Well guess what, Microsoft has decided Windows 11 is going to require TPM (Trusted Platform Module) in order to run it. Thats right, while OEM’s have been providing TPM in there PC’s for a few years now everyone that built DIY PC’s will need to provide support.
While all mainstream motherboard manufactures have been providing TPM support in the form of headers and bios support, PC builders will need to buy a TPM module to install in their motherboards TPM header and enable it in the bios to run Windows 11.
I smell the next PC Part shortage coming… in the format of TPM modules. What are your thoughts on the matter, is Microsoft right to require this? Are you ok with having to install a TPM module? Comment below.
Yeah I found that as well, plus you need to look out for secure boot and that your OS partition is using gpt (hopefully it is for most people). Easier than buying a hardware module though
Been quite a few years since the TPM chip was in the buzz-fizz.
Smells like they are turning like apple on how to lock things in. For the desktop, there’s already TPM-headers on plenty on boards, not completely sure they will be in short supply tho, the mediocre user I would guess would grab a new machine, companies continue on with current stock and buy adjusted hw for next period - perhaps they can boast a HW bundle… (sarcastic and realistic at the same time, scary).
I am unaware of any implementations with the CPU. In chipets yes by intel, and a close variation as firmware TPM’s that executes within the CPU’s trusted execution environment .
Many motherboards support a TPM socket even if they also have CPU fTPM support. Some people move the TPM from board to board. They can be used to store things besides Bitlocker keys, like the private keys and certificates for web servers. So these people want a removable TPM they can move around like a USB drive.
So just because there is a TPM socket on the board does not mean that you need to use it.
Well, if it’s not just a firmware jinx to be used, you need the hardware for it in my understanding. Any additional light you can shed on my statement?
For example, this desktop PC I am using right now is a Ryzen 5950 on an ASUS X570-PRO motherboard. This board has a TPM socket, but I am using the fTPM support of the Ryzen. This has to be enabled in the BIOS and is not on by default.
Works fine in Linux and Windows.
I have no idea what you meant by “a firmware jinx”.
I just hope MS’s requirement of TPM means that they have fixed some of the ‘bugs’ that exist in their hardware products.
We have been using TPM enabled systems for years, mostly Dell Latitude laptops and Surface Pro’s…
We have had to be careful when upgrading bios in the Dell’s and sometimes just patching the Surface Pro.
Bitlocker comes up in recovery mode claiming that the TPM chip has changed. Usually if you suspend bitlocker during the upgrade it is ok, but
as a result some folks on or staff are very hesitant to do firmware updates after a system is deployed.
Part of how Bitlocker works in ensuring that the boot process was secure is knowing if any change to the boot process has occurred. Even things like the BIOS taking a few seconds longer to do something than before will trip Bitlocker. Upgrading BIOS will for sure trip Bitlocker. Sometimes even just upgrading Windows will trip Bitlocker. Swapping out hardware? Bitlocker will trip. Anytime you’re going to be changing anything to the boot process you should either have your key handy, or better yet, just suspend Bitlocker.