Since Microsoft's announcement of Windows 11 yesterday, one concern has reverberated around the web—what's this about a Trusted Platform Module requirement?
Windows 11 is the first Windows version to require a TPM, and most self-built PCs (and cheaper, home-targeted OEM PCs) don't have a TPM module on board. Although this requirement is a bit of a mess, it's not as onerous as millions of people have assumed. We'll walk you through all of Windows 11's announced requirements, including TPM—and make sure to note when all this is likely to be a problem.
General hardware requirements
尽管Windows 11撞一般硬件要求uirements up some from Windows 10's extremely lenient minimums, it will still be challenging to find a PC that doesn't meet most of these specifications. Here's the list:
- CPU—1 GHz or faster, two or more cores, x86_64 or一个RM64only
- RAM—4GiB or more
- Storage—64GB minimum for installation... but we'd recommend atleast128GB for a vaguely normal system
- Graphics—Compatible with DX12 or later, with WDDM 2.0 driver
- Firmware—UEFI, Secure Boot capable
- TPM—Trusted Platform Module 2.0 is listed as a minimum requirement; TPM 1.2 may or may not be "good enough"—but read on before throwing your hands up in despair!
- Display—720p minimum resolution, nine-inch minimum diagonal measurement, 8 bits per color channel or higher
In addition to those hardware requirements, Windows 11 Home requires Internet connectivity and a Microsoft cloud account. The Microsoft account and Internet connectivity are only mandatory for Home—not Pro. No word yet on whether there will be a workaround, like the current "don't plug the network cable in until after setup" dance.
The CPU requirement may be more or less of a problem than it initially seems. Microsoft has a relatively short list of supported CPUs from three major manufacturers (AMD, Intel, and Qualcomm) that generally goes back to Ryzen 2500 or Intel 8th generation Core—no farther. We're not certain how trustworthy that list is, though. We strongly suspect Windows 11 will work fine on many considerably older processors.
If Microsoft codes a hardware requirement checklist into the installer or boot sequence, many CPUs that would have otherwise worked well will be unusable. This seems fairly unlikely, but (pardon the well-worn expression) only time will tell for certain.
一个closer look at the Trusted Platform Module requirement
Most build-your-own-PC motherboards, even flagship boards, don't come with a hardware TPM module installed. However, most of those boards做theoretically support hardware TPM, with a special 19-pin header ready to plug one in. Honestly, it's a very niche, specialty device that few users have ever purchased.
一个t least, very few people bought optional hardware TPM until yesterday, after seeing the Windows 11 requirements and subsequently panicking. Within hours of Microsoft Chief Product Officer Panos Panay's Windows 11 introduction, the entire stockpile of most manufacturers' readily available TPM modules were sold out by Windows 10 users trying to make certain they could run 11.
If you didn't get one of the few TPM modules available yesterday, don't worry—you almost certainly don't need one. OEM hardware TPM is generally considered the most hardened version, and it's soldered directly to the board in PCs intended for enterprise use. Less-hardenedfirmwareTPM support is built right into modern AMD and Intel processors, and that will satisfy Windows 11's TPM requirement just fine.
It's a bit difficult to get a complete, accurate list of all CPUs with support for onboard, firmware-based TPM, largely because the demand for it was fairly low until this week. As far as we can see, every x86_64 CPU on Microsoft'ssupported processor listsincludes that support.
Intel calls its firmware-based TPM iPPT (Intel Platform Protection Technology), and AMD calls its own fTPM (Firmware Trusted Platform Module). Generally speaking, iPPT shows up in most Haswell (4th-gen Core) CPUs, although the K-series gaming models inexplicably fail to get iPPT until Skylake (6th-gen Core). On the AMD side, we see fTPM show up with Ryzen 2500 and up.
There is one more gotcha to navigate, though. Although the vast majority of semi-modern CPUs support firmware TPM, almost all motherboards ship with it disabled in BIOS. So you'll need a three-finger salute and a deep dive through the "advanced" part of your machine's BIOS to try to find and enable that support if you need it.
OEM motherboards are just as likely to have fTPM disabled by default—and unfortunately, they frequently don't expose the setting to enable it, even when the CPU otherwise supports it. If you have a pre-built system from Dell or HP that didn't include a hardware TPM, you could be stuck with no way forward.
To determine whether TPM support is available and working under Windows, run the commandtpm.msc
. This will spawn a TPM dialog that shows whether you have TPM support and what version (1.2 or 2.0) it is. (You can also interact with the TPM by clearing or "preparing" it, but that's not something you need to do—orshould做—unless specifically asked. Messing with your TPM can permanently brick Bitlocker volumes, and it might even deactivate Windows in some cases.)
Let’s talk about UEFI and Secure Boot
Microsoft lists Universal Extensible Firmware Interface (UEFI) support and Secure Bootcapabilityas hard requirements for Windows 11. Much like with the CPU requirements, we're currently hesitant to take these requirements at face value.
The requirement for UEFI seems likely to be just what it says on the tin—no more legacy BIOS installs for anyone!—but there might be a slight odor of weasel in the phrasing "Secure Boot capability." We won't know for sure until Windows 11 Insider images start becoming available, but we suspect that "capability" is likely an important word. Secure Boot itself may not be mandatory.
If you're rocking a pre-built OEM PC, these requirements are not likely to affect you. Any system with both CPU and TPM support modern enough to run 11 will have UEFI firmware, and its current Windows 10 installation will be running on it.
But if you built your own PC, you may have an annoying problem. Most enthusiast boards allow booting from either BIOS or UEFI, and if you installed Windows under BIOS, you won't be able to simply convert it to UEFI. With enough determination and technical ability, it's possible to Frankenstein a BIOS installation of Windows into new life under UEFI, but it's simply not going to be worth it for most Windows users, who will need to do a clean reinstall.
The problem becomes even more significant for those running virtual machines. Several virtualization platforms (including Linux KVM) default to BIOS rather than UEFI boot for guests. It's simpler, it generally boots quicker, and it has been around a lot longer. Why fix what's not broken? If your daily driver Windows 10 VM is booting from BIOS, you'll be stuck with the same can't-get-there-from-here issues that PC builders who selected a BIOS boot had.
458 Reader Comments
There was a time when any upgrades I was super excited by and I'd spend hours dorking with the OS to see what I could do, customization.
Now most OSs are so solid now that I just upgrade and do the things I'm there to do.
I'm also curious about that TPM requirement still...what happens when it doesn't work? One of the reoccurring issues we see on work-issued laptops is after some updates they will stop working...first symptom is Windows claiming it doesn't have any valid cryptographic device for Hello PIN authentication and then if you reboot you can't boot at all because BitLocker won't accept your PIN nomater what. The fix seems to vary from "unplug the power cord and then boot up then plug it back in" to "drop it off at tech support and they will try and make it work again".
I really hope this hell isn't coming to home users but it wouldn't surprise me if it does.
Neither processor is on the list of supported processors, but the systems itself fall within the boundaries described in the article. I find this rather confusing.
一个ctually,Windows now comes with the MBR2GPT.EXE toolto do exactly this. Supposedly, it can can do the conversion in-place by running "mbr2gpt.exe /convert /allowfullOS".Intel also recommends this approach as well.
I was just about to ask the same thing. I'm mainly on the Apple side but it'd be handy for when my mom asks me about upgrading her laptop eventually.
I run windows 10 for work on a Phenom II x4 (perfectly i must say) so i guess i will skip windows 11 (?).
If Windows 11 turns out to be an exercise in network-all-the-things, unavoidable built-in apps, and other pointless widgets, then we can avoid forced upgrades simply by not changing the BIOS setting.
I use Windows for the software that requires it, not for Windows.
I put all of the blame for confusion on Microsoft. It's not as if the official docs they published are unclear, apparently they're just wrong. ( https://download.microsoft.com/download ... s%2011.pdf ) When the official documentation says "REQUIRED", and the official compatibility-checker tool fails systems that don't meet the documented requirements, don't be surprised when people who read the documentation take that to mean it's actually a requirement.
edit: or if the issue is my Phenom II CPU.
Last edited bywhiteknaveon Fri Jun 25, 2021 3:28 pm
I run windows 10 for work on a Phenom II x4 (perfectly i must say) so i guess i will skip windows 11 (?).
I would imagine it's to at least attempt to assure a guaranteed level of responsiveness and corresponding user experience. To try and stop people from installing it on their old Duron 750 MHz system and then bitching about how slow and horrible Windows 11 is.
一个t least that's my "trying to be generous" take on it. I'm nursing my old i7-3770K system, complete with NVMe to PCI-Express slot card and modded BIOS, until DDR5 comes along, so if those minimum requirements are written in stone, looks like I'm on Win10 until Zen 4 comes along or whatever first supports DDR5.
This could just be a case of manufacturers providing the minimum required spec, but what benefit should end users expect to receive with TPM being the new default?
But why? According to MS, Windows 11 will not be available as an update until sometime 2022, on prebuilds late 2021. I think?
Unless you want it as an insider build, no rush.
The checker is available right now. https://aka.ms/GetPCHealthCheckApp
Note to self: No Home Versions!
I've already started the steps to swap to Linux (again). Only this time, I don't have a failing hard drive making my decisions for WHEN I pull that trigger.
I'll be installing Linux on a separate drive, and use GRUB to access either Linux or Windows for the time being. I figure I have a couple of years to work out the kinks in Linux (unlike my last timeline, which was weeks at most). And if I decide to go all Linux, it won't be as painful as the last time I tried it.
I don't expect to upgrade to Windows 11 if I can get Linux to work out. Then I have what I want in my computer - MY computer controlled by ME and not some profit-focused corporation who has zero shits to give about my "petty" issues with their products.
I'll keep an eye on what the "upcoming features" are in Windows 11, but so far, I'm not terribly impressed.
一个ctually,Windows now comes with the MBR2GPT.EXE toolto do exactly this. Supposedly, it can can do the conversion in-place by running "mbr2gpt.exe /convert /allowfullOS".Intel also recommends this approach as well.
mbr2gpt didn't work for me. Your mileage may vary.
But why? According to MS, Windows 11 will not be available as an update until sometime 2022, on prebuilds late 2021. I think?
Unless you want it as an insider build, no rush.
I mean...also there's lead time people trying to get things lined up (and given all the shortages seem to be happening don't blame them).
They already have. Linkhere. The URL is direct download link. It doesn't take you to an official MS page. The program is called PC Health Check.
他们都笑了,当我打破了银行购买a 1TB SSD for my boot drive....
But seriously, I'm curious what's taking up so much space. Does it install every driver up front?
EDIT: Just looked at SSD prices, 1TB is pretty affordable at around $100 these days so 128GB base install is not as onerous as it was a few years ago.
Last edited byjmathewon Fri Jun 25, 2021 3:36 pm
Note to self: No Home Versions!
I've already started the steps to swap to Linux (again). Only this time, I don't have a failing hard drive making my decisions for WHEN I pull that trigger.
I'll be installing Linux on a separate drive, and use GRUB to access either Linux or Windows for the time being. I figure I have a couple of years to work out the kinks in Linux (unlike my last timeline, which was weeks at most). And if I decide to go all Linux, it won't be as painful as the last time I tried it.
I don't expect to upgrade to Windows 11 if I can get Linux to work out. Then I have what I want in my computer - MY computer controlled by ME and not some profit-focused corporation who has zero shits to give about my "petty" issues with their products.
I'll keep an eye on what the "upcoming features" are in Windows 11, but so far, I'm not terribly impressed.
Interesting wonder what they do to handle people who are home users without consistent or reliable internet access...I know some people who can't get internet at home and will bring their personal laptop to the office to sit on the guest-network and download updates every few months. Beyond that its a standalone machine.
aka.ms is Microsoft's URL shortener (like goo.gl is for Google)
Something about slow boiling pot and frog.
Something about slow boiling pot and frog.
Yeah, while I do connect to One Drive and run Office 365 while logged in to my Microsoft account, I做notuse my Microsoft account to authenticate to the PC.
My I5-4690K, 16gb ram, SSD system is more than fast enough for all the things I do, and I have no interest in upgrading in 3 years (cause it will still be fine for everything I do).
Oh, thanks Intel for skimping on the TPM in your i5 4690K -- so much for paying more for the "enthusiast" k-type chip.
edit: If this requirement stands, and my perfectly good hardware is not supported, i guess I will switch to MacOS when Windows 10 is EOL (Windows ARM I bet will be available for it by then if I need windows)
Last edited byfoofoo22on Fri Jun 25, 2021 5:00 pm
My I5-4690K, 16gb ram, SSD system is more than fast enough for all the things I do, and I have no interest in upgrading.
Oh and thanks Intel for skimping on the TPM in your i5 4690K -- so much for paying more for the "enthusiast" type chip.
The requirement will most likely not be lessened seeing that the health thingie referred to above specifically states that I (due to secure boot not being active) don't qualify for 11 but I don't have to worry I'll keep getting win 10 updates.
My bet is badly.
Hum I've been looking at spending money on a new car, Will probably wait for Windows 11 to be offered at the places I get a PC before a get a new one. 6700k with a 2060 super has been plenty so far.
tc
Last edited bytcowheron Fri Jun 25, 2021 3:43 pm
This could just be a case of manufacturers providing the minimum required spec, but what benefit should end users expect to receive with TPM being the new default?
Microsoft has required TPM be present and enabled on new systems since 2016. Intel has built it into their CPUs since Haswell, and AMD since Steamroller. TPM itself has been around for about 15 years. For consumers, the main advantage is that it permits secure storage of encryption keys, generation of secure random numbers and encryption keys, remote attestation (i.e., hardware and software on the machine can be verified that they are what they say they are), and securing the chain of trust from boot to application. All around, it's a big security win, which is why MS is forcing it.
Last edited byBad Monkey!on Fri Jun 25, 2021 3:48 pm
Let's call out Microsoft on what this really is, a clusterfuck.
一个fter digging around in my UEFI for an hour, making sure it was up to date and discovering no way of enabling firmware TPM, my only path is a physical module plugged into a slot. I have the slot for a module that Microsoft have now created a chip shortage for.
If Microsoft want people on Windows 11, this is possibly one of the dumbest ways. It ensures adoption is slow or 11 is completely ignored.
The TPM requirement needs to be dropped.
edit: some words
Last edited bysonolumion Fri Jun 25, 2021 4:02 pm
I did this just this morning using mbr2gpt.exe and the /allowFullOS switch on my Windows 10 boot drive. After a reboot, I was able to disable CSM support in my firmware.
Edit: I noticed that the conversion created a new EFI System partition. For the folks where it failed, maybe you need a small amount of free unallocated space on your boot drive for it to work.
Last edited byLDA 6502on Fri Jun 25, 2021 4:23 pm
You mustlogin or create an accountto comment.