What is Trusted Platform Module (TPM) and how does it work?

Although most home users don’t spend much time on it, computer security is critical. So important that many business computers have special hardware (such as smart card readers), making it difficult to hack or otherwise compromise them.

A TPM (Trusted Platform Module) is becoming a standard feature on new computers, especially on business computers. So what is a TPM and why would you want one?

Why should you care about TPM?

Until recently, the only people who had to worry about TPMs were those who worked in large companies where network security is a top priority. People working from home on their PC or those who mainly use their computers for gaming and entertainment didn’t need to know about TPMs.

However, with the announcement of Windows 11, it has suddenly become one of the most important three-letter acronyms in the computer world. This is because Windows 11 requires a Trusted Platform Module in a computer to run at all. Specifically, it requires TPM 2.0, although these requirements are subject to change at Microsoft’s discretion.

Support for Windows 10 ends on October 14, 2025. It will no longer receive security patches or further updates from Microsoft. At that point, you either need to disconnect your computer from the Internet or upgrade to Windows 11.

As it stands, you simply cannot upgrade, nor can you continue to use Windows 10! Unless you’re switching to Linux (good idea!) or some other Windows alternative, you’ll have to buy a new computer. That’s true, even if your existing one is still OK! Microsoft may water down its stance in the future, but right now, that’s the reality of the situation.

Now that you know why the TPM problem is essential, let’s take a closer look at what a TPM is.

The TPM is a chip

The TPM is a physical part that is usually built into your motherboard. Inside, there are many components that allow the TPM to do its job. What is his job exactly? These are the main tasks that a TPM performs:

  • The TPM securely stores passwords, security certificates and encryption keys and prevents unauthorized manipulation.
  • It securely stores information about the computer so that it is easy to detect if someone has tampered with the computer.
  • A TPM can safely generate encryption keys so that the process cannot be spied on or disrupted.

Aside from these features, the TPM also contains a hardwired, unique and immutable encryption key, making it impossible to replace or tamper with.

In a nutshell, the TPM is a special piece of hardware on your motherboard that enables secure computing and authentication. Well, unless you have fTPM or TPP.

fTPM and PTT

fTPM (firmware TPM) and PTT (Platform Trust Technology) are the respective names of AMD and Intel for “firmware” TPMs. Instead of a dedicated chip on the motherboard, the Trusted Platform Module functionality exists in the CPU’s firmware. fTPM and TPP are integrated in most modern AMD and Intel processors, but the feature must be activated for it to work.

This is where things can get a little complicated. Usually motherboard manufacturers disable the firmware’s TPM functionality by default, but you can then manually enable it in your BIOS or UEFI menu. However, since every motherboard make and model may be different, you should refer to your motherboard manual for specific instructions on how to activate your firmware TPM.

In some cases, despite your CPU having a firmware TPM feature, your motherboard may not have the ability to enable it. Some low-end or gaming oriented motherboards may not have the option as they are not aimed at business customers. Hopefully, in light of the Windows 11 requirement, most motherboard manufacturers will release this firmware updates for their motherboards, adding the feature. If not, you may at least need to replace your motherboard.

Can I add a Trusted Platform module?

What if you don’t have a physical TPM on your motherboard and have no prospect of using a firmware TPM? In some cases, it is possible to purchase a TPM as an add-on. However, your motherboard must explicitly support the upgrade and have the required TPM header. Without a TPM header, you can’t install the TPM anywhere.

At the time of writing, TPM upgrades are surprisingly expensive, so take the time to compare the cost of a TPM module to the cost of a motherboard replacement.

How to Check for a TPM

If you are using Windows 10 and want to confirm that you have an existing and working Trusted Platform module, do the following:

  1. press the Windows and R keys together. The Run dialog should open.
  2. Type rpm.msc and press Enter
  1. Once the TPM Management window opens, make sure it says: “The TPM is ready for use” under Status. Then confirm that the specification version under TPM manufacturer information is: 2.0 or higher

If both pieces of information are present and correct, you are good to go. Note that it will not show up here in the case of a firmware TPM unless it is enabled in the BIOS.

Windows 11 needs more than just a TPM

While the Trusted Platform Module has received most of the attention in the general panic over Windows 11 requirements, having a TPM in your computer isn’t enough on its own. While Windows 11 isn’t that power-hungry in terms of specs, it also has other rather surprising requirements.

Chief among these is the need for CPUs of a particular generation. You need a computer with at least an 8th Gen Intel CPU or 2000 Series Ryzen CPU, otherwise Windows won’t work. Again, that is as far as we know at the time of writing.

So despite having more than enough computing power, high-end 6th and 7th gen Intel CPUs and 1000 series Ryzen CPUs are limited to Windows 10.

The only way to ensure that your current computer meets all current requirements is to go to the official Windows 11 requirements page to manually check each requirement. Unfortunately, Microsoft has withdrawn their Windows 11 Health Checker app for the time being. You can also try the third party and open source WhyNotWin11 Applicationbut you do this at your own risk!

Leave a Reply

Your email address will not be published.