Microsoft announced thatÂ Windows 11 will need a TPM chip (Trusted Platform Module) to run on new and existing systems. Itâ€™s a significant hardware change that has been years in the making. However, many are currently in the state of confusion because of Microsoftâ€™s lack of explanation. So in this article, you are going to learn virtually everything about the TPM chip and why you need one for Windows 11.
All You Should Know About TPM & Why Windows 11 Needs It (2021)
If you used theÂ free tool that tells you why your PC canâ€™t run Windows 11Â and TPM is found to be one of the limitations, this in-depth guide will help you understand the security chip in detail.
What is TPM and What Is Its Use?
In simple terms, TPM (Trusted Platform Module) is a hardware chip thatâ€™s responsible for protecting your PC from ransomware or any other kind of hacks and malware. Itâ€™s a cryptoprocessor that holds keys to sensitive information, including your PCâ€™s PIN or password, Windows Hello authentication data, encryption keys for Bitlocker, security-critical keys, and more.
Since itâ€™s a hardware-based module, itâ€™s impossible for malware to manipulate it through traditional software methods. Hence, the TPM chip becomes an elevated, hardware-based â€œroot-of-trustâ€ that the OS can always trust.
To give a parallel example in the Android world, Google Pixel phones come with theÂ Titan M security chipÂ that verifies the firmware and checks if itâ€™s tampered with before booting the device. Apart from that, the Titan M chip also protects your payment information, lock-screen passcode, and other sensitive information.
Samsung alsoÂ adds a separate Knox chipÂ that does hardware-based authentication for passwords, payments, confidential files, etc. All this shows that hardware-based protection is the way to go, and Microsoft is right in including the TPM requirement for Windows 11.
Why Does Windows 11 Need TPM?
There is no denying the fact that Windows computers areÂ favorite among hackersÂ and sophisticated attackers. Itâ€™s largely because of how easy itâ€™s to install programs from the web or automate a script on Windows that ends up infecting the whole system. Remote execution is another favorite method of hackers to exploit a vulnerable PC. Gone are the days when low-threat viruses blocked Task Manager, and you would have to run an antivirus program to make things right again.
According toÂ Microsoft, 83% of attacks that businesses experienced in the past two years were â€œfirmware attacksâ€œ. Firmware attack means an exploit that attacks the firmware of the motherboard itself, taking control of hardware components, altering the boot process, and making code injection a simple execution. The main purpose of a firmware attack is to steal sensitive information like your Windows Hello fingerprint/facial data, bank details, Microsoft credentials, encryption keys, among other things.
TheÂ threat level of firmware attacks is very high. Hence, TPM is required to protect your sensitive information on Windows 11. The attacks have gotten so sophisticated that even TPM failed to guard cryptographic keys against the recent Spectre and Meltdown vulnerabilities. So itâ€™s only natural for Microsoft to make a secure, hardware-based authentication system so that users remain on the safe side as we move forward.
Which Processors Have Built-in TPM Support?
The TPM module generally comes built-in with the CPU, but for custom-built PCs, you will find a TPM header on the motherboard where you can attach a compatible TPM module. At least since 2014, almost all the processors have come with the TPM module onboard. Intel startedÂ integrating TPM on its chips with the Haswell architecture (2013, 4th-Gen)Â except for the K-series, which got the integrated Trusted Platform Module with 6th-Gen (2015).
So, we expect Intel-powered Windows PCs after 2014 do have support for either TPM 1.2 or 2.0. You need to enable it from the BIOS/ UEFI menu. To give you an example, I have a 6th-gen Intel i5 processor, and TPM 2.0 is available on my PC. I just had to enable it from the BIOS.
And if you are wondering, do AMD processors support TPM as well? Well, the answer is yes. The TPM security chip is integrated right into the CPU fromÂ Ryzen 2500 (2017) and onwards. Below, you can find out the steps for how to enable TPM on your Windows 10 PC.
How to Enable TPM in BIOS/ UEFI to Run Windows 11?
1. First, you need toÂ boot into the BIOS or UEFI interfaceÂ of your PC. You can do this by pressing the boot key continuously while your computer starts up.
Note: For HP laptops, itâ€™s the â€œEscâ€ or â€œF10â€ key. As for other laptops and desktops, the boot key may differ. So make sure to search for the specific boot key for your computer from the internet. If you are using a custom-built desktop, the boot key depends on the motherboard manufacturer. It would be one of these â€“ F12, F9, F10, etc.
2. Once you are in the BIOS/ UEFI interface, look forÂ something called â€œTPMâ€ or Trusted Platform Technology. Itâ€™s also called PTT (Platform Trust Technology) on some Intel-based machines. On AMD machines, you might find the â€œPSPâ€, â€œfTPMâ€, or â€œPTPâ€ option in the BIOS menu. Look around, jump into the Advanced Settings andÂ make sure itâ€™s enabled or available.Â There might be TPM State as well, so go ahead and enable it.
3. Next,Â find the â€œSecure Bootâ€Â optionÂ under different menusÂ and enable it. If the Secure Boot option is greyed out, you need to set a password in BIOS. Some laptops donâ€™t allow you to enable Secure Boot unless you set a â€œSupervisorâ€ or â€œAdministratorâ€ password. So set the password first, and then you can enable Secure Boot. Needless to say, you need to remember the password, else you will be locked out of your computer and wonâ€™t be able to access the BIOS.
4. Now, press â€œF10â€ and hit enter to save and exit. F10 is generally reserved for â€œSave and exitâ€, but the key may differ for your computer. We suggest you check it on the BIOS/ UEFI footnote.
How To Check If Your Windows 10 PC Has a TPM Module?
Method 1: Using TPM Manager
1. Once you have enabled TPM in the BIOS/ UEFI menu, just use the â€œWindows + Râ€Â keyboard shortcutÂ to open the Run window. Here, typeÂ
tpm.mscÂ and hit enter.
2. A new window will open up. Here, under â€œStatusâ€œ, check if the TPM chip is available or not. Right below, you can also find the TPM version.
Method 2: Using Device Manager
Another way is to check TPM availability through Device Manager. Press the â€œWindows + Xâ€ shortcut and open â€œDevice Managerâ€œ >> â€œSecurity devicesâ€ menu, and you will find TPM along with the version information.
Method 3: Using Windows Settings
Finally, there is one more way to check the TPM module on your Windows 10 PC. Open â€œWindows Securityâ€ and move to the â€œDevice Securityâ€ tab. Here, click on â€œSecurity processorâ€ details, and you will find all the information regarding the TPM chip on your computer.
Is There Any Hope For Those Without TPM Module On Their PC?
As earlier mentioned above, if you bought a laptop in the last 5 to 6 years, your laptop likely comes with the TPM module. All you need to do is enable it from the BIOS. In case your laptop is running an older CPU, then unfortunately, you canâ€™t add a TPM chipÂ since laptop motherboards donâ€™t come with a TPM header. Plus, Microsoft willÂ allow certain OEMs to bypass the TPM requirementÂ for commercial purposes.
On the other hand, if you own a custom-built desktop PC, you can very well add a TPM security chip to the motherboard. MostÂ motherboards come with the required TPM header (TPM imprinted next to it), so you are good to go. However, ensure you check the compatibility of the chip with your motherboard while buying the module.
Apart from that, currently, the TPM chip is nowhere to be found because of the sudden surge in demand. I wonâ€™t recommend you to pay an exorbitant price to buy a TPM chip. You should wait for the prices to come down.
Conclusion! Enable TPM to Protect Your Windows PC
Well, this is a more detailed explanation of TPM and why Microsoft decided to make it mandatory for any interested Windows 11 user. I think itâ€™s a well-thought-out move as we move to the next decade of computing. While Android, iOS, macOS, and Linux have great level of security, and itâ€™s now time for Windows to level up or even up the game.
In case you are facing the â€œPC canâ€™t run Windows 11â€ error due to an unsupported CPU, it still recommended you to enable TPM as a good security measure, so that your data is protected even on Windows 10. So that is all for now.