Struggling to figure out why TPM 2.0 is required for Windows 11? Want to know what is so important about TPM? This article should help.
In this article:
What is TPM?
Put simply, TPM - which stands for Trusted Platform Module - is a chip installed on your motherboard, and a security feature that protects at a hardware level.
It is incredible that - as crucial as hardware security is - very few Windows users understand the more advanced aspects of how their PC or laptop is protected against physical and virtual threats. TPM is absolutely the pinnacle of the standardised security features of modern mainstream computing, designed to offer a new level of security for PC owners that just did its job without user input. Ideal for a wide consumer base, yes. But also somewhat problematic for some users from 2021 onwards.
TPM was, of course, the wildcard "mandatory requirement" that Microsoft told us about before the launch of the Windows 11 operating system. Importantly, though, TPM has been around much longer than the last few years, and came long before Windows 11.
The Trusted Computing Group is a non-profit body consisting of over 100 members which include the likes of AMD, Intel, Google, Dell and other household name A-listers. Together they govern the technology that exists in TPM. The first standardised version - version 1.2 - rolled out in 2009, ten years after the TCG formed, and though the group existed in many different forms from 1999 onwards, the objective was always the same: to create a component for a computer that could perform a standard set of security functions.
In 2015, following solid Windows Vista support, TPM 2.0 was released, and still remains the very latest and state of the art version in trusted computing in 2022. Although never a mandatory requirement, TPM has remained optional in all Windows releases up until Win 11, and some advanced users even switched it off. Further, manufacturers seemed to side with consumer sentiment and began shipping motherboards with TPM switched off as default.
Example: ASRock TPM 2.0 Disabled 9Image: ASRock
What does TPM do?
Simply put, TPM is in and of itself a tiny computer. It is capable of being written to, read from and storing data. The most critical thing TPM does, however, is perform security checks that are designed to protect the PC in various states. As an example, when you boot into Windows, you need to first get past the BIOS. At this point, your PC could be vulnerable to security threats if you were unprotected. TPM is capable of performing checks even in this early phase of startup, because it is itself a component - rather than software that could be manipulated.
For those unfamiliar with the capabilities of TPM, here is a non-exhaustive list of features: -
- Extensively used for digital rights management (DRM), protecting systems that use Windows OS and enforcing the legitimacy of software licenses.
- Can store passwords, certificates or encryption keys.
- Works as an integral component with other security technologies, such as antivirus software, firewalls, biometrics and other similar and emerging technologies.
- Can generate, store and enforce limitations of the use of cryptographic keys.
- Ensures platform integrity by detecting changes to past configurations at a hardware level.
- Provides device authentication using the RSA key contained in the TPM.
- Can be used to mitigate cyberattacks in the form of ransomware, brute force (i.e. dictionary attacks) as well as firmware level and phishing attacks.
How do I know I am using TPM?
If you use applications such as BitLocker, Windows Defender, or have a login on your computer, then you are using your TPM to do so. If you are using Windows 11, then you are certainly using TPM 2.0, as this is a prerequisite.
MSI Motherboard - TPM Enabled (Image: MSI)
How do I check if I have TPM enabled?
You can check if you have TPM enabled in your BIOS. This short video demonstrates how to check an MSI motherboard BIOS: