Ever wondered why Windows 11 is so dead set on requiring TPM and Secure Boot? Here is the answer.
With Microsoft’s ambitious move to release the next iteration of Windows, they have tightened the system requirements to a great extent. They made two things mandatory for running the brand-new Windows 11. They are Secure Boot and TPM, which cannot be found on even some of the latest machines available in the market.
Even though the Secure Boot was listed as a requirement for Windows 8 and 10, we could install it on our PCs without any hassles. You may wish the same for Windows 11. But unfortunately, you cannot. You may wonder why. This article will explain things in detail.
Before we look into why Windows 11 demands the TPM and Secure Boot, let’s crack the outershell first.
What is a TPM?
First things first, Trusted Platform Module (TPM) is a hardware component that comes in-built with modern motherboards, and of course, can be used an accessory rather. It’s a crypto-processor designed to add an extra layer of security to your computer by generating, storing, and limiting the usage of cryptographic keys.
Related: How to Check Windows 11 TPM Compatibility on Your PC
What is Secure Boot?
While we talk about Secure Boot, you need to understand that it comes under the UEFI. UEFI stands for Unified Extensible Firmware Interface and is nothing but a program interface that works in between your operating system, firmware, and hardware.
Secure Boot is a security feature in UEFI that helps ensure that a device boots only with software trusted by the OEM (Original Equipment Manufacturer). In other words, it provides a secure environment to boot Windows and fends off malicious programs from hijacking your system during the boot process.
While your PC boots up, the firmware checks for the signature of every piece of software, including UEFI drivers and OS boot loaders. Suppose it validates the signatures, the PC boots, and transfers the firmware control to the OS.
So, it’s meant for improved security. It essentially blocks every code that doesn’t have a valid OEM signature, thereby protecting your PC from malware attacks.
Why Windows 11 Needs TPM and Secure Boot?
Ever since the inception of Windows 8, Microsoft has been trying to effectuate the use of Secure Boot because of obvious reasons. And from now onwards the TPM too.
According to Microsoft, Windows 11 is built around three vital principles: Security, Reliability, and Compatibility. Out of these, security has got the prominence.
To deliver the best security experiences, TPM and Secure Boot, along with other protections like Windows Hello, Virtualization Based Security (VBS), Device Encryption, HyperVisor-protected Code Integrity (HVCI), etc. are inevitable.
Implementation of these features in conjunction can help keep your PC safe by minimizing malware attacks by 60%.
If you find this too technical, let me break it down in simpler words.
Assume that you downloaded an application from the internet, and you are little aware of the developers and the site from which you have downloaded it. You installed the software containing some malicious code on your PC. If it is designed so that it executes on the system reboot, you won’t see anything suspicious immediately after the install.
But once you reboot your system, there are no protective measures to verify the trustworthiness of the loading programs. Consequently, the malware will load and infect your PC, making it unusable.
Furthermore, when you switch on your PC with BitLocker encryption enabled, an authentication key is sent to TPM chip. If everything is alright, the encryption on your storage is unlocked and the computer boots up. Otherwise, in the event if someone steal your PC and tries to get into the encrypted drive, it simple won’t boot up.
TPM & Secure Boot to Level Up PC Security
Although TPM and Secure Boot can significantly strengthen the security of your device, it has some drawbacks too. If you need to dual Boot a second OS with Windows on your PC, you may need to disable the Secure Boot. For example, some Linux distros require Secure Boot to be disabled.
Also, the new Windows 11 requirements may seem distasteful to you at the first glance. But it can enhance you PC security to a great extent. If you still didn’t install Windows 11 on your PC, wait for it and in the meantime make your PC ready to meet the new requirements.
Related: How to Install Windows 11 without TPM 2.0 & Secure Boot