Recently, Microsoft revealed that TPM 2.0 based chips is required as minimum for the installation of Windows 11 OS. Read on to know more…
Recently, Microsoft disclosed that its new Windows 11 Operating System (OS) will require TPM (Trusted Platform Module) chips on both existing and future devices. It’s a big hardware update from several years, but Microsoft’s update has left several users wondering if their hardware system is compatible. What is TPM, and why do you need one for Windows 11? Let’s find out…
About TPM
Trusted Platform Module and is a secure cryptoprocessor with an inbuilt cryptographic key that secures a computer. Since the cryptographic keys are hardcoded inside a hardware chip, it’s impossible to modify unless the hacker somehow knows exactly what those keys are in advance.
Inside the computer, the TPM chip communicates with other security systems. To grant users access, all devices must communicate with the TPM, whether it’s a fingerprint reader or Windows Hello facial recognition system.
Not only will your security systems requires a TPM, but programs like Outlook, Firefox, and Chrome also uses it.
TPMs and Security
TPMs are already used to provide security features at the operating system level. On a newer laptop, have you tried the Windows Hello face-recognition login feature? That necessitates the use of a TPM.
TPM 1.2 chips have been around since 2011, although they’ve mostly been used in IT-managed corporate laptops and PCs. Now, Microsoft plans to ensure that everyone who uses new Windows OS has the same level of security, even though it’s not always perfect.
As a matter of fact, it’s all about security. TPMs work by providing hardware-level protection rather than just software-level protection. TPM can be used to encrypt storage devices using Windows features such as BitLocker, and also secure passwords against dictionary based attacks.
Microsoft’s Advocacy of TPM
David Weston, Director of Enterprise and OS Security at Microsoft, explains “The Trusted Platform Modules (TPM) is a chip that is either integrated into your PC’s motherboard or added separately into the CPU,”
“Its purpose is to protect encryption keys, user credentials, and other sensitive data behind a hardware barrier so that malware and attackers can’t access or tamper with that data.”
For months, Microsoft has warned that firmware attacks are increasing. Weston said “Our own Security Signals report found that 83 percent of businesses experienced a firmware attack, and only 29 percent are allocating resources to protect this critical layer,”
Even though the 83% is a big number, the wide breadth of attacks becomes evident when you consider the different phishing, ransomware, supply chain, and IoT vulnerabilities that exist. Nowadays, ransomware attacks make news on a weekly basis, with ransomware being common, making it a challenging challenge to overcome. In that direction, TPMs can resolve the issues to some extent, but Microsoft is betting that a combination of latest CPUs, Secure Boot, and its virtualization protections can minimise the ransomware attacks.
Microsoft is doing its part, especially as Windows is the platform that is most frequently targeted by these attacks. Microsoft OS is widely utilised by organisations all over the world, with current installations over 1.3 billion Windows 10 machines.
Weston said in the blog “PCs of the future need this modern hardware root-of-trust to help protect from both common and sophisticated attacks like ransomware and more sophisticated attacks from nation-states,”
“Requiring the TPM 2.0 elevates the standard for hardware security by requiring that built-in root-of-trust.”
A Brief Conclusion
Microsoft could further segregate the Windows experience with Windows 11 and future TPM versions. This might include introducing new TPM-required features, as well as delivering further locked-down Windows versions similar to the current Windows 10 S Mode. This won’t be a issue for most users. However, this is something users will have to consider if they are planning to Windows 11 as soon as it’s released.