What is TPM 2.0, the dreaded Windows 11 requirement

Windows 11: cambiare browser predefinito sarà più difficile thumbnail

Windows 11 has been out for almost a week and slowly the update will be available for all compatible devices, so that they respect a list of minimum requirements established by Microsoft. One of the most discussed hardware requirements in recent months is the need for Trusted Platform Module (TPM 2.0): what exactly is it?

What is TPM 2.0

Among the requirements of Windows 11 we find a little-known PC security feature, namely the Trusted Platform Module (abbreviato TPM) which is worrying users who want to install Microsoft’s new operating system.

The TPM is a small chip present on the motherboard of computers that provides a unique code, a cryptographic key, which allows you to increase security communications between the various hardware components of the PC. The cryptographic key is not used when starting the PC, to ensure that there have been no tampering, but not only. In fact some email clients such as Outlook use TPM for manage encrypted messages; Firefox and Chrome use the TPM for some advanced functions, such as maintaining SSL certificates for websites. Other external devices also take advantage of this security feature, such as handouts and smart home accessories.

The TPM exist in different shapes in addition to a physical chip and integrated into the motherboard. It can be physically integrated in the CPU or as code that runs in a dedicated environment, that is a firmware. This method is almost as safe as a standalone TPM chip, as it uses a reliable environment that is distinct from the rest of the programs that use the CPU. The third type of TPM is virtual: it works completely at the software level and is more vulnerable than the other options.

Not a problem in newer devices

The Trusted Platform Module is present in newer PCs, therefore if you have bought a device in the last few years you shouldn’t have any problems. In fact, from July 2016 Microsoft actually required TPM 2.0 support on all new PCs running any version of Windows 10 for desktop (Home, Pro, Enterprise, or Education). For example, if you have a laptop with Windows Hello for login, you certainly have the TPM in the device.

While this was optional for previous versions of the operating system, Windows 11 now requires TPM 2.0 as a core requirement. However, the company has said that Windows 11 will run on some PCs as TPM earlier than version 2.0 in certain special situations.

How do I know if a PC already has TPM 2.0?

As anticipated, if you have a recent computer that meets all the other minimum Windows 11 requirements, it will most likely support TPM 2.0 as well.

The Windows 11 requirements, in addition to the Trusted Platform Module version 2.0, are:

  • At least 1GHz processor with 2 or more cores and belonging to the list of supported CPUs (here you can find the list of Intel, AMD and Qualcomm CPUs);
  • At least 4GB in RAM memory;
  • At least 64GB of storage space;
  • UEFI firmware with Secure Boot;
  • Video card compatible with DirectX 12 or later, con driver WDDM 2.0;
  • Screen with resolution of at least 720p, at least 9 ”;
  • Internet connection and a Microsoft account.

If you bought the PC after 2016, you will almost certainly have TPM 2.0 and a compatible processor as well, along with the rest of the hardware that meets the Windows 11 requirements. If you have an older device, you probably have TPM version 1.2 (Microsoft theoretically allows installation of the new operating system, even if it doesn’t recommend it) or you don’t have it at all.

Microsoft has attempted to simplify the fairly complex situation providing software which, if launched on the affected device, shows if the hardware meets the minimum requirements for Windows 11. However, it must be said that sometimes the PC is equipped with TPM 2.0 but must be activated in the BIOSas a result, Microsoft’s software may report that the security feature is missing. The advice is to search the website of the laptop, desktop or motherboard manufacturer if your hardware is equipped with the module.

Windows 11 - TPM 2.0 PC Health Check

Fortunately, many hardware manufacturers have created ad hoc support pages to indicate which components and products support TPM 2.0 and how to activate it if necessary from the BIOS. These include Asus, MSI, Gigabyte and Dell. If you have components or PCs from other brands, our suggestion is to Google “ TPM 2.0″.

Can I also install Windows 11 without the Trusted Platform Module 2.0?

As anticipated, Microsoft appears to be allowing the upgrade to Windows 11 even if equipped with TPM 1.2. There is also an unofficial method that allows you to install the new operating system on an older PC without the Trusted Platform Module. It is important to note, however, that in this case Microsoft may limit the Windows experience. This could include limiting some new features that require the security module. Also installing Windows 11 with unofficial methods may have to mean give up on security updates, fundamentals, and other minor updates.

Our suggestion is therefore to install Windows 11 only on a PC that fully meets the requirements set by Microsoft. This is both because there could be security problems and because, given that it is a new and feature-rich operating system, installing it on a PC purchased before 2016 would mean risking a not very fluid and responsive experience.

If your PC meets the minimum hardware requirements for Microsoft’s new OS, you just have to wait for the update to arrive via Windows Update (in PC Settings). If, on the other hand, you are impatient to try Windows 11, you can follow one of the three guides on the Microsoft page, reading each step carefully.