacker yanks your system drive and inserts it into another computer, the attacker can’t decrypt it and access your files without the keys stored within the TPM. The TPM is tamper-resistant, so an attacker can’t just plug it into another computer or easily extract the decryption key from it.
Even on Windows 10, BitLocker normally won’t work without a TPM. If all Windows 11 PCs have a TPM, then all Windows 11 PCs can natively support Device Encryption. That’s tons better than things with some Windows 10 PCs coming with disk encryption while others don’t include encryption.
A TPM will give each Windows 11 system a baseline of hardware security for Microsoft to create on top of. Windows 11 can always assume that it’s this baseline of hardware security. Microsoft won’t need to build software-based hacks on top of Windows 11 or leave important functionality like disk encryption disabled on many PCs.
RELATED: Why Doesn’t Windows 11 Support My CPU?
Why Isn’t TPM 1.2 Good Enough?
Microsoft’s messaging was all over the place in the days after Windows 11’s announcement. Initially, Microsoft’s Windows 11 compatibility page said that some systems with TPM 1.2 would be able to upgrade. Later, Microsoft edited that page and said that TPM 2.0 would be required.
A Microsoft website dating to 2018 points out a spread of security advantages that TPM 2.0 has over TPM 1.2, including support for more modern cryptographic algorithms. Since TPM 2.0 has these advantages and has been common for several years now, Microsoft clearly feels that it is sensible to need TPM 2.0.
Microsoft Has Required a TPM on Some New PCs Since 2016
Microsoft has required TPM 2.0 on Windows 10 PCs for several years—kind of.
Since July 28, 2016, all new Windows PCs being manufactured have required TPM 2.0 to be enabled by default. If you’re buying a laptop, desktop, 2-in-1, or the other device that comes with Windows 10 preinstalled, Microsoft requires that the manufacturer include TPM 2.0 and have it enabled.
However, this is often a requirement for the pc manufacturer to license and ship Windows on a PC. If you were building your own computer, you’ll have purchased a motherboard without TPM hardware and installed Windows 10 thereon . Or, your motherboard manufacturer may need shipped the hardware with the TPM disabled.
Windows 10 would have functioned happily without a TPM, whereas Windows 11 will refuse to put in on such a system.
Does Your PC Have a TPM? Is It Disabled?
If you’ve purchased a PC that came with Windows 10 in 2016 or later, there’s an honest chance that it’s TPM 2.0 already enabled—unless that model was originally made before the cutoff date.
If your PC is older than that, it’d or won’t have the TPM that Windows 11 requires. Many PCs have updated from Windows 7 to Windows 10, and people PCs will likely be left behind by this requirement.
However, people that built their own PCs—a crowd that has tons of PC gamers—might be during a strange situation. If you built your own PC (or purchased it from a corporation that built it for you), your PC might or won’t have TPM 2.0. albeit Windows says that TPM 2.0 isn’t present, it could just be disabled by default, and you would possibly got to enable it in your computer’s BIOS.
To find out, you would possibly got to visit your computer’s BIOS (technically, now a UEFI firmware settings screen on modern computers, but often still called the BIOS) and appearance for an option named “TPM,” or something similar that permits this feature.
Some computers have a firmware-based TPM. Intel calls this feature iPPT (Intel Platform Protection Technology), while AMD calls it fTPM (Firmware Trusted Platform Module). you would possibly got to find an option called something like this in your BIOS/UEFI settings screen. It might be called something else, too—consult your motherboard’s manual for more information.
There’s an honest chance that a lot of people with newer PCs are going to be ready to enable TPM 2.0 within the BIOS without purchasing a separate TPM hardware module—a component that scalpers are already buying up. However, some gaming motherboards haven’t included this feature and it’d not be available. Before Microsoft’s announcement, this is able to be required for Windows 11, but this wasn’t necessarily considered a must have feature for people building their own PCs.
Microsoft Made things a Confusing Mess
The requirement to possess TPM 2.0 as a hardware security baseline that Microsoft can design around is sensible . Remember that Microsoft will continue supporting Windows 10 until October 14, 2025, so you’ll keep using your current computer and OS for years to return .
The real problem, once more , is Microsoft’s poor communication. For instance , if Microsoft had warned folks that a TPM 2.0 would at some point be required, motherboard manufacturers likely wouldn’t have skimped on adding it to gaming boards. PC enthusiasts would have ensured that their builds had a TPM. Hardware manufacturers could have enabled it by default instead of disabling it by default. Microsoft might say that it sent this signal to its hardware partners, but many motherboard manufacturers clearly didn’t get the message.
Windows 11’s announcement was also a mess: Microsoft initially said that TPM 1.2 would be partially supported then changed its mind. Microsoft didn’t even bother trying to elucidate why TPM was required initially . After Microsoft tried to create hype for the upgrade, the official PC checkup tool mysteriously failed without telling people why their PC wasn’t supported.
Microsoft could even have explained things and provided information on enabling TPM 2.0 in your computer’s BIOS—but the corporate didn’t do any of that.
No Responses