Microsoft announced yesterday that Windows 11 will require TPM (Trusted Platform Module) chips on existing and new devices.
It’s a significant hardware change that has been years in the making; but Microsoft’s messy way of communicating this has left many confused about whether their hardware is compatible.
What is a TPM, and why do you need one for Windows 11 anyway?
“The Trusted Platform Modules (TPM) is a chip that is either integrated into your PC’s motherboard or added separately into the CPU;” explains David Weston, director of enterprise and OS security at Microsoft.
“Its purpose is to protect encryption keys; user credentials, and other sensitive data behind a hardware barrier so that malware and attackers can’t access or tamper with that data.”
So it’s all about security.
TPMs work by offering hardware-level protection instead of software only.
It can be used to encrypt disks using Windows features like BitLocker; or to prevent dictionary attacks against passwords.
TPM 1.2 chips have existed since 2011, but they’ve typically only been used widely in IT-managed business laptops and desktops.
Microsoft wants to bring that same level of protection to everyone using Windows, even if it’s not always perfect.
Microsoft has been warning for months that firmware attacks are on the rise.
“Our own Security Signals report found that 83 percent of businesses experienced a firmware attack, and only 29 percent are allocating resources to protect this critical layer,” says Weston.
That 83 percent figure seems huge, but when you consider the various phishing, ransomware, supply chain, and IoT vulnerabilities that exist;, the broad range of attacks becomes a lot clearer.
Ransomware attacks hit the headlines weekly; and ransomware funds more ransomware so it’s a difficult problem to solve.
TPMs will certainly help with certain attacks, but Microsoft is banking on a combination of modern CPUs; Secure Boot, and its set of virtualization protections to really make a dent in ransomware.
Microsoft is trying to play its part, particularly as Windows is the platform that’s often most affected by these attacks.
It’s widely used by businesses worldwide, and there are more than 1.3 billion Windows 10 machines in use today.
Microsoft software has been at the core of devastating attacks that made global headlines; like the Russia-linked SolarWinds hack and the Hafnium hacks on Microsoft Exchange Server. And while the company isn’t responsible for forcing its clients to keep its software patched; it’s trying to be more proactive about protection.
Support InfoStride News' Credible Journalism: Only credible journalism can guarantee a fair, accountable and transparent society, including democracy and government. It involves a lot of efforts and money. We need your support. Click here to Donate