What is a Trusted Platform Moduleand why does Windows 11 still need one?
Microsoft announced that Windows 11 will require the use of TPM (Trusted Platform Module) chips in new and existing devices. This is a major change that took years, but Microsoft’s chaotic communication methods left people confused about their hardware compatibility. Its purpose is to protect encryption keys, user credentials, and other sensitive data behind a hardware barrier, so that malware and attackers cannot access or manipulate these data.
TPM principle and firmware attacks
The working principle of TPM is to provide hardware-level protection, not just software-level protection. It encrypt disks using Windows features such as BitLocker or prevent dictionary attacks on passwords. The TPM 1.2 chip is usually only used in business laptops and desktops for IT management. For several months, Microsoft has been warning that firmware attacks are on the rise. Ransomware attacks make headlines every week, and ransomware funds more ransomware, making it a difficult problem to solve. TPM will definitely help some attacks, but Microsoft relies on a combination of modern CPUs, secure boot and its virtualization protection suite to really weaken ransomware.
Microsoft’s Windows 11 website lists the minimum system requirements. Moreover, with links to supported CPUs, it clearly mentions that a minimum TPM 2.0 is required. Microsoft requires people to download and verify that Windows 11 is running. The PC health check flags systems that don’t enable secure boot or TPM support or devices that unofficially supported CPUs chip.
But the Windows 11 update may not work on older machines as well, and Microsoft suggested that it won’t. Unless your CPU is very old, it may already be compliant.