How TPM will make Windows 11 more secure

TPM secure Windows 11

TPM is one of the prerequisites to be able to install Windows 11 and that’s because Microsoft wants to double down on security. Windows as a platform have borne the brunt of cyberattacks on businesses and individuals alike.

This had prompted the introduction of features like Windows Hello to curb spoofing and add another layer of security. TPM has been around for years now since the introduction of Windows 10, mandating OEMs to release computers with support for TPM but not as a requirement for users.

Advertisement - Continue reading below

Hence, your current PC might have TPM inside but not turned on or even running it by default without you knowing. So what exactly is TPM? TPM is a chip embedded in your system motherboard that provides hardware-based security functions. It operates as a cryptographic processor by helping to generate, store and control the use of cryptographic keys.


Read More: Installing the Windows 11 Preview


In addition, TPM has security measures that makes it resistant to physical tampering and inaccessible to malicious software. By so doing, it provides security and privacy to the computer hardware and its users. TPM works behind the scenes, they receive inputs like PIN for safekeeping, encrypt passwords and return responses based on different protocols. Moreso, it works with Windows Hello to provide a deeper and broader degree of security coverage.

How Does TPM 2.0 make Windows 11 Secure?

To be clear, Windows 11 prerequisite is TPM 2.0 and not TPM 1.2 so all the features here are that of TPM 2.0 and there might be some reiteration of the general purpose of a TPM including that of TPM 1.2 as mentioned earlier. Also, you might or might not have some of these features running on your system already. That being said, let’s get right into it.

  • TPM protects encryption keys, user credentials, and other sensitive data from cyberattack under a hardware firewall.
  • For measured boot which protects your system against rootkit and other malware by checking startup component from firmware to boot drivers to be stored in the TPM.
  • From Windows 10 upward, device encryption requires TPM 2.0 as it requires connected standby certification.
  • TPM 2.0 is required for Windows Defender System Guard which uses it to protect critical resources like authentication stack, Windows Hello biometric stack and single sign-on tokens. Also, it uses the TPM to validate system integrity through local and remote attestation as well as maintaining integrity of the system as it starts up.
  • TPM 2.0 gives enhanced security for Credential Guard which uses virtualization-based security to isolate secrets so only privileged system software can access them.
  • TPM is also required to perform Device Health Attestation which allows for more security through hardware monitoring and attested security.
  • You can also use the TPM has a virtual smart card for two factor authentication.
  • TPM 2.0 is needed for SecureBio functionality on Windows 11.

For Windows 11, not just any TPM is required, you must have TPM 2.0 running on your system to be able to use Windows 11. If your system has TPM it is either 1.2 or 2.0 and the latter is what you want in this case. Unlike TPM 1.2 that only supports RSA and SHA-1 algorithm which for security reasons is no longer supported by some institutions including Google and Microsoft. On the other hand, TPM 2.0 supports more and newer cryptographic algorithms.

To learn more about whether you will be able to upgrade to Windows 11, here’s how to find out.