A cursory look at the Windows 11 Trusted Platform Module 2.0 (TPM)

Doubt and ambiguity have been sparked by Microsoft’s claim that their impending Windows 11 operating system requires the inclusion of a Windows 11 Trusted Platform Module 2.0 (TPM). For those eager to get their hands on Microsoft’s new Windows 11 operating system, there is a new security feature, the Trusted Platform Module (TPM. TPM compatibility with Windows is likely something you never expected to need to look at. It is virtually probably “Yes” for those who bought their PCs in the last few years. It’s a little harder for those who have built or renovated their own Windows desktop to upgrade to Windows 11.

Windows 11 Trusted Platform Module 2.0 (TPM)
Windows 11 Trusted Platform Module 2.0 (TPM) | Image by Holger Langmaier from Pixabay

What is TPM?

A TPM is an acronym that stands for “Transportation Performance Management.” The TPM is a tiny chip on the motherboard of your computer, sometimes separate from the main CPU and memory. An authenticator app on your phone, like the one you use to check in to your home security system each time you go in, is analogous to the chip. It’s as if you’re opening the front door of your house or logging in with your username and password on a web site. There are alarms that go off if you don’t enter a code quickly enough, otherwise your money will be locked away.

This is also the case on a newer PC that employs full disc encryption and a TPM, where the small chip provides a unique cryptographic key after you push the power button. Once the HDD encryption has been unlocked, your machine will boot normally. Your computer won’t start if the encryption key is corrupted, which could happen if someone steals your laptop and tries to tamper with the encrypted disc within.

Modern TPM implementations aren’t limited to these basic functions, but they are capable of many more. In reality, the TPM is used by many applications and other PC functionalities even after the system has started. To process encrypted or key-signed messages, Thunderbird and Outlook both make use of TPM. Additionally, the TPM is used by Firefox and Chrome to keep track of SSL certificates on websites. TPMs are used in a wide range of consumer technology, from printers to smart-home devices.

Utility of TPM

TPMs can be used for a variety of purposes outside providing PCs with boot-up protection, and they can also be packaged in a variety of ways. When it comes to TPMs, there are now two more varieties recognised by the organisation in charge of enforcing TPM standards. There are two ways in which TPMs can be integrated into the CPU: as a physical addition or as code that runs in a separate environment known as firmware. Because it employs a trusted environment that is separate from the rest of the programmes that use the CPU, this approach is nearly as secure as a standalone TPM device.

Virtual TPMs are the third form of TPM. It’s all software, all the time. The TCG recommends against using this in the real world due to its vulnerability to tampering and potential operating system security flaws.

Windows with TPMs

In both Microsoft Windows 7 and Windows 10, there is a lot of TPM support. In major enterprises with strong IT security needs, laptops and PCs have been the primary adopters. As a result, TPMs have taken the place of IT departments’ onerous smart cards. Using a slot or a built-in wireless reader, smart cards must be inserted to ensure that the system has not been tampered with.

TPMs are already used in OS system security features. On a newer laptop, have you tried the Windows Hello face-recognition feature? A TPM is needed for that.

Should a TPM be installed on my PC?

If you’ve constructed a desktop PC in the recent several years and are comfortable working with BIOS security settings, you may be able to install a discrete TPM 2.0 chip to your motherboard. The “TPM” header pin cluster is common on many motherboards.

TPM 2.0 add-on modules can be purchased and plugged into the header, however it’s not that straightforward. Your home-built PC may already have a hardware TPM, but Windows won’t detect it until the BIOS is correctly configured to accept it. Depending on the motherboard and CPU you’re running, this procedure can look very different. Even Microsoft admits that enabling TPM isn’t always an easy task.

It’s also possible that if you spent a lot of money on a high-end gaming PC a few years ago, but your motherboard or CPU doesn’t have TPM capabilities or the option to install them, you may not be able to run Windows 11 on it. This may be an option for PCs that lack TPM 2.0 functionality on the motherboard, but creating one yourself will almost probably necessitate some testing and error.

Can I Run Linux if I Have a TPM?

PC enthusiasts with machines that have TPMs but have opted to disable them for a variety of reasons are also a large and growing population.

With TPMs enabled, you can accomplish just about anything with a computer these days. A few users will be affected by minor flaws, but the vast majority will be unaffected. People who want to move between Windows 11 and various Linux variants should be able to do so because the TCG has long stated TPM criteria for the open-source Linux operating system. If you’re using a Linux distribution that doesn’t support the TPM, you may not be able to use the TPM in a dual-boot environment.

Can I use all of Windows 11’s features if I have a TPM?

The TPM 2.0 requirement in Windows 11 is complicated by the possibility that Microsoft may follow Apple’s lead and impose more restrictions on TPM security in subsequent Windows versions. There are a number of features that Apple laptops without the T2 processor lack, such as fingerprint recognition and improved image signal processing.  To further segregate the Windows experience, Microsoft might use Windows 11 and subsequent TPM releases.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.