Trusted Platform Module (TPM) is an encryption-and-cybersecurity system invented by the Trusted Computing Group (TCG). It is used to help secure the bootup process and is sometimes implemented as a miniature plug-in board with 14 or 20 pins in two rows of 7 or 10 that plugs into a designated TPM socket on the computer’s motherboard. It contains a tiny, dedicated coprocessor with its own secure storage that provides a range of security-related functionality, including hardware random number generation, trusted creation of cryptographic keys, and secure digital signatures. TPMs can also be implemented as regular firmware on the computer or even by running a software-level emulator.
Microsoft requires a TPM to run Windows 11 due to the security benefits it offers. It can prevent attackers tampering with the BIOS or computer firmware and installing malware that loads before the operating system itself even gets going. Additionally, it can be used for digital rights management (DRM) to cut down on piracy.
It is important to note that the complexity of TPMs can lead to bugs. In November 2022, researchers at Quarkslab identified two CVE-numbered vulnerabilities in the TPM 2.0 reference implementation that could affect billions of devices. These vulnerabilities occurred when handling malicious TPM 2.0 commands with encrypted parameters. Microsoft released a “quick-fix” for these bugs, but additional patches were also needed.
TPMs are a critical part of modern computing and can provide a secure platform for running Windows 11. Despite their complexity, they have been proven to work effectively and are a necessary component if you want to run Windows 11. It is important to keep your TPM up-to-date with the latest patches and fixes to ensure that your computer remains secure.