What are TPM and Secure Boot that Windows 11 is requiring?
This question was answered on October 14, 2021. Much of the information contained herein may have changed since posting.
As the buzz around Windows 11 continues to grow, Microsoft has taken steps to ensure what it calls ‘The Most Secure Version of Windows Ever’.
Internet-connected devices are in a constant battle with potential threats from the outside world with Windows being one of the most targeted pieces of software in use.
Protecting a Windows-based computer has generally been done through software such as anti-virus or anti-malware programs that load up during the Windows startup process.
Sophisticated malware that gains access to a computer at the same level as the anti-virus program can disable it, which is why it only goes so far to provide protection.
A computer industry consortium created a hardware approach to improve overall security that is known as TPM.
Trusted Platform Module (TPM)
By providing a security system in the hardware, it makes it much more difficult for malicious code to be successful at the software level.
It’s essentially a chip that is integrated into the hardware that acts as a bit of a gatekeeper. Think of it as a security keypad on the outside of a secured building that acts as the first line of protection.
The code you punch in determines what you can do once you get inside the building and the same holds true automatically via TPM.
The current iteration is called TPM 2.0 and will be required to be in use in order to install or upgrade to Windows 11.
Microsoft has actually been requiring TPM 2.0 to be implemented by computer manufacturers installing Windows 10 since July of 2016.
If your computer is newer than that and came from the manufacturer with Windows 10, TPM is likely already being used.
In some cases, you may have TPM available in your hardware, but it needs to be turned on in the ‘Unified Extensible Firmware Interface’ (UEFI) and the steps differ depending upon your specific hardware. If you’re not familiar with accessing and changing settings in the UEFI which replaced the BIOS in older systems, I’d suggest you get some help.
This is another security feature built into your hardware that only allows approved operating systems to load.
This is designed to prevent malicious code from loading at startup, as the hardware will only hand over control of the computer to an approved operating system.
The most dangerous types of malware in the past tried to take over the computer during the startup process, which is prevented when Secure Boot is activated.
TPM 2.0 and Secure Boot are not the only requirements to qualify for Windows 11 as your processor will be a big factor as well.
If you have an Intel processor, it will generally need to be 8th generation or newer, which means computers built from mid-2017 or newer.
If you have an AMD processor, it will need to be Ryzen 2nd generation or newer, which means computers built from 2018 or newer.
As Microsoft rolls out this free upgrade, you’ll be automatically notified via the Windows Update screen if your machine is compatible.
You can also manually check your computer’s compatibility here: https://bit.ly/3lLuUNL
Even if your computer is compatible, we always suggest holding off for a while unless you’re a hobbyist or IT professional that understands the challenges of a new OS.
About the author
Posted by Ken Colburn of Data Doctors on October 14, 2021