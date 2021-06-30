Several days have passed since the release of Windows 11, but there are still many questions regarding the new operating system. Especially as regards the compatibility of components and, particularly, the obligatory nature of have a TPM 2.0 on the computer.

Many users still they don’t know if their PC can be upgraded to Windows 11 or not, and much of the responsibility falls on Microsoft. The Redmond corporation has created quite a bit of confusion with the minimum requirements for Windows 11 and their flexibility. The comings and goings of the company are not only related to the obligatory nature of TPM 2.0, but also to the compatible processors.

But what is a TPM 2.0? Why is it so important that my PC have one? Is it possible to install it? What types of TPM are there? In this article we answer all those questions you may have about one of the most controversial requirements of Windows 11.

What is TPM 2.0 and why is it essential to install Windows 11?

TPM is the acronym in English for Trusted Platform Module, and has become the protagonist of the latest novel related to Windows 11. It is a dedicated chip isolated from the rest of the team that stores and manages various sensitive data on a PC. The small component is present on the motherboard of the PC and we can find it in many computers from 2016 onwards.

In fact, Microsoft was the company that “pushed” manufacturers to incorporate TPM 2.0 into their computers. In fact, it was imposed as a condition for certification of hardware compatible with Windows 10. However, it is only now listed as a hypothetical impediment to the installation of Windows 11, even if the other requirements are easily met.

So why does Microsoft insist on mandatory TPM 2.0 for Windows 11 installation? This was said by the company, through David Weston, Director of Enterprise Security and Operating System:

The purpose [de TPM] is to help protect encryption keys, user credentials, and other sensitive data behind a hardware barrier so that malware and attackers cannot access or manipulate that data. The computers of the future need this modern hardware root-of-trust to help protect them from both common and elaborate threats, such as ransomware and more sophisticated attacks from nation-states. Requiring TPM 2.0 raises the bar for hardware security by requesting that built-in root of trust. TPM 2.0 is a critical component for providing security alongside Windows Hello and BitLocker, which help customers better protect their identities and data.

Understand the different types of TPM

Many of the doubts surrounding Windows 11 and the compatibility of computers with TPM 2.0 were fed by Microsoft itself. Originally, the documentation for the new operating system spoke of a “soft floor” and a “hard floor” in reference to the hardware specifications that had to be met.

In this way, minimum requirements parameters were established (below those recommended) to install and run the OS. For example, Windows 11 could be used on computers with unsupported processors or TPM 1.2. The latter was a major relief, since TPM 1.2 has been available since March 2011 and is feasible to find on older computers. However, the Redmond company removed such information from its website without explaining why.

Logically, TPM version 2.0 is much more advanced and complete than 1.2. As dynabook explains on its support page, TPM 1.2 only allows the use of the RSA cryptographic system and the SHA-1 secure hashing algorithm. For its part, TPM 2.0 is more flexible when it comes to cryptographic algorithms. It supports newer methods and provides “a more consistent experience” across different implementations.

It is clear that there are several more differences between the two versions, but we focus on the simplest and most obvious. This makes it easier to understand why Microsoft would have backed down on Windows 11’s support for decade-old security technology.

fTPM, an alternative to consider

Image: PC Mag

There is a variant of TPM called fTPM, or firmware-based TPM. A highlight is that its operation does not require the installation of a dedicated chip on the motherboard. This makes fTPM a common alternative to viewing on laptops.

[En fTPM] the code runs on the main CPU, so no separate chip is required. While running like any other program, the code is in a trusted execution environment (TEE), separate from the rest of the programs that run on the CPU. By doing this, private keys that the TPM might need, but should not be accessed by others, can be kept in the TEE, creating a more difficult path for hackers. dynabook

Undoubtedly, it is an interesting alternative to consider when determining whether or not our PC is compatible with Windows 11. For example, the AGESA library, from AMD, offers support for fTPM 2.0 directly with the BIOS of supported motherboards.

How to know if we have a TPM 2.0 chip in our computer and how to activate it?

To know if our computer has TPM 2.0 we must simply write tpm.msc in the search engine of the Windows start menu. Immediately, a window called “Trusted Platform Module Administration on the local computer” opens. Once there it is possible to see the status, the name of the manufacturer, and the versions of the chip and the specification. In the latter case, the inscription 2.0 should be seen.

Your PC may have a TPM 2.0 chip, but it is disabled by default. If you want to activate it, you can do it manually from the “Prepare TPM” option.. Another option is to do it from the BIOS, checking the advanced or security section. Depending on the motherboard model you can find similar options, but under somewhat changing names. Remember that the installation of Windows 11 also requires having Secure Boot active.

Is it possible to add a TPM 2.0 chip to my computer?

The answer is short: if possible. A TPM 2.0 chip can be incorporated into a PC motherboard with great ease. In fact, they are available from major online stores and are generally inexpensive. In any case, it is worth considering that after the announcement of Windows 11, speculators appeared who triggered the price of this component. For this reason it is important to be careful and not get carried away by the profiteers who are always the order of the day on the web.

Conclution

TPM 2.0 is an extra security barrier that Microsoft makes mandatory for Windows 11, and it is not bad that it is that way. The problem is lack of consistency in ads regarding hardware requirements, and the confusion that comes with when information is unclear.

With the launch of the first version of the new operating system, we will surely have more data to help us understand how it works and if it is possible to take it outside the limits established by its developer.

