That’s it, Windows 11 is out! If the operating system is intended to officially succeed Windows 10, some PCs running on Microsoft’s current OS will not be eligible for the new version. The main problem comes from the presence (or not) of the TPM 2.0 chip on the motherboard of the PC. We explain everything there is to know about the famous module which has been making so much talk for some time.
Since its announcement in June 2021, Windows 11 has wiped a torrent of criticism regarding its compatibility. To run the new operating system, the PC must have a puce TPM 2.0 (Trusted Platform Module), a device put in place by manufacturers many years ago. It is also necessary that the chip in question is of the latest generation: because according to Microsoft, the first models are not supported by Windows 11.
But in fact, what is it for, a TPM 2.0 chip ? From what generation of motherboard is it found? Do we have to change everything or can we add it to a PC without having to buy a new configuration? And why some recent configurations seem not to have it? In short, it’s not easy to navigate, which is why we have undertaken to help you see more clearly with the help of this little tutorial.
What are the minimum recommended requirements for installing Windows 11?
According to Microsoft, here is the necessary list of components needed to install Windows 11 on PC:
- 64-bit 1 GHz processor with at least 2 cores
- 4 Go of RAM
- 64 GB of storage space
- UEFI compliant firmware with secure boot
- Making up RPM 2.0
- DirectX 12 compatible graphics card with WDDM 2.0 driver
- High definition 720p screen with a diagonal greater than 9 ″
- Internet connection and Microsoft account required for Windows 11 Home edition
What is a TPM chip and what is it for?
The role of a TPM chip is mainly to store encryption keys. It is a component completely independent from the rest of the machine.
Originally, it was a small chip that was originally to be added to the motherboard of a PC. Today, the TPM is a component that is directly integrated into it. Clearly, if the TPM was initially in the form of a separate chip, it is now directly integrated into the firmware of the motherboard.
The first TPM components were first marketed in 2006, but only a few laptops and professional computers benefited from them at the time. In fact, it was not until the standardization of ISO / IEC 11889 in 2009 that PCs really began to take advantage of this technology. The module has become democratized over the years, to become today a standard available on all PCs, whether it is a desktop machine or a laptop.
Which PCs benefit from an integrated TPM chip?
There have been different iterations of the TPM component. The latest is version 2.0. If its validation dates back to 2014, it will be necessary to wait until 2016 to see TPM 2.0 appear on a large scale on motherboards. In summary :
- if your PC is from before 2016, there is a good chance that it will be considered obsolete by Windows 11. Some motherboard models marketed between 2014 and 2016 are nevertheless likely to benefit from the module, but they are rather rare. You will not be able to have the new operating system installed through Windows Update. On the other hand, you will be able to perform a complete installation of Windows 11 using the ISO file and copying it to a bootable USB key.
- if your PC is after 2016, you should be able to install Windows 11 without too much difficulty. On the other hand, it may be necessary to activate the TPM 2.0, as we will see it a little later, because the module is not necessarily activated by default.
Why do I need a TPM chip to install Windows 11?
The TPM module is used to store encryption keys. Concretely, this functionality offers the possibility of “materially” managing the data encryption key. In the case of Windows, it can be used by Bitlocker. What is it for ? Introduced with Windows Vista, Bitlocker secures an entire hard drive. In the event that Bitlocker is not set up on a PC, and if this same PC were to be stolen, it would be enough to remove the hard drive and plug it into another PC to read its content.
On the other hand, once Bitlocker technology is activated on a PC, it is impossible to use the data stored there. Bitlocker supporting XTS-AES 128 and 256 bit keys (a very strong protection system), the data is considered inviolable.
In its early versions, Bitlocker stored its decryption key on a USB stick. Today, it is stored on the famous TPM in question here. This gives the system much more security. To identify himself, the user can always use a USB key or a device such as a fingerprint sensor.
Microsoft is fully aware that the need for a TPM 2.0 chip will force a certain portion of users to stay on Windows 10. A clearly assumed position by the Redmond firm. David Weston, in charge of the development of the OS, thus indicated in the columns of CRN:
“A lot of stuff around this initial Windows 11 release is not the goal, just the first stop on the journey. We say “we can now guarantee that you have a TPM chip.” This means that I am sure the developers are storing sensitive information regarding identification in the hardware ”. We couldn’t guarantee this on Windows 10 when just a small percentage of users had it. (…) No more applications will no longer need default passwords. More will be able to encrypt their data. “
Clear, no TPM no party. Microsoft’s goal is to create an ultra secure computer park and Windows 11 should greatly contribute to this task.
How to check the presence of the TPM 2.0 chip on your PC?
To check that your PC does have a TPM 2.0 component and that it has been activated, two solutions are available to you since Windows 10. The first is to refer to the indications of the Windows Security application. Proceed as follows:
- Launch the module of Settings by simultaneously pressing the keys [Windows] + [I].
- Then go to Update and security.
- Click on Windows Security.
- Select option Device security.
- In the section Security processor, click on Security chip details. You should see the TPM version of your PC there. If it is edition 2.0, your configuration is eligible for Windows 11. If the version of the TPM chip is lower than 2.0 or if you do not have one at all, you will still be eligible for Windows 11. The system will need to be installed using ISOs. But beware: eventually, you will no longer have operating system updates. Your PC may therefore find itself powerless in the coming months and you will then have to reinstall Windows 10 or an alternative OS. In the event that your machine is not compatible with Windows 11 at all, it is better to consider a change of hardware configuration (of course, it hurts the wallet).
If you want to verify the presence and activation of the TPM 2.0 component on your computer, there is another way to do this. Here’s how to do it:
- In the Windows 10 search box, enter the term msc. Launch the application that appears in the results.
- The tool of Managing Trusted Platform Module on the Local Computer. The TPM chip and its version number should then appear, as in the screenshot below.
How to activate the TPM 2.0 chip?
Depending on your motherboard model and manufacturer, the TPM chip may not be enabled. As a result of which your configuration may appear ineligible, although it should be. Rest assured, the activation of this small component is ultimately quite simple. Start by accessing the UEFI of your machine. For this, you have the choice:
- From Windows 10, go to the settings module (keys [Windows] + [I]), then click Update & Security> Recovery> Advanced startup> Restart now. Click Troubleshoot, then click Advanced options. Finally select the Change UEFI firmware settings option.
- Otherwise, you can also access the BIOS or UEFI of your machine by pressing one of the following keys as soon as your PC starts up (it all depends on the manufacturer of your motherboard): [F1], [F2], [F8], [F10], [F12] Where [Suppr]. On Microsoft Surface tablets, you must simultaneously press the volume button [+] and the button [Marche/arrêt].
After accessing UEFI from your PC, you should be able to access TPM settings. This is usually found in the Security section. It can be called quite simply TPM (TCM) as on the screenshot below, or Intel PTT, Intel Platform Trust Technology, AMD FTPM, AMD PSP TPM…
To enable TPM support, it all depends on the manufacturer of your device. Here are links to the most common manufacturers:
Can you add a TPM 2.0 chip to your PC that doesn’t have one?
On a desktop computer, it is quite possible to add a TPM 2.0 chip to a motherboard that does not have it. About ten years ago, the manufacturers had foreseen the blow by integrating in their motherboard a small expansion slot allowing to connect a TPM 2.0 chip. The operation is carried out in a handful of seconds and is even easier than adding more RAM or changing the graphics card.
But there are still two big snags:
- Firstly, TPM 2.0 chip prices soared since Microsoft announced the need for such a component to make Windows 11 work. While it cost around ten euros at the start of 2021, the TPM 2.0 chip has seen its price quintupled since June. An operation not really profitable: unless you have a motherboard and a very high-end processor dating from before 2016 (and again…), it is better to opt for a slightly more recent configuration.
- on the other hand, and this is the main problem: too few motherboard models are capable of accommodating a TPM 2.0 chip. Before 2016, the most expensive cards were equipped with it.
With Windows 11, can we cheat and do without a TPM 2.0 chip?
There is a way to get around this limitation by installing the operating system using the ISO file and not through Windows Update. So to install Windows 11 on a PC equipped with an old TPM chip. To find out how, do not hesitate to consult our tutorial to install Windows 11 on an incompatible PC without a TPM 2.0 chip.
Nevertheless, the users who will try the adventure will no longer benefit from future operating system updates. If we installed the OS on several non-eligible PCs and were able to benefit from two OS updates, we do not know when Microsoft will cut the bridges. It is possible that within a few months, it will no longer be possible to keep your operating system up to date. This will pose a problem, since it will no longer be possible to go back and revert to Windows 10 … Unless you reinstall everything, which is hardly practical.