Shortly After The Release Of Windows 11, Microsoft Announced That Only Systems Capable Of Installing Windows 11 Equipped With The Tpm 2.0 Chip Would Be Able To Do So.

TPM Chip, What is TPM, and why does Windows 11 force users to use it? When Microsoft unveiled Windows 11, it showed that the user interface of the new operating system, which will be officially available to users in the fall, is very different in appearance from Windows 10.

However, this new operating system is more stringent in terms of security features than Windows 10 and requires certain security features. Two of these features are the TPM chip and the Secure Boot feature. However, Windows 11 only supports version 2.0 of the above chip.

Windows 11 is available for free but requires special hardware requirements. For example, only systems with Windows 11 CPUs that are eighth-generation higher than Intel and Advisor 2000 and newer may be installed.

What is a TPM chip?

The Trusted Platform Module (TPM) is a small chip on the motherboard (Figure 1). The chip is designed to protect cryptographic keys, user credentials, and other sensitive data behind a strong hardware wall so that malware and hackers can not easily access and manipulate sensitive information. The function of the above microchip can be described as a number screen that is used to deactivate the home alarm or the authentication program that you use to log in to your bank account.

If a system uses a TPM chip and an encrypted disk, the full disk encryption (FDE) mechanism is activated when you press the power button, and you must enter the password within a specified time to log in. In this case, the chip generates a unique code called the encryption key. If the pattern matching process is done correctly, the drive will decrypt, and the system will boot.

The system will not boot if the key finds a problem or, for example, the laptop is stolen, and the thief wants to manipulate the drive data. When the system is fully up and running, applications and services that require TPM will automatically take advantage of its security features. For example, Firefox and Chrome use TPM for some advanced functions, and even some printer manufacturers take advantage of the chip’s security features.

Based on this definition, we see that the TPM chip significantly increases the security of systems and places a hardware protection layer around the data so that users are not limited to software solutions to protect their information. Users of the above chip can use it to encrypt disks using the BitLocker feature.

When BitLocker service is integrated with TPM security features, it becomes almost impossible for unauthorized people to access the information.

figure 1

TPM chip dating

The TPM chip is not a new technology and dates back at least ten years. The TPM 1.2 chip entered personal computers and servers in 2011 but was mostly used for laptops and workstations. However, with the release of Windows 11, Microsoft intends to provide this level of protection to all users of the Windows ecosystem.

TPMs come in various forms, but as the Trusted Computing Group in charge of standardizing the chip points out, TPMs are not just a single chip that mounts to the motherboard and can run as a physical chip integrated into the main processor or code in the middleware.

Be (Figure 2). TPM security is at a high level in all cases because it uses a secure and separate environment to execute security protocols from other programs. Intel, Imedi, and Qualcomm use executable TPMs in the software. TPM can also be used virtually and runs in separate software.

However, Trusted Computing Group does not recommend using this TPM model, as it is vulnerable to hacker manipulation and potential operating system problems.

figure 2

What are the uses of a secure platform module?

The main use of the TPM module is to create a password to log in. Instead of storing the password on a hard disk or solid-state drive, the chip automatically and securely protects it.

If the system is equipped with the chip, users can create and manage password keys to lock specific systems or files. Users who use systems on which sensitive information is stored can use a combination of Windows BitLocker encryption tools with the above module to protect the information.

When you turn on the system equipped with the above chip and BitLocker, the chip performs tests to ensure that the conditions for booting the system are safe. If the TPM detects that the hard disk or solid-state drive has been moved, it locks the system and, in practice, does not allow access to the system.

Laptops with fingerprint capability typically store the user’s fingerprint on the TPM chip. Of course, TPM applications are not limited to personal computers and laptops. The chip is widely used in smart card readers, which some companies use for authentication.

Other uses for TPM include managing encrypted or digitally signed messages on Thunderbird and Outlook email services, protecting SSL certificates used by websites in Firefox and Chrome browsers, and consumer devices such as printers.

Why does Windows 11 need a TPM 2.0 chip?

Windows 11 is not the first Microsoft operating system to take advantage of the potential benefits of TPM, and the fact is that Windows 7 and Windows 10 also supported the chip extensively. Laptops and desktops used in large organizations with strict security policies are the main customers of this chip. In most cases, TPMs perform better than smart cards that employees must use to register their entry and exit to the organization.

Some security features and operating system services also use TPM. One of the most well-known security services in this field is the Windows Hello face recognition security feature used for logging in. This feature can only be used when the laptop is equipped with TPM and is active on the system.

The fact is that TPM is a much better option than the old ways of securing Windows PCs. Since July 2016, Microsoft has made TPM 2.0 support mandatory for all PCs, and various Windows 10 have used it.

To be more precise, from four years ago until today, Microsoft has started how to make optimal use of this chip in the Windows 10 operating system in a way that does not cause problems for users, to make sure that it can use it in the next version without any problems. Now is the time to harvest, and Windows 11 is set to use TPM professionally to secure users’ devices, but why?

The answer is yes. Malware attacks, ransomware, data theft, rootkits, botnets, and ultimately tools that can crack simple passwords in a short amount of time and bypass security mechanisms have plagued large organizations.

The best way to deal with these attacks is to defend at the most basic level, and so far, no component has been as successful as TPM.

Even UEFI, a secure alternative to the BIOS, has been exposed to malware threats over the past few years, yet TPM still resists hackers and malware and does not allow hackers or thieves to access the systems easily. Because of this, Microsoft is very sensitive and serious in this regard and has decided to run Windows 11 only on computers and laptops equipped with the TPM 2.0 chip.

If the PC Health Check tool checks the compatibility of Windows 11, Even UEFI, known as a secure alternative to the BIOS, has been exposed to malware threats over the past few years. Yet, TPM still resists hackers and malware and does not allow hackers or thieves to access the systems easily.

Because of this, Microsoft is very sensitive and serious in this regard and has decided to run Windows 11 only on computers and laptops equipped with the TPM 2.0 chip.

If the PC Health Check tool checks the compatibility of Windows 11, Even UEFI, known as a secure alternative to the BIOS, has been exposed to malware threats over the past few years. Yet, TPM still resists hackers and malware and does not allow hackers or thieves to access the systems easily.

Because of this, Microsoft is very sensitive and serious in this regard and has decided to run Windows 11 only on computers and laptops equipped with the TPM 2.0 chip. If the PC Health Check tool to check the compatibility of Windows 11

Download and run only if TPM 2.0 is enabled and other compatible hardware requirements will show that your system is ready to receive the next major Microsoft update. In addition, the above tool provides you with detailed information about the technical characteristics of the system.

However, Microsoft noted that some PCs running TPM 1.2 would install Windows 11 under certain conditions in a recent release. However, during installation, the user is warned not to install Windows 11.

What systems support TPM 2.0?

If the computer or laptop you are using supports the hardware specifications required to run Windows 11, it will most likely also support TPM 2.0. To be more precise, if you bought your computer after 2011, there is no doubt that its motherboard is equipped with a TPM 2.0 chip. If the date of purchase of the computer goes back to before this year, Microsoft has suggested that you do not install Windows 11 on it.

Given that TPMs come in many forms, it is impossible to say whether the computer you are using supports TPM 2.0. However, Windows 11 checks the CPU security status and starts installing if the conditions are ideal.

Is it possible to add TPM to the computer laterally?

If you are a professional user and are not afraid of tampering with the security settings of the hardware and software of the system BIOS, you will most likely have the chance to add a TPM 2.0 chip to the motherboard. Some motherboards have a header called TPM. The TPM module costs less than $ 50 for some motherboard models (Figure 3).

However, adding TPM to the motherboard is not as simple as purchasing a module and connecting it to the above header. You should make sure that you configure the settings correctly in the BIOS so that the operating system can detect Windows. The process of adding a module depends on the type of motherboard and CPU, and there is no one-size-fits-all rule.

According to Microsoft on the company’s website, the TPM activation process is not easy. The user has to enable settings such as the Technology Platform Trust in the BIOS of Intel-based computers and TPM settings for desktop computers.

If the PC motherboard does not have the ability to connect the TPM 2.0 chip, it is possible to run TPM 2.0 in the operating system middleware environment, but this is a trial-and-error process.

Figure 3

Does TPM activation prevent Linux from running?

Fortunately, the TPM chip has a lot of flexibility with all the programs and tasks you do on your PC, and only a small percentage of users are affected by the TPM chip activation. TCG has long defined the requirements for a Linux operating system.

So users who plan to migrate to a different Linux distribution on a PC from Windows 11 with TPM enabled have no particular problem. Of course, support varies depending on the Linux distribution you are using. However, it is not yet clear what TPM will do in environments with dual boot capability.

Does TPM limit the capabilities of Windows 11 and applications?

One of the most important questions users ask is whether activating TPM 2.0 to run Windows 11 is a model for what Apple has done. Are there going to be restrictions on receiving updates and security features?

For example, Macs with a T2 chip are equipped with many capabilities such as fingerprint recognition and advanced signal processing that Macs without a chip do not have. This situation also exists in the world of Windows.

In Windows 10, for example, Windows Hello faces recognition is only available to users whose system is equipped with a TPM chip. After the official release of Windows 11 and the release of later versions of TPM, Microsoft will likely expand the experience of using the above chips and add features to its operating system that require a TPM chip or make some security features subject to TPM…