Wednesday, May 18

What is TPM? This is what you need to know to run Windows 11 | Digital Trends Spanish

Microsoft just announced Windows 11, and many computer manufacturers are being affected by a strange system requirement: TPM 2.0. Very good, butwhat is TPM? the Trust Platform Module, is a dedicated processor that handles encryption at the hardware level. It is the chip that allows you to use biometric data to log into Windows and encrypt it on your device.

You will be interested in:

Still, it is difficult to understand what a TPM is and, more importantly, why you need one for Windows. We tell you everything you need to know before preparing your computer to run Windows 11.

What is TPM?

A TPM is a chip that lives on the motherboard of your computer. It is a dedicated processor that handles the encryption, which contains part of the secret key that is needed to decrypt the data on your device and access services. In the case of the upcoming Windows 11, the TPM can store things like your biometrics for Windows Hello and part of the encryption key for BitLocker.

However, that is not the only purpose of a TPM. It can store any part of a secret that you need to decrypt, regardless of whether it is a password, a certificate, or an encryption key. Also, the TPM stores this information on actual hardware, not through software. That means that software attacks cannot expose the secrets that you have stored in the TPM.

A dedicated TPM further increases security with a static Backup Key (EK) certificate. This certificate lives in the module and never changes, verifying that any component that communicates with the TPM is, in fact, communicating with the TPM.

In short, a TPM helps you protect your most sensitive data. Because the device resides on your motherboard, it doesn’t need to communicate with any server or require additional off-site authentication. It is a device that helps to show that you are who you say you are and that you are accessing a computer that you own.

Why do you need TPM for Windows

Laptop with new Windows 11 image

It is not difficult to understand what a TPM does, but its application in Windows is a bit complicated. As mentioned, Windows 10 and Windows 11 use the TPM for BitLocker and Windows Hello disk encryption. However, the integration with Windows is much deeper, which has caused some confusion with Windows 11, which requires a TPM 2.0 chip.

Windows takes control of the TPM as the computer starts. This is a good move for a couple of reasons. The first is that the TPM can verify the integrity of Windows before the operating system loads. That ensures that it is not loading on an operating system that has malicious code.

It also helps with antivirus software. Most malware is written to run on your operating system, so something like adware runs after Windows has loaded, even if you don’t see the program actively running on your desktop. Antivirus services can generally deal with this type of malware, but some have problems with rootkits.

A rootkit is a piece of malware that is supposed to live on your computer without being detected. Although some rootkits only attack a particular application, many start to load before your operating system. That opens up a world of possibilities for attackers, allowing them to infect your operating system boot or even the kernel (the core of your operating system).

TPM takes care of that. Windows automatically takes advantage of the TPM during boot sequences, but other software, such as antivirus, can also take advantage of it to remove rootkits before the operating system loads.

The cyberattacks continue to increase, probably in response to the increasing amount of valuable personal data that users store on their computers and online. The TPM requirement in Windows 11 is medicine before candy.

By updating your PC with the latest hardware security, Microsoft can move forward with its security efforts instead of focusing on getting more people involved.

Hardware vs. firmware TPM

Closeup to the chips of a motherboard

With the announcement of Windows 11, the price of dedicated TPM hardware has skyrocketed in the second hand market. This is primarily a problem for the assembled (or DIY) computer market, as Microsoft has required TPM hardware in devices running Windows 10 for the past few years.

Fortunately, you don’t need to spend $ 100 on a chip to run Windows 11. Standard motherboards may not come with hardware TPMs, but most boards from the last few years do come with firmware TPMs.

Instead of a dedicated cryptoprocessor, this form of TPM uses firmware stored elsewhere on your motherboard for authentication. Then it borrows the power of your processor to handle the cryptographic functions.

TPM hardware is more secure, simply because it is isolated from other components on your computer. If a component or area of ​​your computer is compromised, the TPM can function independently.

The TPM firmware is not so isolated. It performs the same function as the hardware TPM, but is more prone to tampering, as an attacker can theoretically damage firmware more easily than physical hardware.

Windows 11 doesn’t care what type of TPM you’re using, as long as it adheres to the TPM 2.0 standard. If you built your own computer in the last few years, you can enable the TPM firmware through your motherboard BIOS.

If you bought a pre-built laptop, you can run Windows 11 on it as long as it was made after 2016 (when Microsoft implemented the TPM requirement in Windows 10).

Editor’s Recommendations