What is TPM 2.0
TPM stands for Trusted Platform Module, a security module for motherboards designed to safely store the encryption keys of our computer. Since 2016, this chip became a requirement for any new computer that wanted to come installed with Windows 10, therefore, it is not a novelty as such in Windows 11.
The purpose of this chip is to be in charge of controlling everything related to the cryptography without compromising the keys at any time. For example, it is responsible for storing the keys, and protects them from malware and computer attacks so that nothing and no one can access or modify them. When we encrypt the hard drive with Bitlocker, or with a similar program, this module is responsible for saving the key and for all data encryption / decryption tasks without affecting the general performance of the PC. Other encryption tools, such as LUKS (from Linux) can also work with this module.
In summary, what the TPM chip offers us it is:
- Generates and stores cryptographic keys while limiting access and use.
- It uses a unique RSA key for encryption tasks, and that key is only stored inside the chip.
- Ensures the integrity of the encryption even in the most complex cyber attacks.
Be careful, there have been misunderstandings with Microsoft’s requirements. Version 2.0 of the TPM module it will be mandatory for manufacturers who want to pre-install Windows 11 on their computers, as well as a webcam and other requirements that have been overlooked. If we want to install Windows 11 ourselves on any computer, we only need to have TPM 1.2, an older version that we can find on any modern computer.
Be careful when activating it!
From the moment that Windows 11 was introduced, and this module began to be talked about, users have been checking if their computers meet the minimum requirements to be able to install the new operating system. And the requirement that has failed the most has been TPM 2.0.
If our computer is from 2016, or more modern, the safest thing is that it meets this requirement without problems, so we do not have to worry. Mind you, we may have to enable it in BIOS to be able to use it. This can be done very easily, although it will depend on the make and model of the plate.
The problem, which everyone goes unnoticed, is that we are linking our Windows installation to our CPU and our motherboard. As we can read in this warning message to the enable TPM 2.0If we change the processor or the BIOS chip of the motherboard, we will be losing the keys of the TPM encryption. The encryption key can no longer be recovered in any way and we will lose all the data that we have stored inside the hard drive.
It does not matter if we remember the BitLocker key or that we have the recovery key saved. If we change the processor, the board or simply the BIOS chip, we will lose all the data on the disk, making it impossible to recover them.