What is TPM? Here’s why you will need it for Windows 11
Microsoft’s Windows 11 Operating system requires the presence of TPM (Trusted Platform Module). The requirements stated for the new OS have sparked a storm of doubt and uncertainty. What is TPM? and do you have it on your computer? Here’s everything you need to know about it.
Table of Contents
Microsoft revealed the system requirements for Windows 11 after completing the launch event. TPM was a strange term hidden beneath RAM requirements and recommended Gigahertz (GHz).
“Does my computer have TPM that works with Windows?” is a question you never expected to have to ask. The good news is that if you bought a computer in the last few years, the answer is almost definitely “Yes.”
For those who want to move to Windows 11, especially those who built or upgraded their own PC/Desktop. The process may be more complicated.
Based on what we know so far, let us look at what TPMs does? And how Microsoft plans to incorporate them into the next version of Windows?
What is TPM And How it Works?
There are two types of security: software and hardware. When done correctly, software security is an effective way to keep hackers out of a system. But software’s code is changeable as it’s more flexible by nature. A clever hacker can discover an exploit gaining access to sensitive data.
Hardware security is hardcoded, as the name implies. Hackers can’t alter the cryptographic keys unless they know what they are.
TPM is a tiny chip on your computer’s motherboard, separate from the main CPU and memory at times. The chip is like the keypad you use to turn off your home security alarm every time you pass through the door.
Or the authenticator app you use to enter into your bank account on your phone. Putting your username and password into the login screen is comparable to open the front door with a key. Alarms will ring or you will be unable to access your money if you do not enter a code within a limited period of time.
When you turn on a newer PC with full-disk encryption and a TPM. The tiny chip will provide a unique code known as a cryptographic key. The key provided by the chip unlocks drive encryption and the computer starts up.
In case something is wrong with the key, your PC will not boot up. For example, if a hacker tries to temper with the encrypted disk within your PC. While it is the most basic function of modern TPM implementations, it is far from everything they can do.
Many technologies employ TPM chips, front printers to home devices and computers. Apart from providing boot-up protection, they can also perform a variety of other functions. They can also take many different forms other than a single chip.
According to TCG (Trusted Computing Group), in charge of maintaining TPM standards. There are two more types of TPMs. TPMs run as firmware code that runs in a dedicated environment or added as a physical addition in the main CPU.
Because it utilizes a trusted environment separate from the rest of the apps that use the CPU. This approach is as secure as a standalone TPM chip.
The virtual TPM is the third form of TPM. It is software-based. The TCG advises that this is not recommended for real-world usage. As it’s subjected to both tampering and any security bugs in the operating system.
The TPM chip communicates with the PC’s other security systems. Whether it is a fingerprint reader or Windows Hello facial recognition. To allow users access, it must all interact with the TPM.
TPM and Windows
TPMs have taken the place of the cumbersome smart cards that IT departments used to issue to their staff. To ensure that the system has not suffered from tampering. The smart cards must be inserted in a slot or taped to a built-in wireless reader.
TPMs are already used in security features at the operating system level. Have you ever utilized a newer laptop’s Windows Hello face-recognition login feature? That necessitates the use of a TPM.
TPMs are effective alternatives for earlier ways of protecting Windows PCs. Microsoft has required TPM 2.0 support on all new PCs running any version of Windows 10 since July 2016. (Home, Pro, Enterprise, or Education).
Only PCs with TPM capabilities will be able to run Windows 11. Microsoft has been adamant about this need in the run-up to the public release of Windows 11. The New OS is set to arrive as a free update for Windows 10 PCs this Christmas.
But, Microsoft has stated that Windows 11 will work on PCs with TPMs older than version 2.0. According to the company’s documentation, TPM 2.0 is more of a “soft floor” need.
TPM 1.2-equipped PCs will be able to run Windows 11 as well. Microsoft also warns that devices meeting the soft floor will receive a notification. Stating that update is not advised.
Is TPM 2.0 enabled on my PC?
There is a chance your computer supports TPM 2.0. If it fulfills the other Windows 11 leastm system requirements. But, the standard is rather old. TPM 2.0 is almost definitely installed on any PC purchased after 2016.
If your machine is more than a few years old. it is likely to have the older TPM 1.2 version (which Microsoft warns against using with Windows 11) or no TPM at all.
There is a way to check if your computer has a TPM chip-enabled. Go to the start menu, search for Windows Security and click on Device Security.
A new window will open, showing if your device has a TPM installed. With a small green checkmark next to the icon, it should state Security processor. If you do not see the Security Processor icon, you do not have a TPM installed.
Another easy way to check if a TPM is installed and enabled on your computer is to open the run dialog box. Type tpm.msc in the dialog box and hit enter.
The TPM (Trusted Platform Module) Management on the Local Computer window should appear. If it says “Compatible TPM cannot be found” your computer either does not have a TPM or has TPM 1.2.
Unfortunately, even if TPM 1.2 is enabled in the BIOS, Windows 11 still requires TPM 2.0.
Finally, you may use Microsoft’s PC Health Check tool to do a check. The tool will notify you if your computer is ready for Windows 11 after it has been installed.
What if you don’t have TPM 2.0?
If your motherboard does not support TPM 2.0. You can add the feature by buying a compatible module for your motherboard. For that, you will have to look up your motherboard model and check if the maker supplied a compatible TPM.
Also, it appears that TPM prices have risen since the release of Windows 11. As of this posting, an Asus TPM that sold for $14 on Amazon has sold out and is selling for more than $40 on the used market.
TPM production has also been suspended by certain manufacturers. And with the present surge in demand, production is expected to start.
If you can find a suitable module, all you have to do now is plug it into the TPM pins on your motherboard. It is also a good idea to enable it in the BIOS menu.
But, purchasing a TPM 2.0 add-on module and putting it into the header is not enough. Even if your home-built PC has a hardware TPM installed. For the Windows operating system to detect it, you will need to make sure it is set up in the BIOS.
Depending on the motherboard and CPU you are using, this process might take a long time. Even Microsoft admits that enabling TPM is not always a simple task.
TPM may already be installed if you have a more recent CPU, one produced after 2014. TPM is a security feature that is incorporated into contemporary CPUs through firmware. Intel uses Platform Trust Technology (PTT), whereas AMD Ryzen CPUs use fTPM.
Depending on the manufacturer, the steps to activate this in BIOS will differ. But, most people will need to restart their computer and hit the Delete key until the BIOS menu displays.
Users may need to navigate to more advanced settings to find the TPM option. The TPM firmware can then be enabled.
How To Open an Elevated Command Prompt in Windows 11/10
Many of the fixes and tweaks you’ll find on the internet require you to run Command Prompt as an administrator….