TPM 2.0 is a somewhat controversial requirement for Windows 11, and now we have a better idea as to why it's needed.
What you need to know
- Microsoft explains in a new blog post how Windows 11 "enables security by design from the chip to the cloud.".
- The company explains that requirements such as TPM 2.0 chips help ensure hardware-based security.
- TPM 2.0 is a "critical building block" of Windows Hello and BitLocker, according to Microsoft.
The minimum requirements of Windows 11 have brought TPM 2.0 into the spotlight. TPM stands for Trusted Platform Module. Even though TPM 2.0 has been in new PCs for years, it's a technology that many hadn't heard of until this week. A new security blog post from Microsoft's director of enterprise and OS security, David Weston, explains the importance of TPM 2.0. The post also runs through some of the other security benefits of the new operating system.
Before diving into Windows 11, Weston runs through some of Microsoft's previous security efforts, including secured-core PCs and spending $1 billion per year on security. He then provides insight into some of the security aspects of Microsofts new operating system.
"All certified Windows 11 systems will come with a TPM 2.0 chip to help ensure customers benefit from security backed by a hardware root-of-trust," explains Weston.
TPM is a chip that's integrated into a motherboard on a PC or added to a CPU. It helps protect sensitive data, user credentials, and encryption keys. It helps protect PCs from malware and ransomware attacks, which are becoming more common.
Specifically, TPM 2.0 is a "critical building block for providing security with Windows Hello and BitLocker to help customers better protect their identities and data," as explained by Weston.
TPM 2.0 is a "critical building block" for Windows Hello, according to Microsoft.
Weston also highlights that Windows 11 has out-of-the-box support for Microsoft Azure Attestation, which lets people enforce Zero Trust policies with supported mobile device managements.
Windows 11 also supports virtualization-based security, hypervisor-protected code integrity, Secure Boot built-in, and hardware-enforce stack protection for supported hardware from Intel and AMD.
The blog post is an interesting read for security professionals and those worried about device security, but for many people, the main takeaway is that TPM 2.0 isn't a Windows 11 requirement for an arbitrary reason.
It's worth noting that the soft floor and hard floor minimum requirements are different for Windows 11. There's a chance that people will be able to get Windows 11 to run on devices with older TPM 1.2 chips, though we're waiting for more clarity on the situation.
No comments: