Why TPM 2.0 is mandatory for Windows 11

Why does windows 11 require a PC with TPM 2.0? Does my PC have a TPM 2.0? Does my PC already have that? Is it disabled? Why isn’t TPM 1.2 good enough? Will my used desktop processor work? And why do windows need it in the first place?

There are so many questions that come to mind when we talk about TPM 2.0 being mandatory for Windows 11. But before we answer all of these confusing questions for you, let’s first learn what TPM is, after all.

What is a TPM?

TPM is a Trusted Platform Module. It provides security functions at the hardware level, and its role is to generate and store encryption keys in a tamper-resistant manner. It also protects against malware and other external attacks.

Windows call it the ‘hardware root-of-trust. According to them, all Windows 11 PC will have this tamper-resistant element at the core that will perform security features like disk encryption and biometric signing through Windows Hello.

The TPM attestation can be used to authenticate hardware and software that are remote. It comes with a unique endorsement key that is found on the hardware. Organizations can check remotely and verify the device while ensuring that the device has not been tampered with. This can be useful for an organization managing a fleet of laptops.

The TPM includes a random number generating software that the system can depend on. When modern smartphones have all of these functions, why can’t computers?

Now that we know what a TPM is, let’s answer all of the other questions!

Why does Windows 11 Need it?

A BitLocker encryption can store encryption keys in the TPM. This will help to protect your files. Thus when your computer boots, these keys help to unlock your drive. In case an attacker attacks your PC or server processors and inserts your system drive into another computer. He cannot decrypt your files without access to the keys in the TPM. And as the TPM is tamper-resistant, the attacker cannot just plug it into another computer. Nor can he extract the decryption key from it.

Even when you talk about Windows 10, a BitLocker will not work without a TPM. If Windows 11 has a TPM, they all can support Device Encryption, which is a lot better than Windows 10, which comes with disk encryption.

Therefore, a TPM provides each Windows system with baseline hardware security. Thus Microsoft will not need to build software-based hacks on top of Windows 11 due to the introduction of TPM. Nor would it have to leave behind necessary functionality like disk encryption.

Why isn’t TPM 1.2 Good Enough?

Initially, Microsoft announced that systems with TPM 1.2 cannot upgrade to TPM 2.0. However, later they said that TPM 2.0 would be a requirement. Microsoft elaborates on various security advantages that TPM 2.0 has over 1.2. This includes the support for more modern cryptographic algorithms. Since TPM 2.0 has these advantages and much more, it makes sense to require the 2.0 version.

Does your PC have a TPM? Is it Disabled?

If you have a PC that came with windows 10 in 2016 or later, there is a chance that it might already have TPM 2.0. However, if the model was made before the cutoff date, then there is a chance it might not.

If your PC is older than that, then it might not have the TPM that Windows 11 requires. Many of the PCsthat have been updated from windows 7 to 10 will likely be left behind by this requirement.

On the other hand, people who have built their PCs, or used desktop processor that is old, would not have TPM 2.0 on their devices, including if you have purchased it from a company that built it for you. Even if your windows say that TPM 2.0 is present, it might be disabled by default. In this case, you would have to enable it in your computer’s BIOS.

To find out if you have it or not, you need to visit your computer’s BIOS and look for the TPM feature to enable it. Some computers have a firmware-based TPM, and Intel calls it the Intel Platform Protection Technology. While AMD calls it the Firmware Trusted Platform Module. You need to find an option that says something like this on the setting screen. Through this, you can activate your TPM.

Why shouldn’t you Circumvent Windows 11’s TPM Requirement?

Some individuals felt that there was no need to run TPM 2.0 on already running devices with Windows 11. They thought it was too restrictive. Their perspective is that Windows 10 ran with a TPM 1.2, which has been reasonably secure. Therefore, some users try to run Microsoft’s latest OS even on devices without the TPM 2.0 chip.

However, even if they turn out to be successful, here are the reasons why it would be wise to avoid them.

TPM 2.0 is More Advanced than TPM 1.2

As in most cases when it comes to technology, iterations with higher numbers are not just new, but they came with much better features too. Thus TPM 2.0 supports many more and newer cryptographic algorithms than its predecessors. This entails that it can design keys that are much harder to penetrate and break. This makes the device more difficult for hackers to infiltrate.

Compatibility Issues may Arise

Before releasing Windows 11 in the market, Microsoft extensively tested the product before release. Undoubtedly this was done on all the current devices. Thus you can conclude that running the new OS on a device that does not meet the hardware specifications may face compatibility issues. Not only this, it may give rise to various other problems. In any case, these issues may turn out to be much more expensive than investing in a supported device.

Microsoft won’t Release Updates for Unsupported Devices

Currently, the software giant relaxed some of the restrictions for its users and gave way for some unsupported devices to run Windows 11 for a bit of time. However, they made it clear that these unsupported devices will not be receiving any future updates.

You must be well aware of how important these updates are. In addition to helping improve user experience, introducing new features, and giving some quality of life upgrades, these updates help in boosting your server processors and OS’s defense system. It will guard you against the most recent cyber threats. Thus, not receiving these updates will leave you vulnerable to cyberattacks.

When it comes to the thought or effort of bypassing the Windows 11 hardware requirements, our advice is to just say to yourself that, ‘if you can, does not mean you should. This statement stands for itself, and we hope you won’t fall on the other side of it.