hardware, ftpm, or ippt, it's all the same to me —

Here’s what you’ll need to upgrade to Windows 11

The TPM requirement has many Windows 10 users worried—often unnecessarily.

Since Microsoft's announcement of Windows 11 yesterday, one concern has reverberated around the web—what's this about a Trusted Platform Module requirement?

Windows 11 is the first Windows version to require a TPM, and most self-built PCs (and cheaper, home-targeted OEM PCs) don't have a TPM module on board. Although this requirement is a bit of a mess, it's not as onerous as millions of people have assumed. We'll walk you through all of Windows 11's announced requirements, including TPM—and make sure to note when all this is likely to be a problem.

General hardware requirements

尽管Windows 11撞件al hardware requirements up some from Windows 10's extremely lenient minimums, it will still be challenging to find a PC that doesn't meet most of these specifications. Here's the list:

  • CPU—1 GHz or faster, two or more cores, x86_64 or一个RM64only
  • RAM—4GiB or more
  • Storage—64GB minimum for installation... but we'd recommend atleast128GB for a vaguely normal system
  • Graphics—Compatible with DX12 or later, with WDDM 2.0 driver
  • Firmware—UEFI, Secure Boot capable
  • TPM—Trusted Platform Module 2.0 is listed as a minimum requirement; TPM 1.2 may or may not be "good enough"—but read on before throwing your hands up in despair!
  • Display—720p minimum resolution, nine-inch minimum diagonal measurement, 8 bits per color channel or higher

In addition to those hardware requirements, Windows 11 Home requires Internet connectivity and a Microsoft cloud account. The Microsoft account and Internet connectivity are only mandatory for Home—not Pro. No word yet on whether there will be a workaround, like the current "don't plug the network cable in until after setup" dance.

The CPU requirement may be more or less of a problem than it initially seems. Microsoft has a relatively short list of supported CPUs from three major manufacturers (AMD, Intel, and Qualcomm) that generally goes back to Ryzen 2500 or Intel 8th generation Core—no farther. We're not certain how trustworthy that list is, though. We strongly suspect Windows 11 will work fine on many considerably older processors.

If Microsoft codes a hardware requirement checklist into the installer or boot sequence, many CPUs that would have otherwise worked well will be unusable. This seems fairly unlikely, but (pardon the well-worn expression) only time will tell for certain.

一个closer look at the Trusted Platform Module requirement

fTPM support was disabled by default on this Asrock server board, but enabling it was a breeze—and the firmware-based TPM it provides satisfies Windows requirements just fine.
Enlarge /fTPM support was disabled by default on this Asrock server board, but enabling it was a breeze—and the firmware-based TPM it provides satisfies Windows requirements just fine.
Jim Salter

Most build-your-own-PC motherboards, even flagship boards, don't come with a hardware TPM module installed. However, most of those boardstheoretically support hardware TPM, with a special 19-pin header ready to plug one in. Honestly, it's a very niche, specialty device that few users have ever purchased.

一个t least, very few people bought optional hardware TPM until yesterday, after seeing the Windows 11 requirements and subsequently panicking. Within hours of Microsoft Chief Product Officer Panos Panay's Windows 11 introduction, the entire stockpile of most manufacturers' readily available TPM modules were sold out by Windows 10 users trying to make certain they could run 11.

If you didn't get one of the few TPM modules available yesterday, don't worry—you almost certainly don't need one. OEM hardware TPM is generally considered the most hardened version, and it's soldered directly to the board in PCs intended for enterprise use. Less-hardenedfirmwareTPM support is built right into modern AMD and Intel processors, and that will satisfy Windows 11's TPM requirement just fine.

It's a bit difficult to get a complete, accurate list of all CPUs with support for onboard, firmware-based TPM, largely because the demand for it was fairly low until this week. As far as we can see, every x86_64 CPU on Microsoft'ssupported processor listsincludes that support.

Intel calls its firmware-based TPM iPPT (Intel Platform Protection Technology), and AMD calls its own fTPM (Firmware Trusted Platform Module). Generally speaking, iPPT shows up in most Haswell (4th-gen Core) CPUs, although the K-series gaming models inexplicably fail to get iPPT until Skylake (6th-gen Core). On the AMD side, we see fTPM show up with Ryzen 2500 and up.

不过,还有一个问题来导航。Although the vast majority of semi-modern CPUs support firmware TPM, almost all motherboards ship with it disabled in BIOS. So you'll need a three-finger salute and a deep dive through the "advanced" part of your machine's BIOS to try to find and enable that support if you need it.

OEM motherboards are just as likely to have fTPM disabled by default—and unfortunately, they frequently don't expose the setting to enable it, even when the CPU otherwise supports it. If you have a pre-built system from Dell or HP that didn't include a hardware TPM, you could be stuck with no way forward.

To determine whether TPM support is available and working under Windows, run the commandtpm.msc. This will spawn a TPM dialog that shows whether you have TPM support and what version (1.2 or 2.0) it is. (You can also interact with the TPM by clearing or "preparing" it, but that's not something you need to do—orshould做—unless specifically asked. Messing with your TPM can permanently brick Bitlocker volumes, and it might even deactivate Windows in some cases.)

Let’s talk about UEFI and Secure Boot

Microsoft lists Universal Extensible Firmware Interface (UEFI) support and Secure Bootcapabilityas hard requirements for Windows 11. Much like with the CPU requirements, we're currently hesitant to take these requirements at face value.

The requirement for UEFI seems likely to be just what it says on the tin—no more legacy BIOS installs for anyone!—but there might be a slight odor of weasel in the phrasing "Secure Boot capability." We won't know for sure until Windows 11 Insider images start becoming available, but we suspect that "capability" is likely an important word. Secure Boot itself may not be mandatory.

If you're rocking a pre-built OEM PC, these requirements are not likely to affect you. Any system with both CPU and TPM support modern enough to run 11 will have UEFI firmware, and its current Windows 10 installation will be running on it.

But if you built your own PC, you may have an annoying problem. Most enthusiast boards allow booting from either BIOS or UEFI, and if you installed Windows under BIOS, you won't be able to simply convert it to UEFI. With enough determination and technical ability, it's possible to Frankenstein a BIOS installation of Windows into new life under UEFI, but it's simply not going to be worth it for most Windows users, who will need to do a clean reinstall.

The problem becomes even more significant for those running virtual machines. Several virtualization platforms (including Linux KVM) default to BIOS rather than UEFI boot for guests. It's simpler, it generally boots quicker, and it has been around a lot longer. Why fix what's not broken? If your daily driver Windows 10 VM is booting from BIOS, you'll be stuck with the same can't-get-there-from-here issues that PC builders who selected a BIOS boot had.

458 Reader Comments

  1. 一个t this point Windows, iOS, Android.... I don't really even pay attention to updates and I probably don't even know the versions for any of them.... I just update ASAP and roll on.

    There was a time when any upgrades I was super excited by and I'd spend hours dorking with the OS to see what I could do, customization.

    Now most OSs are so solid now that I just upgrade and do the things I'm there to do.
    3987 posts | registered
  2. 1st gen ryzen isn't that old is it? It's not listed as supported.
    350 posts | registered
  3. Will Microsoft do what they did for the Windows10 rollout and provide a handy checker to see if your system meets the requirements?
    3385 posts | registered
  4. Wow that's nuts...64GB minimum? Why is it so bloated...and how many DVDs does it take for the media now?

    I'm also curious about that TPM requirement still...what happens when it doesn't work? One of the reoccurring issues we see on work-issued laptops is after some updates they will stop working...first symptom is Windows claiming it doesn't have any valid cryptographic device for Hello PIN authentication and then if you reboot you can't boot at all because BitLocker won't accept your PIN nomater what. The fix seems to vary from "unplug the power cord and then boot up then plug it back in" to "drop it off at tech support and they will try and make it work again".

    I really hope this hell isn't coming to home users but it wouldn't surprise me if it does.
    8385 posts | registered
  5. I'm running an i5-6500 (with TPM actually) and a Surface Pro 3 (i5-4300u).

    Neither processor is on the list of supported processors, but the systems itself fall within the boundaries described in the article. I find this rather confusing.
    354 posts | registered
  6. 一个nyone remember all that "Against TCPA" thing 15y ago?
    54 posts | registered
  7. Quote:
    Most enthusiast boards allow booting from either BIOS or UEFI, and if you installed Windows under BIOS, you won't be able to simply convert it to UEFI. With enough determination and technical ability, it's possible to Frankenstein a BIOS installation of Windows into new life under UEFI, but it's simply not going to be worth it for most Windows users, who will need to do a clean reinstall.


    一个ctually,Windows now comes with the MBR2GPT.EXE toolto do exactly this. Supposedly, it can can do the conversion in-place by running "mbr2gpt.exe /convert /allowfullOS".Intel also recommends this approach as well.
    13 posts | registered
  8. JohnDeLwrote:
    Will Microsoft do what they did for the Windows10 rollout and provide a handy checker to see if your system meets the requirements?


    I was just about to ask the same thing. I'm mainly on the Apple side but it'd be handy for when my mom asks me about upgrading her laptop eventually.
    7835个帖子|注册
  9. Those are some demanding minimal specs....

    I run windows 10 for work on a Phenom II x4 (perfectly i must say) so i guess i will skip windows 11 (?).
    957 posts | registered
  10. From my perspective, having to turn TPM on in the BIOS is a feature not a bug.

    If Windows 11 turns out to be an exercise in network-all-the-things, unavoidable built-in apps, and other pointless widgets, then we can avoid forced upgrades simply by not changing the BIOS setting.

    I use Windows for the software that requires it, not for Windows.
    17 posts | registered
  11. Thanks for publishing this follow-up article. I was stunned by the TPM and CPU generation news yesterday, and I'm very glad that the requirements are probably not as strict and likely to obsolete perfectly good hardware as the initially seemed.

    I put all of the blame for confusion on Microsoft. It's not as if the official docs they published are unclear, apparently they're just wrong. ( https://download.microsoft.com/download ... s%2011.pdf ) When the official documentation says "REQUIRED", and the official compatibility-checker tool fails systems that don't meet the documented requirements, don't be surprised when people who read the documentation take that to mean it's actually a requirement.
    3922 posts | registered
  12. Guess my 2011 HP laptop - still running strong with a RAM upgrade to 8GB and SSD - won't be supported then as it still uses BIOS.
    2168 posts | registered
  13. I noticed a Windows Update earlier today. I'm on the Insider path. It let me know that my old AMD Phenom II + RX580 desktop does not meet the Windows 11 minimum specs. I'm not sure if that is due a lack of UEFI or TPM or both.

    edit: or if the issue is my Phenom II CPU.

    最后一次编辑whiteknaveon Fri Jun 25, 2021 3:28 pm

    2556 posts | registered
  14. Exnorwrote:
    Those are some demanding minimal specs....

    I run windows 10 for work on a Phenom II x4 (perfectly i must say) so i guess i will skip windows 11 (?).


    I would imagine it's to at least attempt to assure a guaranteed level of responsiveness and corresponding user experience. To try and stop people from installing it on their old Duron 750 MHz system and then bitching about how slow and horrible Windows 11 is.

    一个t least that's my "trying to be generous" take on it. I'm nursing my old i7-3770K system, complete with NVMe to PCI-Express slot card and modded BIOS, until DDR5 comes along, so if those minimum requirements are written in stone, looks like I'm on Win10 until Zen 4 comes along or whatever first supports DDR5.
    5509 posts | registered
  15. Can anyone help clarify why TPM is now a requirement if most manufacturers haven't bothered including it on consumer hardware to date?

    This could just be a case of manufacturers providing the minimum required spec, but what benefit should end users expect to receive with TPM being the new default?
    186 posts | registered
  16. Quote:
    Within hours of Microsoft Chief Product Officer Panos Panay's Windows 11 introduction, the entire stockpile of most manufacturers' readily available TPM modules were sold out by Windows 10 users trying to make certain they could run 11.

    But why? According to MS, Windows 11 will not be available as an update until sometime 2022, on prebuilds late 2021. I think?

    Unless you want it as an insider build, no rush.
    6026 posts | registered
  17. JohnDeLwrote:
    Will Microsoft do what they did for the Windows10 rollout and provide a handy checker to see if your system meets the requirements?

    The checker is available right now. https://aka.ms/GetPCHealthCheckApp
    23038 posts | registered
  18. Quote:
    The Microsoft account and Internet connectivity are only mandatory for Home—not Pro. No word yet on whether there will be a workaround, like the current "don't plug the network cable in until after setup" dance.

    Note to self: No Home Versions!

    I've already started the steps to swap to Linux (again). Only this time, I don't have a failing hard drive making my decisions for WHEN I pull that trigger.

    I'll be installing Linux on a separate drive, and use GRUB to access either Linux or Windows for the time being. I figure I have a couple of years to work out the kinks in Linux (unlike my last timeline, which was weeks at most). And if I decide to go all Linux, it won't be as painful as the last time I tried it.

    I don't expect to upgrade to Windows 11 if I can get Linux to work out. Then I have what I want in my computer - MY computer controlled by ME and not some profit-focused corporation who has zero shits to give about my "petty" issues with their products.

    I'll keep an eye on what the "upcoming features" are in Windows 11, but so far, I'm not terribly impressed.
    15430 posts | registered
  19. Quote:
    Most enthusiast boards allow booting from either BIOS or UEFI, and if you installed Windows under BIOS, you won't be able to simply convert it to UEFI. With enough determination and technical ability, it's possible to Frankenstein a BIOS installation of Windows into new life under UEFI, but it's simply not going to be worth it for most Windows users, who will need to do a clean reinstall.


    一个ctually,Windows now comes with the MBR2GPT.EXE toolto do exactly this. Supposedly, it can can do the conversion in-place by running "mbr2gpt.exe /convert /allowfullOS".Intel also recommends this approach as well.

    mbr2gpt didn't work for me. Your mileage may vary.
    1027 posts | registered
  20. Quote:
    Within hours of Microsoft Chief Product Officer Panos Panay's Windows 11 introduction, the entire stockpile of most manufacturers' readily available TPM modules were sold out by Windows 10 users trying to make certain they could run 11.

    But why? According to MS, Windows 11 will not be available as an update until sometime 2022, on prebuilds late 2021. I think?

    Unless you want it as an insider build, no rush.

    I mean...also there's lead time people trying to get things lined up (and given all the shortages seem to be happening don't blame them).
    8385 posts | registered
  21. JohnDeLwrote:
    Will Microsoft do what they did for the Windows10 rollout and provide a handy checker to see if your system meets the requirements?


    They already have. Linkhere. The URL is direct download link. It doesn't take you to an official MS page. The program is called PC Health Check.
    1087 posts | registered
  22. Quote:
    64GB minimum for installation... but we'd recommend at least 128GB for a vaguely normal system


    他们都笑了,当我打破了银行购买a 1TB SSD for my boot drive....

    But seriously, I'm curious what's taking up so much space. Does it install every driver up front?

    EDIT: Just looked at SSD prices, 1TB is pretty affordable at around $100 these days so 128GB base install is not as onerous as it was a few years ago.

    最后一次编辑jmathewon Fri Jun 25, 2021 3:36 pm

    78 posts | registered
  23. Fatesriderwrote:
    Quote:
    The Microsoft account and Internet connectivity are only mandatory for Home—not Pro. No word yet on whether there will be a workaround, like the current "don't plug the network cable in until after setup" dance.

    Note to self: No Home Versions!

    I've already started the steps to swap to Linux (again). Only this time, I don't have a failing hard drive making my decisions for WHEN I pull that trigger.

    I'll be installing Linux on a separate drive, and use GRUB to access either Linux or Windows for the time being. I figure I have a couple of years to work out the kinks in Linux (unlike my last timeline, which was weeks at most). And if I decide to go all Linux, it won't be as painful as the last time I tried it.

    I don't expect to upgrade to Windows 11 if I can get Linux to work out. Then I have what I want in my computer - MY computer controlled by ME and not some profit-focused corporation who has zero shits to give about my "petty" issues with their products.

    I'll keep an eye on what the "upcoming features" are in Windows 11, but so far, I'm not terribly impressed.

    Interesting wonder what they do to handle people who are home users without consistent or reliable internet access...I know some people who can't get internet at home and will bring their personal laptop to the office to sit on the guest-network and download updates every few months. Beyond that its a standalone machine.
    8385 posts | registered
  24. ah thanks for the heads up on my z370 pro gaming i was able to enable ptt and now its showing windows 11 compatible
    17 posts | registered
  25. Quote:
    I don't know what aka.ms is...may look into it more when I get home...

    aka.ms is Microsoft's URL shortener (like goo.gl is for Google)
    23038 posts | registered
  26. Quote:
    Windows 11 Home requires Internet connectivity and a Microsoft cloud account. The Microsoft account and Internet connectivity are only mandatory for Home ... No word yet on whether there will be a workaround, like the current "don't plug the network cable in until after setup" dance.

    Something about slow boiling pot and frog.
    6556 posts | registered
  27. 做rkbertwrote:
    Quote:
    Windows 11 Home requires Internet connectivity and a Microsoft cloud account. The Microsoft account and Internet connectivity are only mandatory for Home ... No word yet on whether there will be a workaround, like the current "don't plug the network cable in until after setup" dance.

    Something about slow boiling pot and frog.


    Yeah, while I do connect to One Drive and run Office 365 while logged in to my Microsoft account, I做notuse my Microsoft account to authenticate to the PC.
    2168 posts | registered
  28. I think this TPM requirement will be removed/lessened. Lots of folks have very good for their use hardware with no reason to upgrade.

    My I5-4690K, 16gb ram, SSD system is more than fast enough for all the things I do, and I have no interest in upgrading in 3 years (cause it will still be fine for everything I do).

    Oh, thanks Intel for skimping on the TPM in your i5 4690K -- so much for paying more for the "enthusiast" k-type chip.

    edit: If this requirement stands, and my perfectly good hardware is not supported, i guess I will switch to MacOS when Windows 10 is EOL (Windows ARM I bet will be available for it by then if I need windows)

    最后一次编辑foofoo22on Fri Jun 25, 2021 5:00 pm

    1180 posts | registered
  29. foofoo22wrote:
    I think this TPM requirement will be removed/lessened. Lots of folks have very good for their use hardware with no reason to upgrade.

    My I5-4690K, 16gb ram, SSD system is more than fast enough for all the things I do, and I have no interest in upgrading.

    Oh and thanks Intel for skimping on the TPM in your i5 4690K -- so much for paying more for the "enthusiast" type chip.

    The requirement will most likely not be lessened seeing that the health thingie referred to above specifically states that I (due to secure boot not being active) don't qualify for 11 but I don't have to worry I'll keep getting win 10 updates.
    1190 posts | registered
  30. Can't wait to see how this plays with the virtual environment my company has been rolling out over the past ~6 months.
    My bet is badly.
    141 posts | registered
  31. Is there a possibility this is the "Designed for Windows" Window sticker requirements for windows 11? I know in the past there were stricter requirements on what systems could show the sticker versus what it would install and run on?

    Hum I've been looking at spending money on a new car, Will probably wait for Windows 11 to be offered at the places I get a PC before a get a new one. 6700k with a 2060 super has been plenty so far.
    tc

    最后一次编辑tcowheron Fri Jun 25, 2021 3:43 pm

    1582 posts | registered
  32. I was able to flip on iPPT this morning and confirmed that it enabled BitLocker support and passed the Windows 11 check. This was of course after an hour of scouring shops for the correct TPM for my board only to come up empty
    1058 posts | registered
  33. Can anyone help clarify why TPM is now a requirement if most manufacturers haven't bothered including it on consumer hardware to date?

    This could just be a case of manufacturers providing the minimum required spec, but what benefit should end users expect to receive with TPM being the new default?


    Microsoft has required TPM be present and enabled on new systems since 2016. Intel has built it into their CPUs since Haswell, and AMD since Steamroller. TPM itself has been around for about 15 years. For consumers, the main advantage is that it permits secure storage of encryption keys, generation of secure random numbers and encryption keys, remote attestation (i.e., hardware and software on the machine can be verified that they are what they say they are), and securing the chain of trust from boot to application. All around, it's a big security win, which is why MS is forcing it.

    最后一次编辑Bad Monkey!on Fri Jun 25, 2021 3:48 pm

    18136 posts | registered
  34. Regarding the 64 GB vs 128 GB of storage, are we talking final install size on disk, or how much free space overhead you need to run the update?
    5926 posts | registered
  35. Quote:
    Intel calls its firmware-based TPM iPPT (Intel Platform Protection Technology), and AMD calls its own fTPM (Firmware Trusted Platform Module). Generally speaking, iPPT shows up in most Haswell (4th-gen Core) CPUs, although the K-series gaming models inexplicably fail to get iPPT until Skylake (6th-gen Core). On the AMD side, we see fTPM show up with Ryzen 2500 and up.


    Let's call out Microsoft on what this really is, a clusterfuck.

    一个fter digging around in my UEFI for an hour, making sure it was up to date and discovering no way of enabling firmware TPM, my only path is a physical module plugged into a slot. I have the slot for a module that Microsoft have now created a chip shortage for.

    If Microsoft want people on Windows 11, this is possibly one of the dumbest ways. It ensures adoption is slow or 11 is completely ignored.

    The TPM requirement needs to be dropped.

    edit: some words

    最后一次编辑sonolumion Fri Jun 25, 2021 4:02 pm

    3574 posts | registered
  36. I'm running an i7-3770k in my desktop, so I'm not sure if it's supported or if there's anyway to enable TPM, I'll have to check on that. Will be a shame if I can't upgrade it, considering the machine still runs like a champ.
    1485 posts | registered
  37. Quote:
    and if you installed Windows under BIOS, you won't be able to simply convert it to UEFI.


    I did this just this morning using mbr2gpt.exe and the /allowFullOS switch on my Windows 10 boot drive. After a reboot, I was able to disable CSM support in my firmware.

    Edit: I noticed that the conversion created a new EFI System partition. For the folks where it failed, maybe you need a small amount of free unallocated space on your boot drive for it to work.

    最后一次编辑LDA 6502on Fri Jun 25, 2021 4:23 pm

    310 posts | registered
  38. Man it's hard to believe that my i7-6700K is not a "supported cpu"
    899 posts | registered

You mustto comment.

Channel一个rs Technica