Photo: Lipowski Milan – shutterstock.com
It’s very likely that you didn’t even think about whether your PC has a Trusted Platform Module (TPM) for a long time – until Microsoft published the system requirements for Windows 11. Learn what a TPM is, how to find out if your system has one on board, and how to activate it.
A Trusted Platform Module is a security chip that can be built into laptops and most desktop PCs. It is basically a key safe and an encryption device that can add to the level of security.
For example, if you are using a PC, the TPM is activated when you start the computer and the other components become active. When all hardware is ready, the operating system will load. In a secure environment, the PC first ensures that the operating system is safe. It may also not trust the surrounding hardware, so it checks that too. However, without a reference point, the computer cannot “know” whether parts of the system have been tampered with. If a Trusted Platform Module is on board, the information can be compared with that in the blocked area. If the data matches, the boot process will run normally. If they don’t, alarm bells will ring.
TPMs were originally available as stand-alone chips and were primarily used in corporate computers. The reason: Mainly B2B customers were willing to pay the fee for the Trusted Platform Module. For some time, however, both AMD like information Firmware-based TPMs in their CPUs, meaning TPM support is now available on a much wider basis: Nearly every 2013 Intel CPU (e.g. Haswell) made for Windows 8.1 has a firmware-based TPM.
It is important to note that even if firmware TPM is present in the CPU, it does not mean that every PC can access it immediately. This may require a BIOS or UEFI update. While most PCs from major manufacturers typically have this feature, many commercially available motherboards often don’t have this feature in the BIOS or it’s not enabled by default.
In the desktop space, many motherboards have an unpopulated TPM slot option. If you want to enable a discrete, CPU independent Trusted Platform Module, you can install it here. Consumer hardware generally does not contain TPM as this is an additional cost factor. If your motherboard has not implemented firmware TPM support and the installation of: windows 11 gets in the way, it might be worth looking for a compatible module. It’s a good idea to choose a module from the same motherboard manufacturer and year: while TPM chips can be out-of-the-box, the actual physical connections and the way the BIOS/UEFI interacts with them are unique.
To find out if your PC has a Trusted Platform module, tap “tpm.msc” in the search bar of your Windows 10 PC. In the Trusted Platform Module Management app, scroll down to TPM Manufacturer Information to verify that a TPM is installed and certified. In addition, you can also use open source software to test your system for compatibility with Windows 11.
Photo: Mark Hachman/IDG
A distinction is made between discrete and integrated (firmware-based) TPMs. In general, a discrete Trusted Platform module is considered better because it supports more encryption algorithms. But it also requires more space and costs more.
TPM support will cause problems on many older Windows 11 related devices. But even newer computers aren’t immune to it and can raise warning messages in Microsoft’s Windows 11 requirements. Verify that no Trusted Platform Module version 2.0 is installed. As a result, you either need to buy a suitable TPM or activate the firmware TPM integrated in newer CPUs. So the configuration has to be changed from a discrete TPM to the firmware variant. This setting may vary depending on the motherboard and device manufacturer. It’s just “TPM” on some motherboards, Intel Platform Trusted Technology on others, and fTPM in the case of AMD motherboards.
To enable the option, you need to dig into your PC’s UEFI. Don’t do this on a working PC without backing up first. Success isn’t guaranteed with this mission either: While some users report success, others struggle with sporadic blue screens that haven’t gone away even after disabling the TPM firmware in the UEFI. It is very likely that motherboard manufacturers will release new UEFIs. With that, they will probably want to wait until a newer UEFI/BIOS and Windows 11 itself is available.
A Trusted Platform Module is just one of the many things you need to install Windows 11: You also have Secure Boot and the UEFI mode activate. This should work fine on most computers made in the last three or four years. It gets exciting with older hardware. (FM)
This post is based on an article from our US sister publication PC World.