When Microsoft announced the launch of Windows 11, its pronouncement had a sting in the tail: the operating system will only run on PCs that have TPM capabilities.
What is TPM?
The acronym TPM stands for Trusted Platform Module, which is a security feature that’s often found in the form of a small chip on a computer’s motherboard.
A TPM is quite different from web security or cloud security systems, and is a security mechanism that generally requires a physical chip to be installed within a device.
It’s now not always obvious whether a computer has this chip on its motherboard because sometimes TPMs are not switched on, meaning they need to be enabled inside the BIOS.
Do I need TPM 2.0 to run Windows 11?
Microsoft’s announcement sparked fears that older PCs will be unable to run Windows 11, because TPMs have only been fitted as standard in computers for the past four years or so.
However, we’re glad to report that the furore is something of a storm in a teacup.
In fact, Microsoft has required TPM 2.0 support since July 2016 on all new PCs that run any version of Windows 10 for desktop, including Home, Pro, Enterprise, or Education.
Likewise, Windows 11 will only run on PCs that have TPM. Microsoft has been strict on this requirement ahead of the Windows 11 general availability, which is scheduled to arrive as a free upgrade for Windows 10 PCs.
If you download the Windows 11 compatibility tool now, it will only indicate that your system is ready if TPM 2.0 is up and running. Microsoft also notes that it will be tweaking the tool in the coming days and weeks to be more helpful in explaining compatibility specifics.
However, Microsoft has quietly noted that Windows 11 will run on PCs that have TPMs older than version 2.0 in certain situations.
The company’s support documents indicate that TPM 2.0 is more of a “soft floor” requirement, and that PCs with TPM 1.2 will also be able to run Windows 11. But “devices that meet the soft floor will receive a notification that upgrade is not advised”, Microsoft warned.
What has Microsoft said about TPM 2.0 and Windows 11?
On the Windows blog, Microsoft director of enterprise and OS security, David Weston, said that “requiring the TPM 2.0 elevates the standard for hardware security by requiring that built-in root-of-trust”.
He added: “With Windows 11, we’re making it easier for customers to get protection from… advanced attacks out of the box. All certified Windows 11 systems will come with a TPM 2.0 chip to help ensure customers benefit from security backed by a hardware root-of-trust.
“The Trusted Platform Module (TPM) is a chip that is either integrated into your PC’s motherboard or added separately into the CPU. Its purpose is to help protect encryption keys, user credentials, and other sensitive data behind a hardware barrier so that malware and attackers can’t access or tamper with that data.
“PCs of the future need this modern hardware root-of-trust to help protect from both common and sophisticated attacks like ransomware and more sophisticated attacks from nation-states. Requiring the TPM 2.0 elevates the standard for hardware security by requiring that built-in root-of-trust.
“TPM 2.0 is a critical building block for providing security with Windows Hello and BitLocker to help customers better protect their identities and data. In addition, for many enterprise customers, TPMs help facilitate Zero Trust security by providing a secure element for attesting to the health of devices.”