TPM 2.0 for Windows 11 – What is it and what about Intel PTT and AMD fTPM?

In 2021, Microsoft announced that it would require TPM 2.0 for Windows 11 installation. This has led to a fair bit of confusion about TPM (Trusted Platform Module) and what it means for those looking to upgrade to Windows 11. In our latest Tech Edge video, we’re looking at what TPM does, why it’s important, and why it’s been such a focus of the Windows 11 announcement.

TPM 2.0 for Windows 11 security

The security of digital information has been a hot topic from the moment digital information became a thing. Security has only grown in importance as that information has become more sensitive and attacks on it more sophisticated.

Providing a secure barrier between the information on a computer and attackers who wish to access it is the role of a Trusted Platform Module. Now in its second generation, TPM 2.0, TPM acts as a secure crypto-processor. It generates, stores, and limits the use of cryptographic keys required to access system files. Simple, everyday terminology there, right?

How does TPM work?

The truth is, there’s nothing simple about TPM. But perhaps the most important aspect is actually right there in the name. The “module” in Trusted Platform Module has traditionally been exactly that. It’s a physical chip that’s soldered onto a motherboard and provides your computer with what amounts to a digital fingerprint. That fingerprint is then REQUIRED to access any of the information stored on your system. Because it’s physically located inside your machine, attackers are much less likely to have any luck spoofing, tampering with, or defeating its protections.

TPM can be leveraged to encrypt your storage drive. This protects your data, including your identity and operating system files, where traditional anti-malware solutions are vulnerable. Encryption also protects your data in the case of physical theft.

The emergence of firmware TPM (fTPM)

Hardware-based TPM has been around for a while. More recently, both AMD and Intel have begun implementing firmware TPM, or fTPM, solutions. For example, Intel’s Platform Trust Technology (PTT) found in some Intel chipsets provides the same TPM security protocols without the need for an additional physical chip. To your operating system and applications, PTT looks and acts exactly like TPM. The difference is, computers with Intel PTT or AMD’s built-in firmware version don’t require a dedicated crypto-processor or memory.

Firmware TPM enables more devices (including lower-cost and lower-power systems) to support the same root of trust concepts enabled by hardware-based TPM. This is especially helpful in the industrial PC space as it lets organizations establish the same rigorous levels of security on endpoints and gateways as on desktop hardware. These firmware TPM solutions also meet Microsoft’s Windows 11 requirements. This means that systems with Intel PTT or AMD’s fTPM solution should be in the clear for Windows 11 support.

Upgrading to Windows 11

So what does all of this mean for upgrading your OS? Microsoft is clearly taking a stand when it comes to security (read: Windows 11 enables security by design from the chip to the cloud). They have provided a full list of processors compatible with Windows 11 (including Intel CPUs and AMD CPUs). It’s important to mention that Microsoft has actually updated their compatibility page for Windows 11 since their original announcement. It now includes a single list of minimum hardware requirements including mention of TPM version 2.0. They will also be offering a downloadable PC Health Tool that will check your system for compatibility.

Before running the PC Health Tool, you’ll want to ensure that, if available, TPM, PTT, or fTPM are enabled on your system. Checking for this is easily done in the UEFI (formally called the BIOS). Even systems that feature these technologies don’t always ship with the setting turned on, and this caused a fair bit of confusion for users running this check following the Microsoft announcement.

Do you definitely need TPM for Windows 11?

 Although Windows 11 was released late 2021 and still requires TPM today, requirements are subject to change at any time. We’ll be sure to keep you updated, so if you found this guide on TPM 2.0 for WIndows 11 helpful, be sure to subscribe to this blog and our YouTube channel to stay up to date.