Fuse/Corbis/Getty Images Plus
Follow ZDNET: Add us as a preferred source on Google.
When Microsoft introduced Windows 11 in 2021, its new, stringent hardware compatibility test included checking for the presence of a Trusted Platform Module (TPM) -- specifically, one that meets the TPM 2.0 standard.
What is a TPM?
The simple answer is that a TPM is a secure cryptoprocessor, a dedicated microcontroller designed to handle security-related tasks and manage encryption keys in a way that minimizes the ability of attackers to break into a system. Windows uses that hardware for a variety of security-related features, including Secure Boot, BitLocker, and Windows Hello.
Also: How to upgrade your 'incompatible' Windows 10 PC to Windows 11 - 2 free options
The TPM performs the essential mathematical chores that make it possible to encrypt and decrypt data, generate random numbers, and validate digital signatures. It's also a secure place to store digital certificates, encryption keys, and authentication data in a way that can't be tampered with.
But the full answer is, as with anything related to computer security, slightly more complicated.
The TPM architecture is defined by an international standard (formally known as ISO/IEC 11889) created by the Trusted Computing Group more than twenty years ago. The standard deals with how different cryptographic operations are implemented, with an emphasis on "integrity protection, isolation and confidentially [sic]."
A TPM can be implemented as a discrete chip soldered onto a computer motherboard, or it can be implemented within the firmware of a PC chipset or the CPU itself, as Intel, AMD, and Qualcomm have done over the past decade. Even Microsoft has gotten into the act, with its Microsoft Pluton security processor, which is integrated directly into SoCs from AMD and Qualcomm; it can be used as a TPM or as a security processor alongside a discrete TPM. If you use a virtual machine, you can even build a virtual TPM chip into it.
... continue reading