Why does Windows 11 require TPM Chip?

On June 24th, 2021, Microsoft announced the arrival of an all-new operating system – Windows 11. With that, Microsoft also issued the minimum system requirements for installing Windows 11 on your device. If you have followed the announcement, you might be aware that apart from other requirements, there is an essential hardware specification required, which many people never noticed earlier named TPM 2.0 Chip.

In this post, we will discuss TPM Chip in detail and find out why does Windows 11 requires TPM Chip for the installation.

  Fix "This PC can't run Windows 11"

What is a TPM Chip?

Before the announcement of Windows 11, not many PC users were aware of Trusted Platform Module (TPM). It is actually a tiny chip, the cryptoprocessor installed on your computer’s motherboard responsible for the hardware-level security. TPM Chip is responsible for carrying out essential operations like generating encryption keys and providing hardware-based authentication.

Many modern computer systems and laptops come with TPM already installed in their motherboards. You also have the option to manually fit it into your motherboard if you don’t have it on your system. Apart from that, modern ways also allow you to use virtual TPM through dedicated software.

What are TPM Chips used for?

As its name suggests, TPM Chip is a trusted hardware component of the motherboard whose primary purpose is device security. It is used for protecting and encrypting the data. It can also store sensitive information like passwords, encryption keys, and security certificates. The great thing about it is, it can create a hardware barrier that is more secure than a software barrier. 

The advanced TPM Chips can isolate themselves if any malicious program or behavior is detected on the system. The TPM 2.0 can even scan the BIOS of your computer upon restart and run conditional tests to check for some malware. 

The TPM can also detect if someone has tampered with the hardware components of the device, such as hard disk, Wi-Fi module, etc. The biometric information gathered by Windows Hello is all stored in TPM Chips.

Further, the TPM is also used for generating unique cryptographic keys to encrypt your device’s hard drive. Finally, modern browsers like Chrome, Edge, and others can also use it for maintaining SSL certificates.

Why does Windows 11 require TPM Chip?

When Windows 10 was launched, Microsoft had explicitly directed the original equipment manufacturer to equip the new devices with the TPM Chips. However, at that time, it was not mandatory for a machine to have a TPM to run Windows 10. This was because many users were switching from Windows 7 to Windows 10 OS on their old devices.

Now with Windows 11, Microsoft wants to make the security of the system the priority than anything else. Since Apple is making its market with the reputation of being secure and privacy-focused, Microsoft might want to give some competition.

The only way to make Windows devices more secure is through the integration of TPM Chips into the motherboard. So, through Windows 11, Microsoft is finally forcing users to either switch to the devices with the latest TPM 2.0 chip or else attach the chip externally if the motherboard supports it.

Microsoft has explained it very clearly in one of their latest blog posts. The Chief Director of enterprise and OS security for Microsoft, David Weston, has explained the importance of TPM Chips and why it is necessary for Microsoft and its users. He says that the forced requirement of TPM 2.0 for Windows 11 was in response to the growing cyber crimes like Phishing, Ransomware, and others. He further states that Microsoft needs a solid foundation for fulfilling future security and privacy commitments. Therefore, with TPM made compulsory, all the future Windows OS devices will be equipped with the latest TPM 2.0 Chip inside. Furthermore, requiring the TPM 2.0 elevates the standard for hardware security by requiring that built-in root-of-trust.

Why only TPM 2.0? Why not TPM 1.0 or 1.2?

Many PC experts have pointed out that there is not much difference between TPM 1.0 and TPM 2.0, and Microsoft is forcing TPM 2.0 just to increase the sales of devices with TPM 2.0. However, Microsoft has sorted out various differences between the first and second generations of TPM. According to Microsoft, TPM 2.0 supports more sophisticated cryptographic algorithms, provides a more standardized experience, and, most importantly, can be integrated into a CPU. TPM 2.0 supports newer algorithms, which can improve drive signing and key generation performance

According to us, it is true that TPM 2.0 is more advanced and secure than TPM 1.2 or 1.0, but Microsoft could have allowed at least 1.2 for Windows 11 installation. Maybe Microsoft does not want any hardware component to affect the reputation of its upcoming OS, Windows 11.

Check if the TPM is enabled on your system

To check whether your system has a compatible TPM and it is enabled, follow these steps:

  1. On the windows search box, type Windows PowerShell, right-click on it and select Run as Administrator.run powershell as admininstrator
  2. Once the PowerShell window opens, type the get-tpm command and hit the enter key.
  3. Check whether TPM is present and enabled or not.get tpm

Check the TPM version installed on your device

To check the TPM version, follow these steps:

  1. Open the Run command box, type tpm.mscand hit the enter key.tpm msc
  2. On the TPM Management window, check the Specification version.TPM version
  3. If it is 2.0, then your computer is compatible with Windows 11.

Summing Up

Windows OS is famously known for the different malware attacks, unlike macOS, which is reputed as a tightly secured operating system. However, with the upcoming Windows 11 OS, Microsoft wants to change its reputation and compete with Apple in terms of providing a secure environment in its operating system. For that, Microsoft will force everything that it can. That is why TPM 1.0, which was previously listed as the minimum required for Windows 11, was soon replaced with TPM 2.0.

Do you need TPM for Windows 11?

YES. Users need a version 2.0 TPM or higher to run Windows 11, along with a DirectX 12-compatible GPU; a supported Intel, AMD, or Qualcomm CPU; 4 GB RAM; and at least 65GBs of storage

Can you install TPM externally?

Yes, if you have a PC, you can install TPM externally, if your device’s motherboard supports it. In this way, you can also easily upgrade to TPM 1.0, 1.2 to TPM 2.0.

What does TPM do?

TPM, or Trusted Platform Module, is a hardware chip that is integrated into CPUs and motherboards. The chip essentially offers a hardware level barricade, instead of just software-based segregation of accessible data on your PC.

3 thoughts on “Why does Windows 11 require TPM Chip?”

  1. Hi, I still managed 2021. 07. On the 11th, install a virtual machine from an ISO file with a Windows 11 PRO version. I also activated it with an unused Windows 10 key. Now I checked the TPM configuration based on the article and for me all the fields are “False” I guess this is because of the Virtual Machine, but then how did you manage to install, activate, and use it now? Or is the TPM not so mandatory yet?

    Reply
    • Hi,
      As you can notice in the post, my device has a compatible version of TPM, i.e., TPM 2.0 already installed, so there was no problem in installing Windows 11.
      To answer your question about the TPM requirement, initially, many users were able to bypass the TPM necessity through a registry hack. However, with the latest update, Microsoft has fixed it, and now without TPM 2.0, you won’t be able to install Windows 11.

      Reply

Leave a Comment