Windows 11 requires TPM 2.0, which has tripped up a lot of PC builders. Here’s what TPM does and why you might need it.
Microsoft just released Windows 11, and a lot of PC builders are tripped up by an odd system requirement: TPM 2.0. A TPM, or Trust Platform Module, is a dedicated processor that handles hardware-level encryption. It’s the device that allows you to use biometrics to log in to Windows and encrypt data on your device. Still, it’s tough understanding what a TPM is, and more importantly, why you need one for Windows. We’re here to help you cut through the cryptographic weeds so you can get your PC up to spec to install Windows 11. A TPM is a chip that lives on your computer’s motherboard. It’s a dedicated processor that handles encryption, holding part of the secret key you need to decrypt data on your device and access services. In the case of the upcoming Windows 11, the TPM can store things like your biometric data for Windows Hello and part of the encryption key for BitLocker. That’s not the only purpose of a TPM, though. It can store any part of a secret you need for decryption, regardless if that’s a password, certificate, or encryption key. Furthermore, the TPM stores this information on actual hardware, not through software. That means software attacks can’t expose the secrets you have stored on the TPM. A dedicated TPM further raises security thanks to a static Endorsement Key (EK) certificate. This certificate lives on the module and never changes, verifying that any component communicating with the TPM is, indeed, communicating with the TPM. In short, a TPM helps you protect your most sensitive data. Because the device lives on your motherboard, it doesn’t need to communicate with any server or require further, offsite authentication.
