Data Doctors: A look at some of the new Windows 11 security requirements

Q: What are the TPM and Secure Boot that Windows 11 is requiring?

A: As the buzz around Windows 11 continues to grow, Microsoft has taken steps to ensure it will be what the company calls “The Most Secure Version of Windows Ever.”

Internet-connected devices are in a constant battle with potential threats from the outside world, with Windows being one of the most targeted pieces of software in use.

Protecting a Windows-based computer has generally been done through software such as anti-virus or anti-malware programs that load up during the Windows startup process.

Sophisticated malware gains access to a computer at the same level as the anti-virus program can disable it, which is why it only goes so far to provide protection.

A computer industry consortium created a hardware approach to improve overall security that is known as TPM.

Trusted Platform Module (TPM)

Providing a security system in the hardware makes it much more difficult for malicious code to be successful at the software level.

TPM is essentially a chip integrated into the hardware that acts as a bit of a gatekeeper. Think of it as a security keypad on the outside of a secured building that acts as the first line of protection.

The code you punch in determines what you can do once you get inside the building; the same holds true automatically via TPM.

The current iteration is called TPM 2.0 and will be required to be in use in order to install or upgrade to Windows 11.

Microsoft has actually been requiring TPM 2.0 to be implemented by computer manufacturers installing Windows 10 since July 2016. If your computer is newer than that and came from the manufacturer with Windows 10, TPM is likely already being used.

In some cases, you may have TPM available in your hardware, but it needs to be turned on in the Unified Extensible Firmware Interface (UEFI); the steps differ depending upon your specific hardware. If you’re not familiar with accessing and changing settings in the UEFI which replaced the BIOS in older systems, I’d suggest you get some help.

Secure Boot

This is another security feature built into your hardware that only allows approved operating systems to load.

This is designed to prevent malicious code from loading at startup, as the hardware will only hand over control of the computer to an approved operating system.

The most dangerous types of malware in the past tried to take over the computer during the startup process, which is prevented when Secure Boot is activated.

Additional requirements

TPM 2.0 and Secure Boot are not the only requirements to qualify for Windows 11 as your processor will be a big factor as well.

If you have an Intel processor, it will generally need to be 8th-generation (mid-2017) or newer. If you have an AMD processor, it will need to be Ryzen 2nd-generation (2018) or newer.

Compatibility tests

As Microsoft rolls out this free upgrade, you’ll be automatically notified via the Windows Update screen whether your machine is compatible.

You can also manually check your computer’s compatibility.

Even if your computer is compatible, we always suggest holding off for a while unless you’re a hobbyist or IT professional that understands the challenges of a new OS.

Federal News Network Logo
Log in to your WTOP account for notifications and alerts customized for you.

Sign up