author: Konrad Sarzynski
Microsoft Explains Why Windows 11 Needs TPM 2.0
Many learned about the existence of the TPM 2.0 security module only after reading Windows 11's hardware requirements. What is it and why is it needed? Microsoft explains the requirement with concern for our security.
- TPM 2.0 is a small chipset that improves computer security;
- Using TPM 2.0 will make it much more difficult for unauthorized people to access our computer, thus better protecting the data on it;
- Most users now do not have to worry about buying the missing part.
Microsoft unveiled its new operating system, Windows 11, on June 24, 2021. When the initial requirement for a TPM 1.2 module was changed to TPM 2.0, it caused a lot of controversy, and scalpers went on a shopping spree, driving up the price of the component in hopes of making a quick buck. The atmosphere is further heated by the fact that Windows 11 can now be downloaded in the Windows Insider program. Although it may look like an attempt to encourage the purchase of a new computer, Microsoft explains itself by taking care of users' safety.
What is TPM 2.0?
TPM stands for Trusted Platform Module. It is a small component that can be plugged into a computer's motherboard. It is used for various cryptographic operations, such as data encryption or pseudo-random number generation. In practice its main task is to increase hardware security. For example with TPM 2.0 users can take full advantage of the BitLocker tool, which encrypts data and prevents access by unauthorized persons.
The biggest advantage of using TPM 2.0 or a T2 chip, which offers a similar functionality in Apple hardware, is local operation. Access keys are stored inside the component. Passwords and access information are not sent to the device's disk or the cloud, where they could easily fall prey to hackers. A report by The Register in 2010 shows how complicated it is to break its security. A hacker needed $250,000 worth of equipment and 4 months of working with the hardware to crack the security. This level of security is enough for an average user.
Why does Windows 11 require TPM 2.0?
David Weston from Microsoft published an entry on the company blog in which he explains the necessity of increasing computer security. He refers to the Security Signals report which shows that attacks on firmware are on the rise - 80% of the 1000 companies surveyed have fallen victim to such an attack in the last two years, but only 29 companies devote any budget to protecting themselves against such actions. Microsoft padvertises a "Zero Trust" model, which can be summed up briefly: trust no one:
"Instead of assuming everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originates from an open network. Regardless of where the request originates or what resource it accesses, Zero Trust teaches us to “never trust, always verify.” Every access request is fully authenticated, authorized, and encrypted before granting access."
From a consumer perspective, TPM 2.0 will offer the highest level of security commonly available, using the features of Windows Hello and BitLocker. It will store the most sensitive data - encryption keys, user data and passwords - to make it as difficult as possible to access.
Microsoft argues that the vast majority of PCs are already equipped with TPM 2.0. Since the Anniversary Update for Windows 10, released in August 2016, all new Windows PCs must include this module. Therefore, it can be assumed that, indeed, due to the need for a relatively new processor, most users should not worry about the missing component. Ironically, the most informed users, including gamers who built their hardware themselves, may be in a worse situation.
Is TPM 2.0 worth buying?
There's a good chance we already have a TPM 2.0 module, and it may be installed on the motherboard of our device or in the processor. Most Intel Core processors from the 6th generation onwards have Platform Trust Technology (PTT) and AMD offers fTPM beginning with 2016, which will give us the required level of security.
Checking for the presence of a TPM is relatively simple (see box below). If the system does not find a TPM, there is still a chance that the module is locked at the BIOS level and you just need to unlock it.
How to check if there is a TPM 2.0 module in the computer?
To check whether the computer is equipped with a TPM 2.0 module, we have to:
- Click Windows + R (or go to the Start menu and launch the Run app;
- Type tpm.msc and press Enter;
- Check the module version in the opened window.
Alternatively, we can open the Windows Security app and open the "Security Processor Details" under the "Device Security" tab.
If the computer comes from before 2016 or was assembled from custom parts, you may not find a TPM module, but only a slot on the motherboard in which you can put a separately purchased component. However, before you buy the missing component, you should consider whether you really need it. Windows 11 will most likely launch in October 2021, and the gradual release of the system to users may take several months. Windows 10 will still be supported by Microsoft at least until 2025, so your computer will still receive all the security patches for a long time. If you plan to replace your hardware before 2025 and do not care about being able to use Windows 11 as soon as possible, all this fuss can be simply ignore.
However, if you decide to purchase TPM 2.0, it will probably be a good decision to wait until the market calms down a bit after the turmoil associated with the reveal of Windows 11. Most TPM 2.0 models should cost around $10-15. The decision whether to buy for the componen for a higher price needs to be made at tour own discretion, but we should be aware of the prices being artificially pumped.
- Windows 11 - official website
- Windows 11 presentation
- TPM 2.0 Module Scalping Begins; Windows 11 to Blame
- Windows 11 Won't Support Ryzen 1000 series and Intel CPUs Below 8th Gen
- Windows 11 Will Let Us Run Android Apps
- Windows 11 - Everything We Know About Microsoft's New System