What Is a Trusted Platform Module (TPM), and Why Do I Need One for Windows 11?
Microsoft did not announce system requirements for its software update until earlier in 2021 after it had finished unveiling Windows 11.
TPM, or Trusted Platform Module, is a secure cryptoprocessor that secures a computer using an inbuilt cryptographic key. In simpler terms, it acts as a security alert for your computer, preventing hackers or malware from accessing data. TPM is a requirement for Windows 11 and thus, it appears that some older devices will be barred from receiving the Windows 11 update. Microsoft verified this, noting that while the situation “sucks,” it’s to ensure a more secure Windows experience moving forward.
What exactly is a TPM, and how does it work?
There are two types of security: software security and hardware security. When done correctly, software security is an effective technique of stopping hackers from infiltrating a system. However, because software is more malleable by nature — its code can be tweaked — there is always the possibility that a sophisticated hacker or an exploit will be discovered, allowing attackers to access critical information.
As the name implies, hardware security is hardcoded. The cryptographic keys are unchangeable unless the hacker knows exactly what they are in advance.
PCs of the future require this modern hardware root-of-trust to help guard against both common and complex assaults like ransomware, as well as more sophisticated attacks. In a blog post, the director of Enterprise and OS security at Microsoft, David Weston wrote: “By requiring the TPM 2.0, we raise the bar for hardware security by demanding that built-in root-of-trust.”
The TPM chip interacts with various security mechanisms on a PC. It doesn’t matter if it’s a fingerprint reader or Windows Hello facial recognition.
Does my computer have TPM?
There are several methods for checking whether your machine has a TPM. The simplest method is to open the Start menu, search for Windows Security, and then select Device Security from the left-hand column. A pop-up will open, indicating whether or not your device has a TPM installed. It should state Security processor, and there should be a small green tick next to the icon. If you don’t see the Security processor icon, you don’t have a TPM installed.
To see all of the steps, scroll through the gallery below.
If you don’t see anything, another easy approach to see if a TPM is installed is to type “tpm.msc” on the Windows Run box then press Enter.
The Trusted Platform Module (TPM) Management on Local Computer window should appear as a result. If it says “Compatible TPM cannot be found”, your machine either does not have a TPM or has TPM 1.2 but is not enabled in the BIOS.
Unfortunately, even if TPM 1.2 may be enabled in the BIOS, Windows 11 requires TPM 2.0.
Another option is to download Microsoft’s PC Health Check app. After installation, the application will inform you whether your PC is ready for Windows 11.
What should you do if you don’t have TPM 2.0?
For desktop users who do not have TPM 2.0, one option is to purchase a suitable module for your motherboard. This will necessitate a search for your motherboard model and a check to see if the manufacturer has ever supplied a compatible TPM. Furthermore, it appears that TPM prices have risen since the release of Windows 11. An Asus TPM, which originally sold for $14 on Amazon, has sold out and is now selling for more than $40 on the resale market. Some manufacturers have also halted the manufacturing of TPMs, but given the current rise in demand, production is likely to resume.
If you can find a compatible module, all you have to do is plug it into the TPM pins on your motherboard. Remember to enable it in the BIOS menu as well.
Now, if you have a more recent CPU, one produced after 2014, TPM may already be present. TPM is built into modern CPUs via firmware. Platform Trust Technology (PTT) is used by Intel, whereas fTPM is used by AMD Ryzen CPUs.
The steps to enable TPS in BIOS will differ depending on the manufacturer. However, most people will need to restart their PC and repeatedly press the Delete, F2, or F12 key until the BIOS menu opens. Users may need to navigate through more complicated menus to find the TPM selection. TPM firmware can then be enabled.
We hope this article sheds some light on what a TPM is and how to enable it.
Cheers!
Recommended read