Why does Windows 11 require a TPM chip?
On June 24, 2021, Microsoft announced the arrival of a brand new operating system, Windows 11. Along with this, Microsoft also released the minimum system requirements for installing Windows 11 on your device. If you’ve been following the ad, you might know that aside from other requirements, like only certain processor chips, there is one essential hardware specification required that many people have never noticed before called a chip. TPM 2.0.
I will discuss the TPM chip in detail and find out why Windows 11 requires a TPM chip for installation.
What is a TPM chip?
Before the announcement of Windows 11, few PC users were familiar with the Trusted Platform Module (TPM). It is actually a tiny chip, the crypto-processor, installed on your computer’s motherboard and responsible for hardware security. TPM Chip is responsible for performing essential operations such as generating encryption keys and providing hardware authentication.
Many modern computer systems and laptops have TPMs already installed on their motherboards. You also have the option to manually insert it into your motherboard if you don’t have it on your system. Apart from this, modern means also allow you to use virtual TPM through dedicated software.
What are TPM chips used for?
As the name suggests, TPM Chip is a trusted hardware component of the motherboard with the primary focus on device security. It is used to protect and encrypt data. It can also store sensitive information such as passwords, encryption keys, and security certificates. The good thing is that it can create a more secure hardware barrier than a software barrier.
Advanced TPM chips can isolate themselves if a malicious program or behavior is detected on the system. TPM 2.0 can even scan your computer’s BIOS on restart and run conditional tests for certain malware.
The TPM can also detect if someone has tampered with the hardware components of the device, such as hard drive, Wi-Fi module, etc. The biometric information collected by Windows Hello is all stored in the TPM chips.
Besides, TPM is also used to generate unique cryptographic keys to encrypt your device hard drive. Finally, modern browsers like Chrome, Edge and others can also use it to maintain SSL certificates.
Why does Windows 11 require a TPM chip?
During the launch of Windows 10, Microsoft had explicitly asked the original equipment manufacturer to equip new devices with TPM chips. However, at that time, it was not mandatory for a machine to have a TPM to run Windows 10. Indeed, many users were switching from Windows 7 to Windows 10 OS on their old devices.
Now, with Windows 11, Microsoft wants to make system security the priority, more than anything else. Since Apple markets with a reputation for being secure and privacy-focused, Microsoft might want to give it a little competition.
The only way to make Windows devices more secure is to integrate TPM chips into the motherboard. So, through Windows 11, Microsoft is finally forcing users to switch to devices with the latest TPM 2.0 chip or connect the chip to the outside if the motherboard supports it.
Microsoft made this very clear in one of its latest blog posts. Microsoft’s chief corporate and operating system security director David Weston explained the importance of TPM chips and why they are necessary for Microsoft and its users. He says the enforced requirement of TPM 2.0 for Windows 11 was in response to growing cyber crimes like phishing, ransomware and others. He further states that Microsoft needs a solid foundation to meet its future security and privacy commitments. Therefore, with TPM made mandatory, all future Windows OS devices will have the latest TPM 2.0 chip inside. Additionally, requiring TPM 2.0 raises the standard for hardware security by requiring this built-in root of trust.
Why only TPM 2.0? Why not TPM 1.0 or 1.2?
Many PC experts have pointed out that there isn’t much of a difference between TPM 1.0 and TPM 2.0, and Microsoft is pushing TPM 2.0 just to increase sales of devices with TPM 2.0. However, Microsoft has addressed various differences between the first and second generation of TPM. According to Microsoft, TPM 2.0 supports more sophisticated cryptographic algorithms, offers a more standardized experience and, most importantly, can be integrated into a processor. TPM 2.0 supports newer algorithms, which may improve drive signing and key generation performance
In our opinion, it is true that TPM 2.0 is more advanced and secure than TPM 1.2 or 1.0, but Microsoft could have allowed at least 1.2 for installing Windows 11. Maybe Microsoft doesn’t want a component hardware affects the reputation of its next operating system, Windows 11.
Check if TPM is enabled on your system
To verify if your system has a compatible TPM and that it is enabled, follow these steps:
- In the Windows search box, type Windows PowerShell, right-click it, and select Run as administrator.
- Once the PowerShell window opens, type the command ‘get-tpm’ and press the Enter key.
- Check if TPM is present and enabled or not.
- Check the TPM version installed on your device, follow these steps:
- Open the Run command box, type ‘tpm.msc’ and press the Enter key.
- In the TPM Management window, check the version of the specification.
- If it is 2.0, your computer is compatible with Windows 11.
Windows operating system is famous for its various malware attacks unlike macOS which is famous as tightly secure operating system. However, with the upcoming Windows 11 operating system, Microsoft wants to change its reputation and compete with Apple in terms of providing a secure environment in its operating system. For this, Microsoft will force everything it can. This is why TPM 1.0, which was previously listed as the minimum requirement for Windows 11, was quickly replaced by TPM 2.0.
Do you need TPM for Windows 11?
YES. Users need a TPM version 2.0 or higher to run Windows 11, as well as a DirectX 12 compatible GPU; a supported Intel, AMD, or Qualcomm processor; 4 GB of RAM; and at least 65 GB of storage
Can you install the TPM externally?
Yes, if you have a PC, you can install TPM externally, if your device’s motherboard supports it. In this way, you can also easily upgrade to TPM 1.0, 1.2 to TPM 2.0.
What does the TPM do?
TPM, or Trusted Platform Module, is a hardware chip built into processors and motherboards. The chip essentially offers a barricade at the hardware level, instead of simple software segregation of the data accessible on your PC.
George Cox is the owner of Computer Diagnostics and Repair. He can be reached at 346-4217.