Prior to Microsoft releasing the new Windows 11 operating system (OS), there wasn’t much discussion regarding the Trusted Platform Module (TPM). TPM 1.2 chips have existed since 2011, but they’ve typically only been used in IT-managed business laptops and desktops. But as cyber attacks have become more frequent and sophisticated, Microsoft wisely chose to offer that same level of protection to everyone using Windows. As a result, TPM discussion has blossomed, mostly because Windows 11 requires the use of TPM 2.0. See system requirements for Windows 11. Here’s a brief rundown on the chip and why you must have it to run Windows 11.
TPM is all about security for your computer’s OS (Windows 7 and higher). In fact, it authenticates your system and protects the OS from firmware level attacks. TPM is actually a cryptoprocessor, a dedicated microcontroller designed to secure computer hardware (workstations, laptops, data center platforms, etc.) through integrated cryptographic keys.
For your system, a primary security component is encryption, i.e., the ability to take data and scramble it using a key. In order to unscramble that data, you have to use the same key. In short, the TPM provides the OS (and applications) with a random number generator that creates a key unique to your system. The TPM can be either BIOS based or a hardware module installed on the motherboard.
Why Does Windows 11 Require TPM 2.0?
The TPM 2.0 chip is simply the latest version of TPM, and in order to successfully install Windows 11, your computer must have it either integrated into the motherboard or added into the CPU. So why does Windows 11 require it? TPM 2.0 makes it easy for Windows 11 to perform hardware-based cryptographic operations so encryption is secure and protected from malicious attacks on your hardware and boot up.
The TPM chip communicates with other security systems inside your computer. For example, Windows Hello facial recognition or a fingerprint reader must confer with the TPM before allowing you access to your machine. Each time you log in, the TPM will provide that unique cryptographic key and if no problem is detected, your system will successfully start. However, if your system is at risk, it will be locked down to deny access from hackers and attackers.
The BitLocker encryption feature in Windows 11 (and earlier systems) can store the encryption keys in the TPM in order to protect your files. When someone tries to access your computer, the encryption keys are used to unlock the drive. Without the keys stored in the TPM, attackers won’t be able to decrypt your drive or access the files on that drive. Windows 11 will be provided with hardware security for Microsoft to build on as long as it has a TPM. Although some new computers include TPM 2.0, it’s often not enabled by default. In that case, you need to manually enable it. Bottom line: be sure to determine whether your PC has TPM 2.0 before installing Windows 11.
Can I add TPM to my old system?
TPM Modules are usually built into the BIOS for chips from both AMD and Intel (used in BOXX products). However, Intel chips older than 8th gen will require a hardware module.
For a workstation or server currently without one, you may be able to add a TPM without any problem. But for laptops, though, most don't have a free socket or the extra space necessary to install the module. Most systems from 2016 to the present have TPM chips already built-in, and the good news is that even if yours is without one, Microsoft will still support Windows 10 through October of 2025.
As for your next purchase of an APEXX workstation, GoBOXX laptop, FLEXX or RAXX datacenter platform, be sure to discuss with one of our performance specialist (via chat or 877.877.BOXX) what type of TPM you need and which BOXX systems support it.