Microsoft recently announced that it would require TPM for Windows 11 installation. This has led to a fair bit of confusion about TPM, which stands for Trusted Platform Module, and what it means for those looking to upgrade to Windows 11. In our latest Tech Edge video, we’re looking at what TPM does, why it’s important, and why it’s been such a focus of the Windows 11 announcement.
TPM for Windows 11 Security
The security of digital information has been a hot topic from the moment digital information became a thing. Security has only grown in importance as that information has become more sensitive and attacks on it more sophisticated.
Providing a secure barrier between the information on a computer and attackers who wish to access it, is the role of a Trusted Platform Module. TPM. Now in its second generation, called TPM 2.0, TPM acts as a secure crypto-processor. It generates, stores and limits the use of cryptographic keys required to access system files. Simple, everyday terminology there, right?
How Does TPM Work?
The truth is, there’s nothing simple about TPM. But, perhaps the most important aspect is actually right there in the name. The “module” in Trusted Platform Module has traditionally been exactly that. It’s a physical chip that’s soldered onto a motherboard and provides your computer with what amounts to a digital fingerprint. That fingerprint is then REQUIRED to access any of the information stored on your system. Because it’s physically located inside your machine, attackers are much less likely to have any luck spoofing, tampering with or defeating its protections.
TPM can be leveraged to encrypt your storage drive. This protects your data, including your identity and operating system files, where traditional anti-malware solutions are vulnerable. Encryption also protects your data in the case of physical theft.
The Emergence of Firmware TPM (fTPM)
Hardware-based TPM has been around for a while. More recently both AMD and Intel have begun implementing firmware TPM, or fTPM, solutions. For example, Intel’s Platform Trust Technology, or PTT, found in some Intel chipsets, provides the same TPM security protocols without the need for an additional physical chip. To your operating system and applications, PTT looks and acts exactly like TPM. The difference is, computers with Intel PTT, or AMD’s built-in firmware version, don’t require a dedicated crypto-processor or memory.
Firmware TPM enables more devices, including lower-cost and lower-power systems, to support the same root of trust concepts enabled by hardware-based TPM. This is especially helpful in the industrial PC space as it lets organizations establish the same, rigorous levels of security on endpoints and gateways as on desktop hardware. These firmware TPM solutions also meet Microsoft’s Windows 11 requirements. That means systems with Intel PTT or AMD’s fTPM solution should be in the clear for Windows 11 support.
Upgrading to Windows 11
So, what does all of this mean for upgrading your OS? Microsoft is clearly taking a stand when it comes to security (read: Windows 11 enables security by design from the chip to the cloud). They have provided a full list of processors compatible with Windows 11 (Intel CPUs, AMD CPUs). It’s important to mention that Microsoft has actually updated their compatibility page for Windows 11 since their original announcement. It now includes a single list of minimum hardware requirements including mention of TPM version 2.0. They will also be offering a downloadable PC Health Tool that will check your system for compatibility.
Before running the PC Health Tool, you’ll want to ensure that, if available, TPM, PTT or fTPM are enabled on your system. Checking for this is easily done in the UEFI (formally called the BIOS). Even systems that feature these technologies don’t always ship with the setting turned on. That reality has been causing a fair bit of confusion for users running this check following the Microsoft announcement. This caused Microsoft to pull the PC Health Tool for updates. We expect it to be available again closer to the official launch of Windows 11.
Do You Definitely Need TPM for Windows 11?
Now, could all of this change? Yes. We’re still months away from Windows 11 making its debut, and Microsoft has said that they’ll continue to evaluate hardware requirements as they release the new OS to their Windows Insiders and partner OEMs like OnLogic. We’ll be sure to keep you updated, so if you found this video helpful be sure to subscribe to our YouTube channel and give this video a like.