Windows 11 news came out today with a big surprise: it’s going to require TPM 2.0 support in your system. What the heck is that? “Trusted Platform Module”, a bit of extra hardware that’s used to store secrets for security and encryption. And a lot of Windows PCs don’t have it. But it can be added.
The easiest way to see if your system will run Windows 11 is to run Microsoft’s health check app. It’ll give you a simple yes/no. If it says “no” it’s likely it’s because your system doesn’t have TPM 2.0. To test for TPM specifically try running “tpm.msc” from the start menu (Win-R): it will tell you the status of TPM on your system.
Neither of my desktop PCs have it, neither my fairly new and fancy Asus X570-Pro nor my older cheaper Asus Z270-P. It seems pretty random whether a desktop machine has it or not. Hopefully most newer laptops do? I don’t know, I think my 2017 Razer Blade does.
You can add TPM hardware to some motherboards. There’s a 14 pin header for that purpose if you’re lucky. My X570-Pro has one, the Z270-P does not. If you have the header can then buy a little motherboard specific add-on module like this Asus one for pretty cheap, $15 or $20. I bet those are about to get scarce!
Some motherboards also support something called “fTPM” or “firmware TPM” (AMD) or PTT (Intel). This implements TPM in other parts of the motherboard’s hardware rather than a specific dedicated TPM. Perhaps that’s less secure, I don’t know. My X570-Pro has that ability. I turned it on in the BIOS and now my system is cleared as ready to run Windows 11. Not sure about the older Z270-P system, the manual has no info on TPM in it.
I’m curious why Microsoft is requiring TPM; given it’s not universal or may only exist behind an obscure BIOS setting this choice has to cut deeply into their market. They use TPM for BitLocker, their hard drive encryption product. I’ve never seen the need to use that myself so never looked in to TPM before. I wonder if TPM is good for anything else in practice? Linux supports it and can use it for some things like generating ssh keys.