Microsoft’s hardware requirements for Windows 11 have been undoubtedly confusing, with users questioning why they need both an 8th-gen Intel Core CPU and TPM functionality to upgrade to Windows 11. On Friday, Microsoft attempted to answer that question.
In a blog post, David Weston, director of enterprise and OS security for Microsoft, explained that TPMs (Trusted Platform Modules) are part and parcel of Microsoft’s response to a growing level of cybercrime, including phishing and ransomware. PCs with TPMs inside offer a greater level of protection from those attacks, Weston wrote.
Weston explained that Microsoft has helped push the PC platform forward from 2019’s secured-core PCs, which began combining hardware and firmware protections with virtualization. But Microsoft needs a more solid foundation for the future, and TPMs enable that, Weston wrote. All new Windows 11 PCs will ship with a TPM 2.0 inside, he said.
“PCs of the future need this modern hardware root-of-trust to help protect from both common and sophisticated attacks like ransomware and more sophisticated attacks from nation-states,” Weston wrote. “Requiring the TPM 2.0 elevates the standard for hardware security by requiring that built-in root-of-trust.”
In the future, Weston added, you’ll see PCs with the Pluton technology, which Microsoft co-developed with AMD, integrated into AMD, Intel, and Qualcomm CPUs for the PC. Pluton further integrates the TPM into the PC’s microprocessor, establishing a secured channel to Microsoft’s Azure cloud for secured Windows updates and firmware updates, too.
Making sense of the TPM and Windows 11
The Trusted Platform Module (TPM) is a chip that is either integrated into your PC’s motherboard or added separately into the CPU, Weston explained. Its purpose is to help protect encryption keys, user credentials, and other sensitive data behind a hardware barrier so that malware and attackers can’t access or tamper with that data. TPMs can be discrete chips on a PC’s motherboard, but more recently they’re been directly integrated into the CPU itself as a logic block.
Knowing the differences between a TPM 1.0 chip and a TPM 2.0 chip aren’t really necessary for the enthusiast PC owner, but Microsoft points out several differences: TPM 2.0 supports more sophisticated cryptographic algorithms, provides a more standardized experience, and, most importantly, can be integrated into a CPU.
In a Twitter post on Thursday, Weston pointed out that almost every CPU in the last five years includes a TPM, either called the Intel PTT, or the AMD PSP fTPM. Microsoft has required such a TPM to certify PCs since at least 2015. However, you may need to go into your BIOS and enable that functionality. Robert Hallock, director of technical marketing at AMD, also noted that most PCs already support a first-gen TPM.
