Last week, Microsoft finally announced its new operating system: Windows 11. Although this system apparently looks like a Windows 10 with some cosmetic changes, under the hood we can find a lot of changes of all kinds that will make it an excellent successor. However, in order to avoid present and future problems (and not repeat the errors of Windows 10), Microsoft has been forced to update the minimum requirements to be able to install the operating system. And, within the new requirements, we can find a very controversial one: TPM 2.0 .
What is TPM 2.0
TPM stands for Trusted Platform Module , a motherboard security module designed to safely store the encryption keys of our computer. Since 2016, this chip became a requirement for any new computer that wanted to come installed with Windows 10, therefore, it is not a novelty as such in Windows 11.
The purpose of this chip is to be in charge of controlling everything related to cryptography without endangering the keys at any time. For example, it is responsible for storing the keys, and protects them from malware and computer attacks so that nothing and no one can access or modify them. When we encrypt the hard drive with Bitlocker, or with a similar program, this module is responsible for saving the key and all data encryption / decryption tasks without affecting the general performance of the PC. Other encryption tools, such as LUKS (from Linux) can also work with this module.
In summary, what the TPM chip offers us is:
- Generates and stores cryptographic keys while limiting access and use.
- It uses a unique RSA key for encryption tasks, and that key is only stored inside the chip.
- Ensures the integrity of the encryption even in the most complex cyber attacks.
Be careful, there have been misunderstandings with Microsoft’s requirements. Version 2.0 of the TPM module is going to be mandatory for manufacturers who want to pre-install Windows 11 on their computers, as well as a webcam and other requirements that have been overlooked. If we want to install Windows 11 ourselves on any computer, we only need to have TPM 1.2, an older version that we can find on any modern computer.
Be careful when activating it!
From the moment Windows 11 was introduced, and people started talking about this module, users have been checking if their computers meet the minimum requirements to install the new operating system. And the requirement that has failed the most has been TPM 2.0 .
If our computer is from 2016, or more modern, the safest thing is that it meets this requirement without problems, so we do not have to worry. Of course, we may have to activate it in the BIOS to be able to use it. This can be done very easily, although it will depend on the make and model of the plate.
The problem, which everyone goes unnoticed, is that we are linking our Windows installation to our CPU and our motherboard. As we can read in this warning message when activating TPM 2.0 , if we change the processor or the BIOS chip of the motherboard, we will be losing the TPM encryption keys. The encryption key can no longer be recovered in any way and we will lose all the data that we have stored inside the hard drive.
It does not matter if we remember the BitLocker key or that we have the recovery key saved. If we change the processor, the board or simply the BIOS chip, we will lose all the data on the disk, making it impossible to recover them.
