Here’s why you can’t run Windows 11 without a TPM
Microsoft officially unveiled Windows 11 during a special event this Thursday, showing off a ton of visual changes. The new OS also came with some significant changes to the hardware requirements, such as 4GB of RAM and a 64-bit processor. The issue that most users seem to have run into, though, is the lack of a TPM module, which is another new requirement for Windows 11. Now, Microsoft has shared more details about why the module is necessary. As you might have guessed, the reason is security.
The TPM, or Trusted Platform Module, is a chip that’s added into a computer’s motherboard or CPU, and it’s meant to help keep highly sensitive data safe. It stores data like encryption keys and user credentials, and it establishes a hardware barrier so that potential attackers can’t get to it as easily. This allows Microsoft to safely enable features like Windows Hello and BitLocker.
The reason Microsoft is making this a requirement is due to Windows 11 being designed for hybrid and remote work. Cybersecurity threats and attacks have been on the rise since the start of the pandemic, and with more people working remotely, it becomes increasingly necessary to offer hardware-level protection against attacks.
In a study back in March, Microsoft found that 83% of businesses suffered firmware-based attacks, but that only 29% has resources dedicated to protecting it from attacks. The company has already been doing some work in this regard, launching Secured-Core PCs in 2019 to certify devices that follow the best practices to keep the firmware layer secure. The TPM requirement in Windows 11 is just another step towards that protection.
This isn’t a completely new requirement, either. New Windows 10 PCs have been required to ship with a TPM chip since 2016. However, you could still upgrade to new versions of Windows 10 if you didn’t have that chip. You could also build your own desktop PC without a TPM module and install Windows 10 on it. With Windows 11, many users have found that they can’t upgrade their own PCs due to the lack of a TPM chip. That’s led to spikes in prices for TPM modules in the past day, and that’s likely to worsen as we get closer to an official release.
Thanks to Windows 11, people are scalping TPM2.0 modules as well now.
$24.90 ➡ $99.90 in just 12 hours pic.twitter.com/9TTHC2c47w
— Shen Ye (@shen) June 25, 2021
It should be noted that TPM 2.0 is actually the soft floor, while the hard requirement is TPM version ≥ 1.2. According to Microsoft’s Director of OS Security on Windows, almost every CPU from the last 5-7 years has TPM in their firmware, though you may need to fiddle with a BIOS setting to enable it. You can check which specification your PC’s TPM supports by opening “tpm.msc” in the Run box. We’ll have a guide up soon that goes into more detail on TPM status verification, so keep an eye out for that post.
Almost every CPU in the last 5-7 years has a TPM. For Intel its called the “Intel PTT” which you set to enabled. For AMD it would be “AMD PSP fTPM”. TPMs have been required for OEM certification since at least 2015 and was announced in 2013: https://t.co/1qwfwKSrdd
— DWIZZZLE (@dwizzzleMSFT) June 24, 2021
This requirement may be an inconvenience for some users, but ultimately, this measure is designed to keep users safe. Not every user can dedicate time or money to protecting their machines, so having this baseline protection is important. On the other hand, that means many Windows 10 devices that can’t be upgraded will also not be protected. Microsoft expects users to buy TPM modules or new devices to stay up-to-date and protected.