Windows 11 TPM 2.0 requirement has a special exception

JC Torres - Jun 27, 2021, 9:58pm CDT
Windows 11 TPM 2.0 requirement has a special exception

Interest in Microsoft’s next big Windows release immediately turned into confusion over the hardware requirements to run Windows 11. One of the most controversial parts of that requirement is TPM or the Trusted Platform Module cryptographic hardware. Where it was previously considered a “soft floor” requirement, Microsoft has just raised TPM 2.0 as Windows 11’s hard requirement. It turns out that it might not be that hard at all since Microsoft is willing to waive it for certain special cases and markets.

TPM isn’t exactly new and many modern computers do have such a cryptoprocessor already pre-installed. It is, of course, a Microsoft technology, but most vendors do in order to meet Redmond’s minimum requirements for certifying certain systems as secure, especially for enterprise use. The problem, however, is that not all Windows PCs today have the latest TPM 2.0 hardware and some that do have those chips disabled.

Microsoft is making a big fuss over TPM 2.0, mostly in response to criticism for such a hard requirement that immediately makes some Windows 10 PCs ineligible to receive Windows 11. Of course, it using security as the reason behind that decision and argues that there are already plenty of pre-built PCs with TPM 2.0 included. It doesn’t, however, say anything about those who build their own PCs.

It turns out, however, that Microsoft is willing to disregard those security principles in some cases. Tom’s Hardware discovered a small clause in the 16-page Windows 11 Minimum Hardware Requirements that says some custom images don’t require TPM to be enabled. The site theorizes that this will be the case for custom Windows versions shipped in China and Russia, which either don’t use TPM or even disallow it.

To be clear, the clause only covers whether TPM is enabled or disabled but may still require the cryptoprocessor hardware to be present even if unused. Still, this revelation could further ignite complaints about Microsoft’s hard requirements and push certain agents to create unofficial versions of Windows 11 that don’t require TPM at all.

Must Read Bits & Bytes