Here’s what you’ll need to upgrade to Windows 11
Since Microsoft announced Windows 11 yesterday, one concern has spilled over to the web more than any other: What is a Trusted Platform Module requirement?
Windows 11 is the first version of Windows to require a TPM, and most self-built PCs (and cheaper, home-made OEM PCs) don’t have a TPM on board. While this requirement is a bit complicated, it is not as onerous as millions of people have assumed. We’ll walk you through all of the advertised Windows 11 requirements, including TPM, and make sure you note when these are likely to be a problem.
General hardware requirements
While Windows 11 raises some general hardware requirements over the extremely lenient Windows 10 minimums, it will still be difficult to find a PC that doesn’t meet most of these specifications. Here is the list :
- CPU—1 GHz or faster, two or more cores, x86_64 or ARM64 only
- RAM-4 GiB or more
- Storage—64 GB minimum for installation … but we recommend to less 128 GB for a vaguely normal system
- Graphic—Compatible with DX12 or later, with WDDM 2.0 driver
- Firmware—UEFI, compatible with secure boot
- TPM—Trusted Platform Module 2.0 is listed as a minimum requirement; TPM 1.2 may or may not be ‘good enough’, but read on before you throw your hands up in desperation!
- Display—720p minimum resolution, minimum nine-inch diagonal measurement, 8-bit per color channel or more
In addition to these hardware requirements, Windows 11 Home requires internet connectivity and a Microsoft cloud account. Microsoft account and internet connectivity are only required for Home, not Pro. It is not yet known if there will be a workaround, such as the current dance “only plug network cable after setup”.
The CPU requirement may be more or less of a problem than it initially appears. Microsoft has a relatively short list of processors supported by three major manufacturers (AMD, Intel, and Qualcomm) which typically dates back to Ryzen 2500 or Intel 8th Gen Core, no further. However, we don’t know how trustworthy this list is. We strongly suspect that Windows 11 will run fine on many considerably older processors.
If Microsoft codes a hardware requirements checklist in the installer or boot sequence, many processors that would otherwise have performed well will be unusable. Sounds unlikely enough, but (forgive the hackneyed expression) only time will tell for sure.
A closer look at the trust platform module requirement
Most PC motherboards, even flagship boards, do not come with a hardware TPM installed. However, most of these panels do Theoretically supports hardware TPM, with a special 19-pin header ready to plug one in. Honestly, this is a very specialized, specialist device that not many users have ever purchased.
At least very few people have purchased the optional hardware TPM until yesterday, after seeing the requirements of Windows 11 and then panicking. Hours after Microsoft’s chief product officer Panos Panay introduced Windows 11, the entire stock of readily available TPMs from most manufacturers was depleted by Windows 10 users trying to ensure that ‘they could run 11.
If you didn’t get one of the few TPMs available yesterday, don’t panic, you certainly didn’t need them. OEM hardware TPM is generally considered the most rugged version, and is soldered directly to the board in PCs intended for corporate use. Less hardened firmware TPM support is built into modern AMD and Intel processors, and it will fully meet the TPM requirements of Windows 11.
Getting a complete and accurate list of all processors that support firmware-based onboard TPM is a bit difficult, largely because demand was quite low until this week. As far as we can see, every x86_64 processor on Microsoft’s supported processor lists includes this support.
Intel calls its TPM based on the firmware iPPT (Intel Platform Protection Technology) and AMD calls its own fTPM (Firmware Trusted Platform Module). Generally speaking, iPPT appears in most Haswell (4th Gen Core) processors, although the K series gaming models inexplicably fail to get iPPT up to Skylake (6th Gen Core). On the AMD side, we see the fTPM appear with Ryzen 2500 and above.
There is another trap to navigate, however. Although the vast majority of semi-modern processors support TPM firmware, almost all motherboards ship with TPM disabled in the BIOS. So you’ll need a three-finger salute and a deep dive into the “advanced” part of your machine’s BIOS to try and find and activate this support if you need it.
OEM motherboards are just as likely to have fTPM disabled by default – and unfortunately, they often don’t expose the setting to enable it, even when the processor supports it. If you have a prebuilt Dell or HP system that does not include a hardware TPM, you could be stuck with no way out.
To determine if TPM support is available and working on Windows, run the command
tpm.msc. This will generate a TPM dialog box indicating whether you have supported TPM and which version (1.2 or 2.0) it is. (You can also interact with the TPM by clearing it or “preparing” it, but that’s not something you have to do or should do unless specifically requested. Playing with your TPM can permanently block Bitlocker volumes, and it can even disable Windows in some cases.)
Let’s talk about UEFI and Secure Boot
Microsoft lists support for Universal Extensible Firmware Interface (UEFI) and Secure Boot aptitude like strict requirements for Windows 11. As with processor requirements, we are currently hesitant to take these requirements at face value.
The UEFI requirement seems to be exactly what it says on the tin – no more legacy BIOS installations for anyone! – but we might have a slight weasel smell in the phrase “secure boot capability”. We won’t know for sure until Windows 11 Insider images are released, but we think “capacity” is probably an important word. Secure boot itself may not be required.
If you are using a pre-built OEM PC, these requirements probably won’t affect you. Any system that supports both CPU and TPM modern enough to run 11 will have UEFI firmware and its current installation of Windows 10 will run on it.
But if you’ve built your own PC, you may have an annoying problem. Most passionate cards allow booting from BIOS or UEFI, and if you have Windows installed under BIOS, you won’t be able to just convert it to UEFI. With enough determination and technical skill, it’s possible to Frankenstein a Windows BIOS installation into a new life under UEFI, but it just won’t be worth it for most Windows users, who will have to perform a reinstallation. clean.
The problem becomes even more important for those who run virtual machines. Several virtualization platforms (including Linux KVM) default to BIOS rather than UEFI boot for guests. It’s simpler, it usually starts faster, and it’s been around a lot longer. Why fix what is not broken? If your Windows 10 VM daily driver boots from BIOS, you’ll be stuck with the same inability to access it from here issues as PC builders who have selected a BIOS boot.