In just under three months, all signs point to Windows 11 being officially released. This will be possible given the good results that its version for Insider users is giving. Since it was officially announced last June, everything has been chosen in terms of its design and interface, as well as the redesign of its application store. However, it has received constant criticism for the rise in minimum requirements to install it, making it necessary for our team to have TPM 2.0 enabled, something that many users do not know why.
Not a few users were surprised by this measure, as the requirements of Windows 11 have been a point of confusion and contention. And it is that many users are even unaware of what TPM technology is. This abbreviation for Trusted Platform Module is a technology designed to provide hardware-based security-related functions. Recent problems discovered in laptops with TPM, begin to make sense of using TPM 2.0 in Windows 11.
Higher TPM requirements for security
TPM technology is included in all processors released from 2016 onwards. Its use is necessary and mandatory for the cryptography functions to work correctly. These modern CPUs have a TPM chip, which is used to generate, save and limit the use of cryptography. Thanks to this, the data encryption and decryption functions do not consume resources on our computer. In Windows 11 it will be necessary to have TPM 2.0 something that is beginning to make sense. This is thanks to the knowledge of a new security problem, this time found in laptops with TPM.
Do not forget that the TPM has physical security mechanisms to allow it to be manipulated. In contrast, resistant and malicious software cannot tamper with the security functions of the TPM. The security company Dolos Group, discovered that someone could have access to a seemingly secure internal network by exploiting the vulnerabilities in a stolen Windows laptop, even having BitLocker enabled.
Do not forget that TPMs are specifically designed to keep all the confidential information on your laptop safe. From Golos Group they assure that the problem is not the hardware itself, but is based on its dependence on the unencrypted SPI protocol, which is used to communicate with the CPU in the laptop.
The importance of TPM 2.0 in Windows 11
Researchers at the security company say that laptops could be more secure. To do this, they should force BitLocker to require a PIN, a startup key stored on an external USB device, or both security measures, in addition to depending on the TPM, something that this technology does not have by default. Furthermore, they emphasize that BitLocker does not use any encrypted communication features of the TPM 2.0 standard. This means that any data that comes out of the TPM will be in plain text, including the decryption key for Windows, which could put our security at risk.
That is why Microsoft could be considering the possibility of improving BitLocker for Windows 11. Unlike Windows 10, Microsoft’s new operating system requires a TPM 2.0 module which could make it easier to upgrade BitLocker to use that version of the encrypted communication features. This is why this feature makes more sense as a mandatory requirement in Windows 11.