The new version of Windows requires the presence of the latest-generation security module. The good news is that your computer is likely to have such a component already.
To be able to install Windows 11 on a computer, it will be necessary to respect a minimum hardware configuration. This specifies, among other things, the presence of a “Trusted Platform Module” (TPM) in version 2.0. A TPM is a cryptographic safe that allows you to create, manage and store secret keys and very sensitive system data. This component makes it possible to create a computing space totally separate from that of the operating system and access to its data is highly secure, in order to protect as much as possible from a possible hacker who might infect the machine.
Used by BitLocker to encrypt disks
Within Windows 10 the TPM is used in different ways. It is used to encrypt hard drive data, whether as part of “BitLocker Drive Encryption” (available on Pro and Enterprise versions) or its watered-down “Device Encryption” version (available on Windows consumer versions). As part of a process called “Measured Boot”, it also allows you to monitor and verify the various stages of machine startup.
The TPM also makes it possible to generate and store secret keys and cryptographic data for system applications (“Platform Crypto Provider”), and in particular for Windows Hello, the biometric access control function, and Windows Defender, the anti-security software. -malware from Windows. In professional environments, the TPM can also play the role of a smart card (“Virtual Smart Card”) and protect access tokens to various company resources (“Credential Guard”). According to Microsoft, using these different protective measures would reduce the probability of being infected with malware by 60%.
A component now very common
In short, TPM is today an essential security brick on which more and more features of Windows and third-party applications are based. And under Windows 11, this component will inevitably gain in importance. To run Windows 10, the presence of a TPM 2.0 is not mandatory. However, Microsoft has forced its manufacturing partners to integrate one systematically since July 2016. If your PC is not too old, then there is a good chance that you have one. If it is not enabled, you can do so through your UEFI BIOS menu.
What does a TPM actually look like? In the past, these components have systematically taken the form of a stand-alone chip, soldered to the motherboard, and connected by an LPC or SPI bus. With version 2.0, this module can also be implemented at the firmware level as a separate execution space. These “firmware TPM” (or fTPM) save space on the motherboard and save energy while having a similar level of security. It is the most common form of TPM and the major chip vendors have such technology. It is called “Platform Trust Technology” (PTT) at Intel, “fTPM” at AMD, and “TrustZone” at ARM.
Windows upgrades from mobile OS
If Microsoft now requires the presence of a TPM 2.0 for Windows 11, it is to raise the general level of security of its operating system. As computer attacks become more and more sophisticated, bypassing a cryptographic vault today would be suicidal. The actors of the mobile world have understood it well. Android and iOS smartphones have had a kind of TPM for years, called “TrustZone” and “Secure Enclave” respectively. Moreover, Microsoft cannot be satisfied with the previous version of TPM 1.2, whose services offered have become obsolete. Indeed, it only integrated the SHA-1 and RSA cryptographic algorithms, knowing that AES was optional. Its successor offers a much stronger palette, adding SHA-256, ECC, HMAC, and 128-bit AES.
We are here to hear from you
Of course, you can contact us to let us know if we are missing something on our stepphase.com page. I hope you like it and by the way, thank you for your visit.
Have a good day! See you all soon.
It may interest you
Source : Microsoft