Microsoft announced that Windows 11 will need a TPM chip (Trusted Platform Module) to run on new and existing systems. It’s a significant hardware change that has been years in the making. However, many are currently in the state of confusion because of Microsoft’s lack of explanation. So in this article, you are going to learn virtually everything about the TPM chip and why you need one for Windows 11.

Windows 11 unveiled

All You Should Know About TPM & Why Windows 11 Needs It (2021)

If you used the free tool that tells you why your PC can’t run Windows 11 and TPM is found to be one of the limitations, this in-depth guide will help you understand the security chip in detail.

What is TPM and What Is Its Use?

In simple terms, TPM (Trusted Platform Module) is a hardware chip that’s responsible for protecting your PC from ransomware or any other kind of hacks and malware. It’s a cryptoprocessor that holds keys to sensitive information, including your PC’s PIN or password, Windows Hello authentication data, encryption keys for Bitlocker, security-critical keys, and more.

Since it’s a hardware-based module, it’s impossible for malware to manipulate it through traditional software methods. Hence, the TPM chip becomes an elevated, hardware-based “root-of-trust” that the OS can always trust.

TPM ChipTo give a parallel example in the Android world, Google Pixel phones come with the Titan M security chip that verifies the firmware and checks if it’s tampered with before booting the device. Apart from that, the Titan M chip also protects your payment information, lock-screen passcode, and other sensitive information.

Samsung also adds a separate Knox chip that does hardware-based authentication for passwords, payments, confidential files, etc. All this shows that hardware-based protection is the way to go, and Microsoft is right in including the TPM requirement for Windows 11.

Why Does Windows 11 Need TPM?

There is no denying the fact that Windows computers are favorite among hackers and sophisticated attackers. It’s largely because of how easy it’s to install programs from the web or automate a script on Windows that ends up infecting the whole system. Remote execution is another favorite method of hackers to exploit a vulnerable PC. Gone are the days when low-threat viruses blocked Task Manager, and you would have to run an antivirus program to make things right again.

Microsoft unveils Windows 11 with updated UI and Android app support

According to Microsoft, 83% of attacks that businesses experienced in the past two years were “firmware attacks“. Firmware attack means an exploit that attacks the firmware of the motherboard itself, taking control of hardware components, altering the boot process, and making code injection a simple execution. The main purpose of a firmware attack is to steal sensitive information like your Windows Hello fingerprint/facial data, bank details, Microsoft credentials, encryption keys, among other things.

The threat level of firmware attacks is very high. Hence, TPM is required to protect your sensitive information on Windows 11. The attacks have gotten so sophisticated that even TPM failed to guard cryptographic keys against the recent Spectre and Meltdown vulnerabilities. So it’s only natural for Microsoft to make a secure, hardware-based authentication system so that users remain on the safe side as we move forward.

Which Processors Have Built-in TPM Support?

The TPM module generally comes built-in with the CPU, but for custom-built PCs, you will find a TPM header on the motherboard where you can attach a compatible TPM module. At least since 2014, almost all the processors have come with the TPM module onboard. Intel started integrating TPM on its chips with the Haswell architecture (2013, 4th-Gen) except for the K-series, which got the integrated Trusted Platform Module with 6th-Gen (2015).

So, we expect Intel-powered Windows PCs after 2014 do have support for either TPM 1.2 or 2.0. You need to enable it from the BIOS/ UEFI menu. To give you an example, I have a 6th-gen Intel i5 processor, and TPM 2.0 is available on my PC. I just had to enable it from the BIOS.

intel

And if you are wondering, do AMD processors support TPM as well? Well, the answer is yes. The TPM security chip is integrated right into the CPU from Ryzen 2500 (2017) and onwards. Below, you can find out the steps for how to enable TPM on your Windows 10 PC.

How to Enable TPM in BIOS/ UEFI to Run Windows 11?

1. First, you need to boot into the BIOS or UEFI interface of your PC. You can do this by pressing the boot key continuously while your computer starts up.

Note: For HP laptops, it’s the “Esc” or “F10” key. As for other laptops and desktops, the boot key may differ. So make sure to search for the specific boot key for your computer from the internet. If you are using a custom-built desktop, the boot key depends on the motherboard manufacturer. It would be one of these – F12, F9, F10, etc.

How To Enable TPM in BIOS UEFI To Run Wndows 11 1

2. Once you are in the BIOS/ UEFI interface, look for something called “TPM” or Trusted Platform Technology. It’s also called PTT (Platform Trust Technology) on some Intel-based machines. On AMD machines, you might find the “PSP”, “fTPM”, or “PTP” option in the BIOS menu. Look around, jump into the Advanced Settings and make sure it’s enabled or available. There might be TPM State as well, so go ahead and enable it.

How To Enable TPM in BIOS UEFI To Run Wndows 11 2

3. Next, find the “Secure Boot” option under different menus and enable it. If the Secure Boot option is greyed out, you need to set a password in BIOS. Some laptops don’t allow you to enable Secure Boot unless you set a “Supervisor” or “Administrator” password. So set the password first, and then you can enable Secure Boot. Needless to say, you need to remember the password, else you will be locked out of your computer and won’t be able to access the BIOS.

How To Enable TPM in BIOS UEFI To Run Wndows 11 3

4. Now, press “F10” and hit enter to save and exit. F10 is generally reserved for “Save and exit”, but the key may differ for your computer. We suggest you check it on the BIOS/ UEFI footnote.

How To Check If Your Windows 10 PC Has a TPM Module?

Method 1: Using TPM Manager

1. Once you have enabled TPM in the BIOS/ UEFI menu, just use the “Windows + R” keyboard shortcut to open the Run window. Here, type tpm.msc and hit enter.

How To check if your Windows 10 PC Has A TPM Module 1

2. A new window will open up. Here, under “Status“, check if the TPM chip is available or not. Right below, you can also find the TPM version.

How To check if your Windows 10 PC Has A TPM Module

Method 2: Using Device Manager

Another way is to check TPM availability through Device Manager. Press the “Windows + X” shortcut and open “Device Manager“ >> “Security devices” menu, and you will find TPM along with the version information.

How To check if your Windows 10 PC Has A TPM Module 2

Method 3: Using Windows Settings

Finally, there is one more way to check the TPM module on your Windows 10 PC. Open “Windows Security” and move to the “Device Security” tab. Here, click on “Security processor” details, and you will find all the information regarding the TPM chip on your computer.

Is There Any Hope For Those Without TPM Module On Their PC?

As earlier mentioned above, if you bought a laptop in the last 5 to 6 years, your laptop likely comes with the TPM module. All you need to do is enable it from the BIOS. In case your laptop is running an older CPU, then unfortunately, you can’t add a TPM chip since laptop motherboards don’t come with a TPM header. Plus, Microsoft will allow certain OEMs to bypass the TPM requirement for commercial purposes.

Microsoft will allow certain OEMs to bypass the TPM requirement

On the other hand, if you own a custom-built desktop PC, you can very well add a TPM security chip to the motherboard. Most motherboards come with the required TPM header (TPM imprinted next to it), so you are good to go. However, ensure you check the compatibility of the chip with your motherboard while buying the module.

Apart from that, currently, the TPM chip is nowhere to be found because of the sudden surge in demand. I won’t recommend you to pay an exorbitant price to buy a TPM chip. You should wait for the prices to come down.

Conclusion! Enable TPM to Protect Your Windows PC

Well, this is a more detailed explanation of TPM and why Microsoft decided to make it mandatory for any interested Windows 11 user. I think it’s a well-thought-out move as we move to the next decade of computing. While Android, iOS, macOS, and Linux have great level of security, and it’s now time for Windows to level up or even up the game.

In case you are facing the “PC can’t run Windows 11” error due to an unsupported CPU, it still recommended you to enable TPM as a good security measure, so that your data is protected even on Windows 10. So that is all for now.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Captcha verification failed!
CAPTCHA user score failed. Please contact us!