Microsoft has announced one of the requirements for Windows 11 is to enforce the Trusted Platform Module (TPM) chip. You may not know it but Windows 10 can already take advantage of the Trusted Platform Module. However, over the past few years Microsoft has been tweaking Windows extensively to improve its security, and as time goes on information security standards need to be bumped up to protect us against malicious attacks. Microsoft believes hardware and firmware based attacks are on the rise. This is why Microsoft is now enforcing the Trusted Platform Module (TPM) chip. But what is it?
“The Trusted Platform Modules (TPM) is a chip that is either integrated into your PC’s motherboard or added separately into the CPU,” notes David Weston, director of enterprise and OS security at Microsoft. “Its purpose is to protect encryption keys, user credentials, and other sensitive data behind a hardware barrier so that malware and attackers can’t access or tamper with that data.”
To the hardware savvy that doesn't even explain much. To elaborate, a Trusted Platform Module (TPM) is a special chip that is designed to securely store specific pieces of data used to authenticate the device. This can be passwords, signing certificates, or encryption keys. Other common use cases are Platform Integrity - aka ensuring the device boots with an approved mix of hardware and software and not something malicious, disk encryption, and even Digital Rights Management (DRM).
Microsoft's inaugural Security Signals report for March 2021 showed us that 80% of enterprises have experienced a firmware attack during the past two years, however, less than a third of their security budgets are dedicated to protecting firmware. There are already many variants that have been out in the wild, with names like RobbinHood, Uburos, Derusbi, Sauron and GrayFish, ThunderSpy, and many more.
Note that this doesn't mean you won't be able to run Windows 11. Unless your CPU is extremely old, you probably have TPM 2.0 in your hardware already. A Windows 11 compatibility tool has been released by the Microsoft Director of OS Security - even if it declines you here though, check your hardware documentation, you may need to enable it in your BIOS settings.