Microsoft recently announced that Windows 11 will require TPM (Trusted Platform Module) chips on existing and new devices. It’s a significant hardware change that has been years in the making, but Microsoft’s messy way of communicating this has left many confused about whether their hardware is compatible.
What is a TPM ?
“The Trusted Platform Modules (TPM) is a chip that is either integrated into your PC’s motherboard or added separately into the CPU,” explains David Weston, director of enterprise and OS security at Microsoft. “Its purpose is to protect encryption keys, user credentials, and other sensitive data behind a hardware barrier so that malware and attackers can’t access or tamper with that data.”
However, after many people ran the tool, they discovered it was reporting that “This PC can’t run Windows 11,” even on devices that run Windows 10 flawlessly as they do not have a TPM 2.0 installed.
For those with hardware purchased over the past couple of years, the likely reason you see this message is that you do not have specific settings enabled in your BIOS, or you do not have a Trusted Platform Module (TPM) installed.
- Windows 11 ISO File Download 32/ 64 Bit Free Leak, Release Date, System Requirements, Features
- Microsoft announces Windows 11: Five features you should be excited about
Why Microsoft Windows 11 requires TPM
A TPM is a dedicated processor used to perform hardware-based cryptographic operations to secure encryption keys and defend against malicious tampering of your hardware and the boot process.
An example of a TPM that you can purchase and add to an Asrock motherboard is shown below.
TPM processors come in two versions – an older and less secure 1.2 version and a more secure 2.0 version, which is a requirement for Windows 11.
Since 2013, Intel and AMD added firmware TPM technology to many of their CPUs that perform the same functionality as a TPM 2.0 processor without the need of a dedicated module.
For Intel Process, this technology is called Intel Platform Trust Technology (Intel PTT), and for AMD, it is called AMD Platform Security Processor.
“Almost every CPU in the last 5-7 years has a TPM. For Intel its called the “Intel PTT” which you set to enabled. For AMD it would be “AMD PSP fTPM”. TPMs have been required for OEM certification since at least 2015 and was announced in 2013,” said David Weston, Director of Enterprise and OS Security at Microsoft.
With Windows 11, Microsoft has brought security to the forefront by requiring a TPM 2.0 or compatible technology (Intel PTT or AMD PSP fTPM) to be available.
When a TPM 2.0 is installed in Windows, the operating system can use more robust encryption to secure your Windows Hello PINs, encrypts passwords, and enables more advanced security features, such as Windows Defender System Guard.
“The following Windows features require TPM 2.0: Measured Boot, Device Encryption, WD System Guard, Device Health Attestation, Windows Hello/Hello for Business, TPM Platform Crypto Provider Key Storage, SecureBIO, DRTM, vTPM in Hyper-V,” Microsoft told BleepingComputer.
“It is also a foundational security component to Windows in addition to Virtualization Based Security and the enablement of Android Apps on Windows delivered in a secure way.”
Unfortunately, this week, there was a bit of confusion as one Microsoft support document stated TPM 1.2 was the minimum requirement for Windows 11. In contrast, another hardware requirements page said it was TPM 2.0.
This conflicting information has since been fixed by Microsoft, who clarified to BleepingComputer that Windows 11 requires TPM 2.0.
How to Fix TPM issue?
Most modern motherboards released over the past few years support dedicated TPM 1.2 or 2.0 processors.
While they support TPM, it is usually required that you purchase and install the appropriate dedicated TPM that is compatible with your motherboard and then enable it in the BIOS.
However, since Windows 11 considers TPM 2.0 and the Intel PTT and AMD PSP fTPM CPU features to be equivalent, most people who have purchased a CPU over the last 5-7 years do not need to buy a dedicated TPM for their motherboard.
Instead, to achieve Windows 11 hardware compatibility, you just need to enable Intel PTT or AMD PSP fTPM support in your BIOS.
Once you enable Intel PTT or AMD PSP fTPM support in the BIOS, even if you do not have a dedicated TPM 2.0 module, the PC Health Check tool will still consider your hardware compatible with Windows 11.
Enabling Intel PTT or AMD PSP fTPM support is different on every motherboard but it is usually found in the BIOS’s advanced settings under security.
Microsoft official page about Windows 11 : Microsoft Windows 11