TPM or Trusted Platform Module is a small chip that is either embedded within your motherboard or CPU, as well as an optional bit of hardware that you can install yourself after purchasing one.
However, this rather niche item has come into the forefront of everyone’s minds who plans on upgrading to Windows 11, as Microsoft announced that the latest operating system will absolutely require a TPM 2.0 to even run it.
How does a TPM work and who made it?
It was created and is developed by the Trusted Computing Group (TCG). This nonprofit actively maintains and improves on the TPM, using the international standard ISO/IEC 11889 to ensure that it remains neutral between all the companies that use it.
The TPM is split into multiple parts (key generators, specific memory to store security keys, and a cryptographic engine), all of which are then used to handshake between the encrypted PC and the module which once it gives the thumbs up will boot the PC.
Usually found in business and enterprise uses, the TPM works alongside software-level protections like Secure Boot and BitLocker to help prevent the nefarious people who roam the internet from accessing vital components of the PC infrastructure.
Why Microsoft are implementing TPM requirements
The Director of Enterprise and OS Security, David Weston, wrote in a blog this weekend that 83 percent of businesses were affected by firmware attacks, while 29 percent are only now doing anything about it.
He also goes onto say that the TPM 2.0 is a “critical building block” of their security infrastructure with Windows Hello and BitLocker, thus Microsoft wants to bring this level of protection to the wider masses – especially in the wake of the constant ransomware attacks on PCs across the world.
TPM has been implemented in some form via CPU manufacturers – AMD and Intel – for a few years, but under varying names and sometimes not activated immediately. This has sent what should be eligible PCs into telling users that they’re not ready for Windows 11 due to the lack of chip, simply because it’s never been turned on before.
So what's the deal?
So what’s the bigger deal with the TPM? Well, unfortunately, it seems that with this additional requirement, a lot of older hardware will have to be either built upon with modules sold separately or in the worst cases, left to wither on Windows 10 in the oncoming suspension of support in 2025 (which is not as far as it seems!).
If you want to find out what the ‘tea’ is about Windows 11 and the TPM, we’ve got you covered, but in the meantime, keep your eyes out for the best motherboards and TPM modules available for Windows 11 in October – apparently.
Can I install a TPM?
If your motherboard supports it, you’ll be able to purchase a physical module and place it on. But check your BIOS and CPU to see if it’s got one built-in. You can see the recommended Windows 11 CPUs and then head into the BIOS once you’ve confirmed a match.
Are TPM modules interchangeable?
No, but there’s evidence that points to yes if you’re willing to put in the work. Your best bet is to check your motherboard manufacturer and buy a TPM from that brand.
Some motherboard manufacturers put plastic around the pins to prevent it from falling out, but then others build their modules a little bigger or wider than the plastic, meaning it won’t fit without some modifications – which you don’t want to do.
Can TPM 1.2 run Windows 11?
As of right now, no. Microsoft originally put 1.2 as an optional method in their blog post about the recommended specs and unfortunately, took it out along with the whole hard floor for meeting the requirements.
Can TPM 1.2 be upgraded to 2.0?
Only a select few chips have this option, so you’ll absolutely want to just buy a 2.0 module if possible. Most CPUs with fTPM and PTT will be running 2.0 these days regardless. This requires your motherboard to have the ability to switch to UEFI.
If you’re on a Dell system, you might want to check their support article which details which PCs can have their TPM upgraded via firmware. This is mostly systems between 2015 and 2018, but 2019 onwards all ship with 2.0.
Can TPMs be turned off or disabled?
Yes! In the BIOS, just head to the TPM settings (usually in Advanced sections) and turn it off. If your PC is encrypted, you will have to go through the decryption first or lose access to everything.
Where is TPM in the BIOS?
Check in your advanced settings! Every motherboard has its own location for it, but here’s a rough idea of where to look for each major brand:
GIGABYTE TPM BIOS Location: Advanced Mode > Settings > Misc > Intel PTT or AMD fTPM > Boot > Secure Boot > Enabled > CSM Support > Disable > Save > Restart
Dell TPM BIOS Location: Security > TPM 2.0 Security OR PTT Security > TPM On OR PTT On > Save > Restart
ASRock TPM BIOS Location:
MSI TPM BIOS Location: Security > Trusted Computing > Security Device Support > Enable
Or: Choose AMD fTPM or Intel Platform Trust Technology
ASUS TPM BIOS Location: Advanced > PCH-FW Configuration/AMD fTPM configuration > PTT or fTPM
NZXT TPM BIOS Location: Advanced > Trusted Computing > Security Device Support > Enable > Save and Exit > Restart