You don’t need to spend an extra $100 to run Windows 11. Prices have dropped since, but it shows how much of a fuss this requirement caused. firmware TPMĪfter the announcement of Windows 11, the price of dedicated TPM hardware has shot up on the secondhand market. By getting PCs up to date with the latest hardware security, Microsoft can push forward with its security efforts rather than focus on getting more people on board. The TPM requirement on Windows 11 is the medicine before the candy. Windows automatically leverages the TPM during boot sequences, but other software, such as antivirus, can also leverage it to weed out rootkits before the OS loads.Ĭyberattacks continue to rise, likely in response to the increasing amount of personal (and valuable) data that people store on their PCs and online. That opens up a world of possibilities to attackers, allowing them to infect the bootloader of your OS or even the kernel (the core of your OS). Although some rootkits only attack a particular application, many start loading before your OS does.
Antivirus services can usually deal with this type of malware, but some struggle with rootkits.Ī rootkit is a piece of malware that’s supposed to live on your computer undetected. Most malware is written to run on your OS, so something like adware executes after the operating system has loaded, even if you don’t see the program actively running on your desktop. That ensures you aren’t loading into an OS that has malicious code. The first is that the TPM can verify the integrity of Windows before the operating system loads. This is a good step for a couple of reasons. Windows takes control of the TPM while your computer is booting. The integration with Windows goes a lot deeper, though, which has caused some confusion with Windows 11.
As mentioned, Windows 10 and Windows 11 use the TPM for BitLocker disk encryption and Windows Hello. It’s not hard understanding what a TPM does, but its application in Windows is a little messy. It’s a device that helps prove you are who you say you are, and that you’re accessing a computer you own. Because the device lives on your motherboard, it doesn’t need to communicate with any server or require further, offsite authentication. In short, a TPM helps you protect your most sensitive data. This certificate lives on the module and never changes, verifying that any component communicating with the TPM is, indeed, communicating with the TPM.
That means software attacks can’t expose the secrets you have stored on the TPM.Ī dedicated TPM further raises security thanks to a static Endorsement Key (EK) certificate. Furthermore, the TPM stores this information on actual hardware, not through software. It can store any part of a secret you need for decryption, regardless if that’s a password, certificate, or encryption key. That’s not the only purpose of a TPM, though. In the case of the upcoming Windows 11, the TPM can store things like your biometric data for Windows Hello and part of the encryption key for BitLocker. It’s a dedicated processor that handles encryption, holding part of the secret key you need to decrypt data on your device and access services. What is TPM?Ī TPM is a chip that lives on your computer’s motherboard.
We’re here to help you cut through the cryptographic weeds so you can get your PC up to spec to install Windows 11. Still, it’s tough understanding what a TPM is, and more importantly, why you need one for Windows. It’s the device that allows you to use biometrics to log in to Windows and encrypt data on your device. A TPM, or Trust Platform Module, is a dedicated processor that handles hardware-level encryption.
Windows 11 is out and updating on many machines, and in the process a lot of PC builders are tripped up by an odd system requirement: TPM 2.0.