What Is a Trusted Platform Module?
A TPM, or a trusted platform module, is a physical or embedded security technology (microcontroller) that resides on a computer’s motherboard or in its processor. TPMs use cryptography to help securely store essential and critical information on PCs to enable platform authentication. They store a variety of sensitive information—such as user credentials, passwords, fingerprints, certificates, encryption keys, or other important consumer documentation—behind a hardware barrier to keep it safe from external attacks.
While the use of TPM technology has been part of enterprise IT for more than a decade, in 2001, Microsoft announced that TPM 2.0 was one of the hardware-based security requirements for any device running the Windows 11 operating system. This was one of the first instances of Microsoft requiring TPM use for everyone, including small and medium-sized businesses and consumers. TPM implementations are typically designed to meet an international standard created by the Trusted Computing Group (TCG). TCG is a computer industry consortium that created the original TPM standard, which was later adopted by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) and subsequently named ISO/IEC 11889.
Benefits of a TPM
Cyberattacks occur more often and are more sophisticated. A TPM enhances your machine’s security protections at the hardware level to help you proactively combat potential attacks in several ways:
- Anti-malware and ransomware: TPMs provide secure storage for sensitive data to help prevent unauthorized access and mitigate the risk of data breaches and cyberattacks.
- Data protection and encryption: Using cryptography, TPMs help ensure the safety of confidential information.
- Hardware-based root of trust: As a physical component of the motherboard or processor, a TPM provides a foundational level of hardware-based security to help combat advanced threats that software-only solutions cannot address.
- Secure boot and code integrity: TPMs allow your system access to features like secure boot, a secure standard that ensures your device boots using only trusted software, and code integrity, a threat protection feature that checks the drivers and system files on your device for signs of corruption or malicious software.
How a TPM Works
A TPM generates and stores parts of encryption keys for PCs that can be used to lock systems or sensitive information and protect them from intruders.
For an example of how a TPM works, consider the power-up process for turning on a device such as a laptop. When the device is powered up, the TPM authenticates it. The TPM provides a cryptographic key to unlock the encrypted drive, and if the key is validated, the computer will boot up as normal. If the cryptographic key is tampered with, the computer won’t start.
Windows 11 TPM 2.0 Requirement
Along with other processor, RAM, storage, and firmware requirements, using Windows 11 on a PC requires TPM version 2.0.
The TPM 2.0 requirement aims to elevate the Windows security baseline of the millions of individual PCs used worldwide. Ultimately, this will help keep all computer users more secure while simultaneously making it much harder for hackers to commit cybercrimes.
Windows Security Features
There are many Windows Security features that require both TPM 2.0 to function and support your TPM’s ability to secure your PC. Measured Boot, an antimalware software that detects runtime malware; BitLocker, which provides encryption and assesses data theft threats; and Device Encryption, which protects your data by necessitating a decryption key, all work in tandem with TPM 2.0 to provide cybersecurity to your system.
PC Check for TPM 2.0
The good news is that if you have purchased a PC in the last several years, you likely already have a TPM capable of running TPM 2.0 installed on your computer.
However, it’s possible that the TPM on your device has been turned off in the firmware by the computer manufacturer, and you may need to enable it.
To confirm that your machine has TPM 2.0 and to check if it is enabled, follow these recommended steps from Microsoft.
- Confirm your computer’s eligibility to upgrade to Windows 11. Alternately, if your PC has an Intel® processor, check if it meets Windows 11 minimum system requirements.
- After confirming eligibility, choose one of two options to check if your PC’s TPM is enabled and that you have TPM version 2.0.
- Option 1: Use the Windows Security app.
- Option 2: Use the Microsoft Management Console.
How to Enable TPM 2.0
If you determine you need to enable the TPM on your machine, you will need to access settings that are managed in the UEFI BIOS.
If you are unsure how to adjust TPM settings, we suggest consulting your PC manufacturer's support resources. Here are links to support information for some common manufacturers:
PC Upgrade to TPM 2.0
If you determine that your PC does not have TPM 2.0 installed, you may still be able to upgrade your system with its current hardware. First, check with your PC manufacturer to verify that your computer’s hardware can support the upgrade. Once verified, determine the correct security processor firmware that corresponds to your PC model. If your system cannot upgrade to TPM 2.0 using firmware, you may need to update your computer’s hardware.
Alternatively, you may consider upgrading your PC to a newer model that provides improved productivity, performance, and security benefits, including TPM 2.0 support.
Staying Secure in Today’s Landscape Requires TPM 2.0
Cybersecurity today is anything but constant. Hackers are becoming more sophisticated by the hour. Attacks are accelerating, and the outrageous costs associated with cybercrimes and security breaches can easily put companies out of business. For businesses wanting to meet these challenges and stay secure, upgrading to TPM 2.0 is imperative.