Why Does Windows 11 Need TPM 2.0? What is TPM?

Microsoft requires PC users to have TPM 2.0 in order to install Windows 11. TPM 2.0 is an essential component for security-related features, including BitLocker for data security and Windows Hello for identity protection. Despite some PCs having the capability to run TPM 2.0, they may not be configured to do so. This post will provide detailed information on this matter.

Microsoft published the system requirements for their most recent operating system software shortly after revealing Windows 11. Microsoft put a peculiar term, TPM, beneath the recommended gigahertz (GHz) and RAM settings in Windows 11.

Because of this, Windows 11 now requires the trusted platform module, or TPM, on both new and old devices. Actually, a number of technologies in Windows 11—like BitLocker for data security and Windows Hello for identity protection—require TPM 2.0. Certain PCs that can run TPM 2.0 are not configured to do so. However, TPM 2.0 in Windows 11 is more than that.

Now, let us get started and learn about TPM chips and what Windows 11’s TPM 2.0 accomplishes.

See: Why should I update to Windows 11?

TPM Chip: What is it?

In simple terms, the TPM is a small chip located on a computer’s motherboard that may or may not be linked to the primary processor and memory.

A computer’s security technology to strengthen the computer’s defenses against software vulnerabilities is a Trusted Platform Module (PM) chip.

In a technical sense, the TPM is a crypto processor that secures computer data with a cryptographic key. This refers to an additional component that strengthens hardware-based security on a computer.

TPM is essentially a tiny chip that is occasionally located on the motherboard of a computer, independent of the main CPU and memory. It is similar to the keypad you use each time you enter your house to turn off your security alarm. If you do not lock in a code within a short period of time (turn on TMP), alarms will sound, and turning on your computer can be equivalent to unlocking your front door.

How Does TPM Operate?

A Trusted Platform Module (TPM) is a technology that generates encryption codes to secure data on a computer. The TPM chip plays an essential role in this process. It stores a portion of the encryption key and shares it with the hard drive. If someone removes the TPM chip, the computer cannot start up because the encryption key will be incomplete. In such a scenario, the decryption process cannot be completed, and the system won’t start.

To start, every PC has hardware and software protection to safeguard your data and device.

When implemented correctly, software security can efficiently prevent hackers from accessing a system. However, software is inherently more flexible as its code can be changed. This means that there is always a possibility that someone may find a way to hack it or launch an attack. If intruders are successful in accessing your computer and private data, it can lead to serious consequences.

Hardware security, such as TPM, comes into play here.

As the name suggests, hardware security is hard coded. It is impossible for a hacker to alter the cryptographic keys in TPM unless they are precisely known in advance.
Thus, Windows 11’s requirement for a built-in TPM 2.0 security capability raises the bar for hardware security.

To improve security, the TPM chip exchanges data with other PC security technologies, including BitLocker, Windows Hello facial recognition, and fingerprint readers.
Other than your PC security systems, Outlook, Firefox, and Chrome will also make use of a TPM.

TPM 2.0: Why is it here?

TPM 2.0 is an essential part of the Windows 11 security system. It supports features like data protection with BitLocker and identity protection with Windows Hello. However, some PCs that are capable of running TPM 2.0 lack the necessary configuration.

A more secure version of TPM Chips is called TMP 2.0.

A 2018 Microsoft page lists TPM 2.0’s numerous security advantages over TPM 1.2. Microsoft lists enhanced support for more recent encryption techniques as one of these benefits. TPM 2.0 is a more secure version of TPM chips because of these benefits, which are better and have existed for a while.

Additionally, beginning in 2016, Microsoft has inexplicably mandated a TPM 2.0 on Windows 10 PCs. Why?

Although Windows 11’s TPM requirement has raised awareness of the technology, the concept is not all that new. Both Windows 7 and Windows 10 have previously used and supported TPM. In fact, Windows 10 requires it, though it is not really enforced.

In fact, TPM 2.0 has had to be enabled by default on all newly manufactured Windows PCs since July 2016. Microsoft mandated that the maker of every PC, desktop, 2-in-1, or other device you purchased with Windows 10 preloaded contain TPM 2.0 and turn it on by default.

Why is TPM 2.0 Required for Windows 11?

To start, TPM 2.0 offers more advanced hardware security. Why does Windows require it?
As Windows is widely used, it is often targeted by hackers. Therefore, to enhance system security, it is important to use TPM 2.0 in combination with software security measures to prevent hacking attempts.

Microsoft reaffirms this by stating that TPM (TPM 2.0) can add a hardware-based protective shield to secure critical data, including encryption keys and user passwords. This will prevent infections by malware.

Windows 11 utilizes TPM for two crucial security features: Windows Hello for secure identity verification and BitLocker for safeguarding data.

Does my computer already support TPM 2.0?

First off, your machine supports TPM 2.0 if it satisfies the minimum system requirements for Windows 11.

It is likely that if you bought a Windows 10 computer after 2016, TPM 2.0 is active. Check the production date if not.

However, if your machine is older (built before 2016), it probably has either TPM 2.0 turned off, the older TPM 1.2 version (which is not recommended for Windows 11), or no TPM at all.

You may check under PC settings to find out if your PC has a TPM. The TPM version and other details can be viewed on a Security Processor information page in the Windows settings program in certain versions of Windows 10.

If your PC has a TPM 2.0, but it is not enabled, follow this Microsoft guide to enable it.

What Happens If TPM 2.0 Is Not Installed on My Computer?

If you own a desktop computer or PC and it does not have TPM 2.0, you can add it by purchasing a module that is compatible with your motherboard. You must look up the model of your motherboard to find out if a compatible TPM was supplied by the manufacturer.

It appears that TMP costs have gone up since the release of Windows 11. An Asus TPM, for instance, that was sold for $14 on Amazon now fetches $40 or more on the secondary market. A few manufacturers have also ceased producing TPMs, but given the current spike in demand, production may probably resume.

All you need to do is locate the TPM pins on your motherboard and insert a compliant TPM module. Then, keep in mind that in order for you to update to Windows 11, you must enable it in the BIOS menu.

The end of support for Windows 10 will be in October 2025. You must upgrade to TOM 2.0 to access Windows 11.

How to Turn on TPM 2.0 on a Computer

As of right now, you are aware of the controversy surrounding Windows 11’s TPM 2.0 chip requirement. The chip, which is often located on the motherboard of a PC, is crucial, as are the RAM requirements for Windows 11. It is a security chip that manages encryption for Windows BitLocker, other biometric data, and your fingerprint. TPM 2.0 is often enabled by default on the majority of PCs and is present in the majority of contemporary systems bought during the previous few years. But on earlier devices, it is either not present at all or turned off.

Depending on who made the PC, different BIOS steps are required to enable TPM 2.0.
Microsoft describes them in this article.

First, use the Windows Security App to check for TPM 2.0:

1. Select Update & Security > Windows Security > Device Security from the Settings menu.
2. Examine the Security Processor Details under Device Security. Your computer might have a TPM turned off if there is not a section for the security processor on this screen. [See below on how to enable TPM.]
3. Proceed to the following step to confirm that the TPM you see is a TPM 2.0.
4. Make sure your Specification version is 2.0 by selecting the Security processor details option if you see one under Security processor.
5. If the specs are less than 2.0, Windows 11 cannot be installed on your device.

Enter the BIOS now to enable your computer’s TPM.
On a PC, to enable TPM 2.0:

• Select Settings > Security & Updates > Recovery. Now start over. There will be a system restart.

• Select Troubleshoot > Advanced Options > UEFI Firmware Settings on the next screen.
• Hold the Restart button to access the system BIOS and check TPM 2.0.

To locate the TPM settings in the System BIOS, you need to search for a particular submenu. Please note that the location of this submenu varies across different systems. In most cases, you can find the TPM settings under the Advanced Security, Security, or Trusted Computing options. You can use the keyboard shortcuts provided on the screen or the mouse (if available) to navigate to these menus in your BIOS.

• Once you access the corresponding BIOS panel, you can enable one of the following options by checking the box or flipping the switch.

One of the options for branding TPM 2.0 is by using any of the following: Security Device Support, TPM State, AMD fTPM switch, Security Device, AMD PSP fTPM, Intel PTT, or Intel Platform Trust Technology.

• If you’re unsure about the proper TPM 2.0 setting, refer to your PC manufacturer’s support manuals.
• Go out of BIOS. After turning on TPM 2.0, use the commands indicated at the bottom of the screen to exit the BIOS (typically just hit Esc).
  Conserve the configuration. An option to Save and Exit will appear. After that, your computer will restart and load Windows once more.

After that, you can start installing Windows 11.

Is it possible to install Windows 11 on a system that lacks TPM 2.0 and is not supported?

You may still update to Windows 11 on a machine with unsupported hardware, but not via Windows Update. Rather, you will need to manually carry out a clean install or in-place update using a bootable USB flash drive or ISO file.

Although Microsoft does not support the loophole and does not mention it in any of the documentation, it remains open. As per the company’s statement, organizations have the option to install Windows 11 on hardware that is not supported. Since driver compatibility and system stability cannot be guaranteed, users may upgrade at their own risk.

Take a look at our installation guide for Windows 11 on unsupported hardware to learn more.

Before installing Windows 11, ensure your device meets the minimum requirements to avoid compatibility issues.

To sum up,

The necessity of the TPM 2.0 chip in Windows 11 cannot be overstated, as it plays a vital role in ensuring hardware security, encryption, and protection of biometric data, including fingerprints, which are processed by Windows BitLocker.

To increase your security, only install Windows 11 on devices that are compatible.
We appreciate you reading this far, but there is still one more thing to say.

Ask us any further unanswered questions you may have. Our specialists are happy to assist, or you can just browse our blog or help center pages.

In addition, sign up for our newsletter to receive troubleshooting articles and Windows, Office, and productivity applications at discounted pricing and to stay up to date on all things IT.
Please share this post using the social networking buttons.