New version Windows is finally here, but if you want to upgrade from Windows 10, there’s a confusing new requirement: you need to enable a security feature called TPM on your computer. You’ve probably never heard of it yet, but it may already be on your machine – it may just shut down by default. If you have trouble upgrading an otherwise compatible device, a small switch may be responsible.
What are TPM and Secure Boot?
Microsoft’s Windows 11 system requirements refer to a new requirement that was not present in previous versions of the operating system: a trusted platform module (TPM). More specifically, it requires TPM 2.0, which was first published in 2014.
TPM is sometimes a chip that is built directly into the hardware of your device, or for the consumer PC in general – a type of firmware that supports your processor. TPMs are temper-resistant, which makes it incredibly difficult for someone to steal stored data or create cryptographic keys.
The reliability and security of this chip form is called “hardware root-of-trust”. Basically, TPM is a component that your system can always trust to stay safe, such as a fireproof lockbox in your home where you store important documents. It enables security features that help protect your computer, such as encrypting your storage drive or using logins such as fingerprints or facial recognition. This is only possible because your computer has a secure place to store encryption keys or biometric data that is not otherwise secure.
One of the many features that TPM enhances is Secure Boot. This feature prevents malware from running when you first turn on your computer by only allowing cryptographicly signed software to run (although you can turn it off if needed).
Why is it necessary for Windows 11?
For all the confusion about this new requirement, it really isn’t That Microsoft’s new pre-built PC, built in 2016, requires TPM 2.0 to run any version of Windows 10 for desktops. If you’ve bought a Windows 10 device from a store for the past few years, you already have a good chance of getting covered and you can install Windows 11 right now. Just the head Check for Settings> Windows Update> Update.
However, it still leaves a huge number of computers on the market. Custom-built PCs, for example, may use motherboards and processors that do not include TPM or enable it by default. Many Windows devices are secure, but some are not, and this makes it difficult to consistently turn on security features.
A great example of this is the attempt to erase the password of Microsoft account. Passwords are inconsistent, difficult for people to remember, and often easy for attackers to get past. The company has pushed for alternatives to passwords that use authentication on your phone, biometric data, and even a PIN that is safer and easier to use than a password if stored in TPM.
While some of these features are possible on devices without TPM, they are more secure if you have them. The need for TPM on all Windows 11 devices allows Microsoft to set up a security floor. The downside is that it can put some people behind an otherwise capable computer. For Microsoft, it’s worth making a tradeoff.
How to turn on TPM and secure boot
Leaving an old PC behind when a newer version of Windows comes out is not new, but this special requirement has confused many people because some computers Should Being able to run Windows 11 is just fine supposedly inconsistent.
This is partly because the initial version of the PC Health Check app, a downloadable tool from Microsoft that tells you if your hardware qualifies to upgrade Fortunately, the most recent version will tell you if TPM is a problem. If you make your own PC or someone else can do it for you, you may fall into this problem. Many motherboards are TPM compatible, but some gaming motherboards omit this feature in favor of other bells and whistles.