What is TPM 2.0 and Why Does Windows 11 Require It?
As most of you know by now, one of the main reasons that older PCs cannot run Windows 11 is that older computers don’t support TPM 2.0. But what the heck is TPM 2.0 anyway, and why does Microsoft think it’s so important?
That’s a good question, and while the answer is quite geeky, we’ll try to answer that question without getting too technical.
So, what is TPM 2.0 and why is it so important?
TPM 2.0, or Trusted Platform Module version 2.0, is a hardware-based security chip that resides on a computer’s motherboard or is integrated into the processor (CPU). It acts as a secure cryptoprocessor designed to perform cryptographic operations to securely store sensitive information.
Here are some of the things TPM 2.0 does:
One of its primary functions is to securely store cryptographic keys, such as those used for drive encryption (like BitLocker), user authentication (like Windows Hello), and digital certificates. These keys are protected within the TPM and are much harder for malware or attackers to access compared to software-based storage.
During the boot process, the TPM can take measurements of the system’s firmware, bootloader, and operating system components. These measurements are stored securely within the TPM. This allows the system to verify its booting with trusted and untampered software. This process is often referred to as “Measured Boot.”
The TPM 2.0 has a unique, hardware-bound key called the Endorsement Key (EK). This key can be used to cryptographically identify the specific hardware. This allows the platform to prove its identity to other systems and services in a secure manner.
TPM 2.0 includes a high-quality hardware random number generator, which is crucial for many cryptographic operations.
How TPM 2.0 benefits the user
TPM 2.0 can securely store the encryption keys for your hard drive. This ensures that if your computer is stolen, the data on the drive remains inaccessible without the correct authentication, which is tied to the TPM. It can also ensure that the system boots into a trusted environment before unlocking the drive.
By measuring the boot components, TPM 2.0 helps ensure that the operating system hasn’t been tampered with before it loads. This protects against bootkit and rootkit malware.
TPM 2.0 enhances the security of biometric authentication, like facial recognition and fingerprint scanning, by securely storing the biometric data and cryptographic keys used for authentication.
Credential Guard is supported by TPM 2.0. This Windows feature uses virtualization-based security to isolate and protect sensitive credentials, leveraging the TPM for secure storage of encryption keys.
TPM 2.0 can contribute to creating isolated and secure environments for sensitive computations.
While controversial for some users, TPM 2.0 can be used to enforce DRM policies by securely managing keys and verifying the integrity of content playback paths.
TPM 2.0 can be used as a secure access point for passwordless authentication methods, reducing the reliance on traditional passwords.
TPM 2.0 acts as a hardware root of trust, providing a secure foundation for various security features. By performing cryptographic operations in dedicated hardware and securely storing sensitive information, it greatly enhances the overall security of a computer against software-based attacks and physical tampering.
The requirement for TPM 2.0 in Windows 11 highlights its importance in modern operating system security. It provides a crucial hardware-backed layer of protection that software alone cannot achieve.
So, you can see that the TPM 2.0 requirement in Windows 11 is more than a Microsoft ploy to get you to upgrade to Windows 11. On the other hand, Windows PCs from Windows 1.0 through Windows 10 didn’t have TPM 2.0, and nobody seemed to care.
But anyway, now at least you know what TPM 2.0 is and what it does. If your current Windows 10 computer won’t run Windows 11, will you rush out and buy a new computer with TPM 2.0 to run Windows 11? Or will you stick with Windows 10 and use something like 0patch to keep security patches up-to-date after Microsoft ends support for Windows 10 on October 14, 2025?
.
I’m not going to rush out and buy a new computer when mine is working fine. I will buy one when mine no longer works and I hope that’s a long time from now. They can make more money from windows ten people then new computers. We are happy with what we have. I don’t like windows 11, charge us for an updates if you must, why try and force people to change.