With Windows 11, some PCs may be left behind due to TPM, and this causes a lot of confusion

Windows 11 Surfacepro taskbar iconsSource: Daniel Rubino / Windows Central

As we noted a week ago, Windows 11 turns out to be much more than just a new Start menu. New Store, Android apps, Live Storage, Auto HDR, new touch UX, and upcoming new features like touch pens make Windows 11 an important overhaul of the six-year-old Windows 10.

But there was one element we didn’t expect when it came to the major changes related to Windows 11 and that was the obvious cut any PCs can get Windows 11 upgrade for free. This topic causes a lot of confusion. This is what we know and what we don’t know about.

Why are there TPM requirements at all?

Microsoft is clearly positioning Windows 11 as the next major operating system for the next decade. Although it’s not a complete break from Windows 10, some older PCs won’t do the cutting.

The biggest motivation here seems to be security, as Microsoft recently explained in a blog post.

TPM (Trust Platform Module) is nothing new for computers. It dates back to the mid-2000s as the international standard for a secure cryptographic processor. Although there are versions for software as well, such as fTPM, the TPM is a physical hardware chip that is used to store encrypted information while also ensuring a secure boot environment.

In the real world, the TPM allows things like:

  • BitLocker Drive Encryption
  • Windows Hello PINs and Biometrics
  • Windows Defender System Guard
  • Computer tamper detection
  • virtual smart card
  • credential guard
  • secure boot

With the TPM, BitLocker securely stores the encryption key and biometrics in Windows Hello. This ability is the reason for Windows Hello protection. Your biometrics, such as your fingerprints or facial recognition data, are not transmitted to the cloud; Instead, the devices on your computer are encrypted so that the information cannot be retrieved or reverse engineered to bypass the login process to your computer.

Secure boot is becoming increasingly important as well. From the Microsoft documentation:

Secure Boot is a security standard developed by members of the personal computer industry to help ensure that a device boots using only software that is trusted by the original equipment manufacturer (OEM). When the computer starts, the firmware checks the signature of every part of the boot program, including UEFI firmware drivers (also known as Option ROMs), EFI applications, and the operating system. If the signatures are correct, the computer boots, and the firmware gives control over the operating system.

Hello Passort scheme

The role of the TPM in Windows Hello and Microsoft Passport security.Source: Microsoft

Microsoft is drawing a line about security and saying that to use Windows 11 PCs from now on, you need to enable this feature.

The good news is that TPM 1.2 (more on that below) goes back to 2005. TPM 2.0 goes back to 2015, and most PCs are supposed to ship with it, although this doesn’t always seem like that, especially if you’re building a king.

I realize this is all just techno mumbo jumbo to many consumers, but Windows PCs have a long history of security issues. Microsoft has come a long way since Windows 10 to secure its operating system as much as possible, and Windows 11 is taking a tougher stance.

What is required for Windows 11?

Check Tpm Windows

Win + R and typing “tpm.msc” tells you about the TPM on your computer.Source: Daniel Rubino / Windows Central

Even the requirements for Windows 11 are a bit confusing due to the fact that there are “hard” and “soft” cutting floors for the update. Many PC makers now offer instructions on which PCs to get.

Update: Shortly after this article was published, Microsoft removed the hard/soft floor distinction for Windows 11. The changes seem to merge the two as you can only get a 1GHz CPU, but it should be in the supported list. TPM 1.2 is no longer mentioned.

A hard floor is what most people with older computers should look at. If your PC doesn’t meet these criteria, you can’t get Windows 11. Additionally, a solid floor requires “greater or equal to” TPM 1.2, secure boot capability, 4GB of RAM, and 4GB of RAM. 64 GB, at least a dual-core processor A processor faster than 1 GHz.

These are not strict requirements for a forward-looking operating system in 2021.

Soft flooring requires TPM 2.0 (which began shipping on all PCs around 2016/2017) and requires specific processors. These are devices that can be updated for free without any caveats.

Soft ground seems to be what Microsoft’s Microsoft Health Check app is looking for and where a lot of confusion occurs.

In fact, the most important issue here may not be the TPM requirements, but the fact that any Intel CPU Older than the eighth generation Windows 11 doesn’t break. Unfortunately, that includes a lot of Surface devices, including the Surface Studio 2 and Surface Pro 5. This warning doesn’t mean that these PCs can’t He runs Windows 11; It just means that Microsoft doesn’t do that the support them running Windows 11. It’s an important distinction.

Gaming PCs and TPM: present (but not enabled)

CLX RA

Source: Daniel Rubino / Windows Central

One issue that’s hard to navigate through the entire upgrade process is that many gaming PCs have a TPM on the motherboard (it’s a physical chip, after all), but it’s not enabled. For example, this was the case on the CLX gaming PC, which initially failed Microsoft’s check for compatibility with Windows 11.

Dan Clx Bios Safe Boot

Enable Secure Boot on a 2021 gaming PC.Source: Daniel Rubino / Windows Central

The solution was to go into BIOS and enable Secure Boot and Intel Platform Trust Technology (PTT). It took 30 seconds, and my PC is now compatible with Windows 11, which is reasonable considering it’s a new PC for 2021 at $7,500!

You see, the problem is Some Computers have the hardware, but they are not enabled. The Microsoft Health Check app isn’t eligible for the reason your PC doesn’t meet the requirements, although we’ve heard that Microsoft will update the app soon to address this. It’s also not clear that you can run a software check to see if your computer has TPM 2.0 if the unit is present but broken.

Here’s the most important issue: Does Microsoft want to send thousands (millions?) of people into their computer’s BIOS to start messing with security features? Again, you can see how that leaves room for a lot of problems.

At least for new PCs selling Windows 11 pre-installed, this won’t be a concern.

What happens if your computer does not have a TPM 2.0 or modern processor?

Pc Health Check Application Update Wizard

Sorry, your cpu is not good. But, is it really?Source: Daniel Rubino / Windows Central

we do not know. Microsoft says:

Devices that are not compatible with hard floors cannot be upgraded to Windows 11, and devices that meet soft floors will receive a notification that the upgrade is not recommended.

It seems that if your computer has a TPM 1.2 (which is incredibly old) and at least a 1 GHz processor, you can still get Windows 11; It is just “not recommended”.

Amazon Tpm Chip

Gigabyte GC-TPM Trusted Platform Module.Source: Amazon

But what this process looks like is currently unknown. We expect Windows 11 to start rolling out in October and into early 2022, like previous Windows updates. So my hunch is that users can still perform the Windows 11 upgrade, but there may be some caveats about it not being recommended.

To be clear, Windows 11 works well on older hardware. It’s not like older Intel 6th Gen processors can’t handle the OS — far from it. This discussion is all about security.

For those who build their own gaming PCs, if your motherboard doesn’t have TPM 2.0, you can buy the module ($30) and install it yourself. Just make sure your motherboard doesn’t already have it because many modern motherboards have it, even if it isn’t enabled.

Will Microsoft comply with Windows 11 requirements?

If I had to guess, Microsoft Maybe Modifying some of these requirements and even phrasing around Windows 11 as we go along. At the moment, the scope of the “TPM problem” is unknown, when it comes to the number of computers that are present with the TPM disabled.

Microsoft has four months to figure out how to tackle the problem. It can either relax the requirements or allow affected users to use Windows 11 even after they have been advised not to use it.

In some ways, this disaster is unfortunate but not rare. Apple and Google routinely cut off hardware for new operating systems. My late 2017 Google Pixel 2 won’t get Android 12 even though it can run perfectly. Microsoft doing the same in the name of security is essential to driving standards forward, especially in the age of ransomware, where the TPM plays one role in the ever-growing security infrastructure.

How to check if your computer has a Trusted Platform Module (TPM)

I think the biggest problem looming isn’t even the TPM, but processor compatibility. Microsoft has done this in the past, but these are known as “soft blocks”. For example, Windows 10 21H1 does not officially support Intel 4th Gen “Haswell” chips, but you can still run Windows 10 on those processors without problems. Microsoft seems to be doing the same here. There will be soft blocks for incompatible CPUs, but you can still install Windows 11 on the Surface Pro 5; It just won’t be “supported”.

Regardless, I think it’s clear that Microsoft needs to get clearer messages about this update as there will be a lot of confusion going forward.

We may earn commission on purchases using our links. Learn more.