What Is a Trusted Platform Module?
Businesses and consumers upgrading to Windows 11 will now benefit from new hardware-based security requirements that make their PCs more secure. One hardware-based security requirement is that all PCs running Windows 11 must have TPM 2.0 to run the operating system.
A TPM, or a trusted platform module, is a physical or embedded security technology (microcontroller) that resides on a computer’s motherboard or in its processor. TPMs use cryptography to help securely store essential and critical information on PCs to enable platform authentication. They store a variety of sensitive information—such as user credentials, passwords, fingerprints, certificates, encryption keys, or other important consumer documentation—behind a hardware barrier to keep it safe from external attacks.
While the use of TPM technology has been part of enterprise IT for more than a decade, this is one of the first instances of Microsoft requiring its use for everyone, including for small and medium-sized businesses and consumers.
TPM implementations are typically designed to meet an international standard created by the Trusted Computing Group (TCG).TCG is a computer industry consortium that created the original TPM standard, which was later adopted by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) and subsequently named ISO/IEC 11889.
How Does a TPM Work?
A TPM generates and stores parts of encryption keys for PCs.
For an example of how a TPM works, consider the power-up step for turning on a device, such as a laptop. When the device is powered up, the TPM authenticates it. The TPM provides a cryptographic key to unlock the encrypted drive, and if the key is validated, the computer will boot up as normal. If the cryptographic key is tampered with, the computer won’t start.
Why Do I Need a TPM?
Cyberattacks are at an all-time high and hackers’ abilities are becoming more sophisticated every day. TPM is a technology that can help businesses combat these attacks. Additionally, it’s important to have a PC capable of running TPM 2.0 to meet Microsoft’s new TPM 2.0 requirement for the Windows 11 operating system.
Windows 11 TPM 2.0 Requirement
Along with other processor, RAM, storage, and firmware requirements, using Windows 11 on a PC requires TPM version 2.0.
The TPM 2.0 requirement aims to elevate the Windows security baseline of the millions of individual PCs used around the world. Ultimately, this will help keep all computer users more secure while simultaneously making it much harder for hackers to commit cybercrimes.
How Do I Know If My PC Already Has TPM 2.0?
The good news is that if you have purchased a PC in the last several years, it’s highly likely that you already have a TPM capable of running TPM 2.0 installed on your computer. However, it’s possible that your TPM may have been turned off in the firmware by the computer manufacturer and may require you to enable it to meet the new requirement.
If your computer is based on the 8th Generation or later Intel® Core™ Processor family, you can rest assured knowing your system has Intel® Platform Trust Technology (Intel® PTT), an integrated TPM that adheres to the 2.0 specifications. Intel® PTT offers the same capabilities of a discrete TPM only it resides in the system’s firmware, thus removing the need for dedicated processing or memory resources.
How to Upgrade to TPM 2.0
If you purchased a PC recently, upgrading to TPM 2.0 should be relatively easy because your system should already have a TPM installed that is capable of running it.
Follow these recommended steps from Microsoft to enable TPM 2.0 on your PC:
1. Confirm your computer’s eligibility to upgrade to Windows 11.
2. After confirming eligibility, choose one of two options to check to see if your TPM meets the Windows 11 requirement.
- Option 1: Use the Windows Security app.
- Option 2: Use the Microsoft Management Console.
3. If you determine you need to enable the TPM on your machine, you will need to access settings that are managed in the UEFI BIOS.
Staying Secure in Today’s Landscape Requires TPM 2.0
Cybersecurity today is anything but constant. Hackers are becoming more sophisticated by the hour. Attacks are accelerating, and the outrageous costs associated with cybercrimes and security breaches can easily put companies out of business. For businesses wanting to meet these challenges and stay secure, upgrading to TPM 2.0 is imperative. Not only does it provide deep, hardware-based security, but it also ensures your PC is ready to upgrade to Windows 11 when you’re ready to make the move.