PTT vs TPM: Microsoft’s Security Effort for Windows 11
Since unveiling Windows 11, Microsoft has been busy balancing the heaps of exciting new features with the new security caveats that were not as welcomed by the community members. In order to install Windows 11, your PC now needs a Trusted Platform Module (TPM 2.0).
What is TPM?
TPM is a way of storing encryption keys at the hardware level. Security researchers around the world widely accept this key encryption storage safer than relying on software. This makes it way harder for malicious software to hack and access your data.
Let’s take a practical example where TPM might come in handy:
When you press the power button on a PC that uses disk encryption + TPM, the Trusted Platform Module will deliver a small unique code called a cryptographic key. Now, one of the two scenarios can occur:
- If everything is normal, the encryption unlock is allowed, and your PC boots up normally.
- If there’s a problem with a key (maybe someone tried to tamper with the encrypted drive (remotely or not), your PC will not start.
On top of this, email clients like Thunderbird and Outlook also use TPM technology to handle encrypted or key-signed messaged. Browsers like Chrome, Opera, and Firefox are also starting to leverage TPM for certain protocols like maintaining SSL certificates for websites.
And lately, we’re also starting to see other consumer technology like printers and smart home accessories starting to use TPMs.
It doesn’t take a security expert to understand that the entire tech industry is adopting TPM as an industry standard.
Note: Apple’s new T2 security chip is essentially a TPM branded in the company’s usual fashion.
Is my PC equipped with TPM? Can I run Windows 11?
If your PC was built after 2015, there’s a very good chance that it’s equipped with a Trusted Platform Module regardless of either it has a dedicated chip or not.
You don’t need a dedicated TPM 2.0 chip to run Windows 11, despite the super-confusing system requirements that Microsoft initially published.
As we’ve been able to confirm, almost all modern AMD and Intel processors already meet Microsoft’s TPM 2.0 requirements, and those that fail PC Health check do so because of a BIOS setting that forces the firmware-powered TPM to remain disabled.
TPM vs PTT
So as we’ve already established, your computer might support TPM even if it doesn’t have a dedicated chip for it. This is possible because many CPUs actually include TPM in their firmware.
Intel’s trademark name for this firmware technique is Platform Trust Technology (PTT). Intel started to include this patented technology starting with their 4th generation processors sometime in 2013.
On the other hand, AMD CPUs (especially Ryzen iterations) include a similar TPM-enabling firmware technique called fTPM.
If you look at the bigger picture, Microsoft is quite reasonable with the security requirements on Windows 11 -They could have restricted Windows 11 to hardware-enabled TPMs, but that would have eliminated a huge chunk of the current potential market for Windows 10.
And since firmware TPM is allowed, you shouldn’t have any issues installing Windows 11 if your CPU is not older than 7- 8 years.
How to check if my PC supports TPM?
Checking if your Pc is capable of supporting TPM is easy since Microsoft has backed a checking tool inside every recent iteration of Windows 10.
Follow the instructions below to see if your computer is equipped with a Trusted Platform Module chip and check if it’s already enabled so Windows 11 can use it:
- Press Windows key + R to open up a Run dialog box. Inside the new text box that just appeared, type ‘tpm.msc’ and press Enter to open up the Trusted Platform Module (TPM) Management tool.
Open the TPM module on any recent Windows version - Once you’re inside the Trusted Platform Module (TPM) screen, start by checking the Status page – If it says that ‘The TPM is ready to use‘ and the Specification Version (under TPM Manufacturer Information) is listed as 2.0, you’re good to go.
Checking if TPM is supported by PC
Note: If the Trusted Platform Module (TPM) Management inquiry says that ‘Compatible TPM cannot be found‘, it’s one of two things:
- TPM is not supported by your current hardware
- TPM is supported by your current hardware but it’s disabled at a system level.
Note: Many motherboard manufacturers choose to disable PTT (Intel) or fTPM (AMD) by default, so your first culprit, if the PC Health check fails, is to get to your BIOS settings and ensure that firmware-powered Platform Trust Technology is ENABLED.
Regardless of the scenario that is applicable to your current situation, there are a series of troubleshooting methods that you can follow in order to enable TPM on your machine.
