In the beginning, frankly, all of us did not know about the presence of a chip in the computer called TPM until Microsoft announced the list of minimum specifications required to run the new version – Windows 11. The list included interesting specifications without a doubt, and because of them, a huge number of devices that can be classified As "new" it will not be eligible for the free upgrade to the new version, either because the list of processors supported by the system does not include any processors made before 2017 or only because the presence of a TPM chip is mandatory to run Windows 11, and it is a chip that is not present in all computers. So what is the TPM chip originally?
 |
| Why does Windows 11 require TPM and Secure Boot? |
After the release of the Windows 11 operating system, which Microsoft announced as the successor to the Windows 10 operating system, many users became excited about the new features that it brought, as the system came with more than just a new (Start) menu, but also support for downloading Android apps from the Microsoft Store as well. The other note. But in all of the excitement, we've all overlooked an important factor that's about to be a game-changer: the need for a TPM chip to run Windows 11.
TPM chip developments and their names
A TPM chip or Trusted Platform Module developed by the Trusted Computing Group to act as a computer "crypto processor" and either integrated into the motherboard; Either welded like capacitors, or combined with the processor.
There is a second type of which is a software add-on or Firmware, meaning that it is not a chip in its traditional form, but a program that the manufacturer adds to the processor and plays the same role that the TPM chip plays, which is to create a reliable environment separate from the rest of the complex operations that the CPU performs, and it may have Different name depending on the type of processor, such as PPT on Intel processors and PSP fTPM on AMD processors.
The purpose of the TPM chip
The function of the chip is simply to provide the operating system with the encryption keys needed to secure authentication data or any important data in general, and then keep these keys on its own memory to be isolated from the storage unit so that malware and cyber attacks cannot access and tamper with the encrypted data even if the computer itself is infected .
The chip includes a set of mechanisms capable of confronting malicious software, as it was designed to address any attempt to tamper with the highly sensitive data that it encrypts. This chip even provides a feature that helps it detect attempts to circumvent encryption, meaning that the motherboard cannot be tampered with in any way, or the chip can be removed and placed on another motherboard to bypass encryption.
This technology has proven its worth over the years. It can be said that it is impossible to break the encryption performed by the TPM chip. Since its inception and until this moment, no security attack has been able to penetrate it, access the encryption keys stored on the TPM and read the protected data responsible for its encryption, because it is a Independent processor, it is not vulnerable to security holes in the operating system or hacking attacks. With this in mind, the TPM chip offers computer users something very important, which is that even if a computer gets infected with a virus, no matter how powerful it is, the data encrypted with it is not and will not be affected.
For Windows, the TPM chip is an essential component for encrypting authentication data and other things, such as encrypting entire volumes when using BitLocker, storing and encrypting the login PIN code, as well as saving and encrypting fingerprint data and registered facial features When activating the Windows Hello feature (if it is supported in the device) and other sensitive data that cannot be secured by traditional methods, but rather is encrypted in an isolated environment to remain protected and secured against electronic attacks that specifically target this data to force the user to pay a “ransom” in exchange for the ability to Turn on his personal computer!
In the absence of a TPM chip, Windows uses other alternatives, including a technology called EFS or Encrypting File System, which encrypts and stores sensitive data directly on the storage unit, making it more vulnerable to hacking compared to storing it in an isolated place as when the TPM chip is available.
The importance of the TPM chip
In general, the TPM chip helps in addressing most advanced cyber attacks, and this is the main reason why Microsoft requires its presence in all devices that want to work with Windows 11, just to make sure that it is ready to resist cyber attacks that are increasing day by day, especially those targeting Credentials and Authentication which has increased 5-fold over the past 4 years.
At least, this is what the company said on the words of "David Weston", Microsoft Director for Enterprise and Operating Systems Security. In an official publication, he explained the importance of the TPM 2.0 chip and how it is a "bet for the future" to enhance the protection of user data, whether at the level of ordinary individuals or companies. The post contains surprising information and facts that can convince you that the presence of a TPM to run Windows 11 was not for arbitrary reasons.
As we know, Windows is the system that is often affected by these cyberattacks as it is widely used by companies all over the world and more than 1.3 billion devices are running Windows 10 today. So Windows is at the heart of the devastating attacks that have already made global headlines in recent years. Thus, it can be argued that the requirement for a TPM chip is an attempt by the company to be more proactive about protecting devices running its new operating system as the next major operating system for the next decade.
It is worth noting that Microsoft had required manufacturers of motherboards and central processors to adopt TPM 2.0 technology since the launch of Windows 10, and indeed the chip was widely supported at that time, but Microsoft did not force users or at least its partners from computer manufacturers such as Asus, Dell and HP. And Lenovo and others to activate this chip in order for Windows to work in the required safe manner, because it is often disabled by default. This is exactly what the company is trying to change or "fix" now with Windows 11.
In general, if you purchased a computer or laptop during the past few years or beginning in 2016 specifically, it is almost certain that your computer already contains a second generation TPM chip 2.0 which is exactly what Windows 11 needs to run. While if the device has a first-generation TPM chip or TPM 1.2, Microsoft says that it will still be possible to run Windows 11 (as long as it meets other operating requirements), but you will receive a warning that “upgrading is not recommended” before installing the system, because the second generation provides higher protection.
Does your hardware support TPM chipset or not
To find out if your device has a TPM chip or not, all you need to do is press the Win key + the letter X together, and a menu appears on the screen from which you choose Device Manager. In the window that appears, if you find the Security devices section, this means that your device is supported by this chip, and by double-clicking on this section, you can know which generation exactly your device is equipped with, 2.0 or 1.2.
Since the announcement of the operating requirements for Windows 11, there has been a complete chaos because the TPM chip may be present in most devices, but as we indicated before, it is not activated by default, and therefore Windows will not recognize that it is even present. So when you use the official Microsoft PC Health Check tool to see if the device is eligible for a free upgrade or not, you may discover that it is not eligible because there is no TPM 2.0 chip, although it may be supported, but it is just not enabled.
- How do Android applications work on Windows 11?
- What is Efficiency Mode in Windows 11 and how to activate it?
- How to go back from Windows 11 to Windows 10 without formatting
- How to enable the webcam turn on indicator in Windows 10 and 11
- How to Backup User Folder in Windows 10 or 11
- How to change the default browser for Windows 11
- Show seconds in the taskbar clock on Windows 10 and Windows 11
- The most important new features that will arrive in Windows 11 in 2023
This means that millions of people will have to open the BIOS screen and tamper with the security features in order to activate the TPM 2.0 chip, since this is the only way to do that. It is true that the process takes only a minute for someone familiar with dealing with the BIOS and the options in it, but this is not the case With all, especially for beginners who don't know what BIOS is!
This leaves room for many problems that are limited to misunderstanding and exploitation. As soon as Microsoft announced the operating specifications for Windows 11 and that the presence of a TPM chip is mandatory to run it, people rushed to buy separate TPM modules (which can be connected to the motherboard directly if it has a dedicated port for it). From stores such as eBay, Amazon, and even from the same manufacturers as Gigabyte and MSI, which led to insanely high prices, in order to avoid having to buy a whole new computer to get the upgrade to Windows 11.
Apart from supporting TPM chips, this is not the only important problem facing those wishing to upgrade. There is a bigger problem, which is that any device that works with an Intel processor older than the eighth generation is excluded from official support for Windows 11. This includes a huge number of devices that are considered new and may not have been sold. Until recently, even the expensive Surface devices offered by Microsoft will not be supported by the new system.
The reason here is also related to protection, so that all processors that support Windows 11, whether from AMD or Intel, include the technologies necessary to provide a high level of protection against cyber attacks, including internal support for TPM 2.0 technology, but note this warning does not mean that these devices cannot run Windows 11 It just means that Microsoft does not officially support them when running Windows 11, and the difference is big, by the way. Your device will still be able to run the new system (without the free upgrade) but at your own risk!
In any case, we hope that Microsoft will review the requirements for Windows 11 or at least reformulate them in light of the suspicions surrounding the "TPM problem", especially since a number of computers currently come with support for the TPM chip, but it is disabled for some reason. I think Microsoft needs to clarify this point well for everyone, as it has plenty of time to settle things before launching the new version.
The company can also either “relax” the requirements, for example, or allow all users to upgrade to Windows 11, only warning them not to use it if the computer does not meet the basic requirements, so that it disclaims responsibility for any damage that may occur.
In the end, we cannot blame Microsoft, as the obvious goal is that it wants to ensure that all devices that will run Windows 11 are equipped with the latest technologies and protection mechanisms available at this critical time.
