Follow ZDNET: Add us as a favorite source On Google.
When Microsoft introduced Windows 11 in 2021, its new, stricter hardware compatibility testing included checking for the presence of a Trusted Platform Module (TPM) – specifically, one that meets the TPM 2.0 standard.
What is TPM?
The simple answer is that a TPM is a secure cryptoprocessor, a dedicated microcontroller designed to handle security-related tasks and manage encryption keys in a way that reduces the ability of attackers to break into the system. Windows uses that hardware for various security-related features, including Secure Boot, BitLocker, and Windows Hello.
Also: How to upgrade your ‘incompatible’ Windows 10 PC to Windows 11 – 2 free options
The TPM performs the essential mathematical functions that make it possible to encrypt and decrypt data, generate random numbers, and validate digital signatures. It is a secure place to store digital certificates, encryption keys, and authentication data in a way that cannot be tampered with.
But the full answer, like anything related to computer security, is a little more complicated.
TPM architecture is defined by an international standard (formally known as ISO/IEC 11889) was created by the Trusted Computing Group more than twenty years ago. The standard deals with how various cryptographic operations are implemented with an emphasis on “integrity security, isolation, and confidentiality”. (Thus),
The TPM may be implemented as a separate chip soldered onto a computer motherboard, or it may be implemented within the firmware of the PC chipset or CPU itself, as Intel, AMD, and Qualcomm have done over the past decade. Even Microsoft has gotten in on the action Microsoft Pluton Security Processorwhich is directly integrated into SoCs from AMD and Qualcomm; It can be used as a TPM or as a security processor with a separate TPM. If you use a virtual machine, you can also create a virtual TPM chip in it.
Why do you need TPM?
A December 2024 post on Microsoft’s Windows IT Pro blog The case was made that TPM 2.0 is “a non-negotiable standard for the future of Windows.” In the corporate world, at least, that change has already happened. Microsoft’s Windows Hardware Certification Program requires that any PC sold with Windows 10 have TPM 2.0; Business-class PCs commonly included TPM 1.2 as early as 2007. As a result, most Windows PCs in use today support this standard, and only those PCs not designed for the consumer market are more than ten years old.
In Windows, TPM works with the Windows Secure Boot feature, which verifies that only signed, trusted code runs when the computer starts. If someone tries to tamper with the operating system – for example, to add a rootkit – Secure Boot detects that the code trying to run does not match measurements stored in the TPM and prevents unauthorized code from executing. (Chromebooks have a similar feature called Verified Boot, which also uses the TPM to make sure the system hasn’t been tampered with.)
TPM also enables biometric authentication with Windows Hello, and contains a BitLocker key that encrypts the contents of the Windows system disk, making it nearly impossible for an attacker to break that encryption and access your data without authorization. For detailed technical explanation, you can Read this primerToday’s high-end business PCs start with TPM 2.0 and other hardware to enable firmware security and advanced identity verification, blocking many common security threats.
Does your PC have a TPM?
So, does your PC have a TPM? If it was sold with Windows 10 preinstalled in 2016 or later, the answer is almost certainly yes. This is also the year Microsoft began requiring manufacturers to ship PCs with TPM 2.0 available and enabled by default. Intel CPUs of that era include a TPM 2.0 embedded in the firmware (Intel calls this feature Platform Trust Technology, or PTT). Also in 2016, AMD began including a firmware-based TPM 2.0 called FTPM.
If your PC is older than this, it may still have a TPM. Intel began including this feature in its fourth-generation Core processors (Haswell) in 2014, but in general, this technology was only available and enabled in PCs built for the business market. Computers manufactured in 2013 or earlier may include separate TPMs that are separate from the CPU; For the most part, TPMs before 2014 followed the TPM 1.2 standard, which is not officially supported by Windows 11.
Also: Can’t upgrade Windows 10 PC? You Have 5 Options – And You Have to Act Now
To make things more complicated, your PC may have a TPM that is disabled in the BIOS or firmware settings. This is sure to happen on PCs configured to use legacy BIOS instead of UEFI. You can check the configuration of your Windows PC by using the System Information tool (Msinfo32.exe). To enable or disable TPM, you need to adjust the PC’s UEFI settings.
Windows 10 and Windows 11 initialize and take ownership of the TPM as part of the installation process. You don’t need to do anything special to install or use TPM other than making sure it is enabled for use by the PC. And it’s not just a Windows feature. Linux PCs and IoT devices can also initialize and use the TPM.
Apple devices use a different hardware design called safe enclaveWhich performs some cryptographic operations similar to TPM and also provides secure storage of sensitive user data.
Also: Windows 11 upgrade not working? Try My 4 Favorite Troubleshooting Tricks
The extra layer of security that TPM adds to tamper-resistant hardware is great. To view details about TPM in your Windows PC, open Device Manager and look under the Security Tools heading.
Solution
On a PC running Windows 10 that includes any version of TPM, you can upgrade to Windows 11 by making a simple change in the registry, even if the CPU is not officially supported. If your PC doesn’t include a TPM, you’ll need to use an unofficial hack to bypass the hardware compatibility check and install Windows 11. The easiest way to do this is with the help of a free, open-source utility called Rufus. For details, see “How to upgrade your ‘incompatible’ Windows 10 PC to Windows 11”.
