What is a Trusted Platform Module (TPM) and why is it key to Windows 11?

A PC circuit board
(Image credit: Getty Images)

Buy a Windows computer today and it’s all but certain to contain a Trusted Platform Module (TPM) – an unassuming component that performs a standard set of security functions. Those functions are defined by the Trusted Computing Group, a non-profit industry body with more than 100 members, including major laptops hardware manufacturers AMD, Dell, Google, Intel, Lenovo and Microsoft, working together to improve security across computing devices and applications.

The group has existed in various forms since 1999, but it was in 2009 that it published the first mainstream TPM standard, curiously presented as version 1.2. This quickly gained widespread adoption across the industry, thanks partly to support built preemptively into Windows Vista. In 2015, the newer TPM 2.0 standard brought some extra features, and this remains the state of the art when it comes to trusted computing.

Despite its ubiquity, the TPM has always been an optional component. It’s been up to computer manufacturers whether they’ve chosen to include one in their designs, and up to users whether they want to enable or disable it in their BIOS settings. With Windows 11, however, the mood has changed: Microsoft has declared that the latest edition of its operating system will only be supported on systems where TPM 2.0 is present and enabled.

That’s been a controversial decision, partly because it seems arbitrary. Windows 10 didn’t require a TPM, and it’s perfectly possible to use Windows 11 without one. Microsoft even provides a simple hack that lets you install its latest operating system (OS) without a TPM. If you take this route however then your computer will be officially classed as unsupported, meaning it’s not guaranteed to receive future updates. So why has Microsoft decided to make TPM 2.0 a requirement? To understand, let’s look more closely at what a TPM is and what it does.

Where is the TPM?

TPM was originally conceived as a small, low-cost chip that could be optionally plugged into a dedicated socket on a motherboard. As TPM support became the norm, manufacturers started soldering the chip directly onto the board.

The specification doesn’t require that the TPM be implemented as a physical chip, however. In fact, nowadays the full set of TPM functions can be integrated into the CPU firmware – as is the case with every processor on the Windows 11 supported hardware list, from both AMD and Intel.

If the Windows 11 installer complains you don’t have a TPM, it might be that the feature simply needs enabling in your BIOS. If you can’t find an option to turn it on, you might need to look for a different name: AMD’s integrated TPM system is called the Firmware Trusted Platform Module (fTPM) while Intel’s is called Platform Trust Technology (PTT).

What does the TPM do?

The TPM works like a miniature computer in its own right. It receives commands, it returns responses, and it can also store and regurgitate information. To enable it to do this, it has its own onboard storage: the specification requires that a TPM must have at least 7KB of storage, but newer modules can have upwards of 100KB. All of this memory is non-volatile, meaning it retains its contents when unpowered, like an SSD.

RELATED RESOURCE

Software-defined storage for dummies

Control storage costs, enable hybrid cloud and simplify storage management

FREE DOWNLOAD

Of course, if you just want to store and retrieve data you might as well use the hard disk. What makes the TPM special is that stored data can have conditions attached to it, governing how it can be accessed. For example, if an application stores a password in the TPM, it can mark it as only accessible to the same process that originally provided it. If any other programme requests the information – such as a piece of malware trying to steal your secrets – the TPM will refuse to provide it. Since the workings of the TPM are completely separate to and outside of Windows, the malware is stymied.

A TPM can also deny or allow a data request depending on the state of the computer. This is because the TPM has the ability to audit the hardware configuration of the computer it’s installed in, and to log the software that launches on it. Using this information, it can determine whether or not it’s in a known, trusted environment, and respond accordingly.

A different use for the TPM is to enforce the entry of a password when the computer first powers on. The BIOS brings up the password request, but the authentication is handled by the TPM, using credentials stored in its own onboard memory – so you can’t get around the password by clearing or flashing the BIOS.

The TPM even has protections against brute-force attempts to guess the password: after a few wrong entries, the TPM will start to make you wait an increasingly long time until you can try another password. Too many wrong guesses results in an enforced delay of 24 hours – and don’t bother trying to change the date in the BIOS or whip out the CMOS battery, as the TPM has its own onboard clock that only ticks down while the system is powered on.

This is all good stuff: the TPM can help prevent thieves and intruders from accessing protected systems, and block malware from exfiltrating sensitive data. But we haven’t yet come onto perhaps the most important function of a TPM.

Cryptographic magic

The TPM can store data as-is, but it can also perform cryptographic functions on it. Specifically, it can apply public-key cryptography – the type that involves a pair of encryption keys, one of which you keep secret while the other is shared far and wide. Anyone can use your public key to encode a message to you, but only your private key can be used to decode it. Or, your private key can be used to generate a cryptographic hash of a message or file in a way that can be validated using your public key, proving it was “signed” by you and hasn’t been tampered with.

Thus, once you’ve stored your private key in the TPM, it can natively encrypt files, decrypt files and generate signatures for you – but if the system isn’t in an approved state, or if the request comes from an unfamiliar process, the TPM can simply refuse to cooperate. There’s no need to export the key back out into the operating system where it could potentially be spied upon – in fact, it's possible to lock down the key completely, so that it can’t ever be extracted, under any circumstances.

This means the only real window of opportunity for someone to steal your key is at the point when it’s generated and loaded into the TPM in the first place. Even that tiny loophole is easy to close off, because every TPM has the ability to generate its own internal keys, which can then be used for encryption-based tasks without ever being seen by the OS or firmware. If you subsequently want to pass a computer on to someone else, you can simply send an instruction to the TPM to reset its key storage, and those keys will be gone forever.

This does raise an obvious question: how do you move between computers without losing access to your secure keys? The answer is that, as well as placing restrictions on how data stored in the TPM can be accessed, you can also control whether and how it can be migrated from one TPM to another, with restrictions such as requiring a password or a specific system state.

How Windows uses the TPM

Any application that uses encryption can get a security boost by using a TPM, rather than storing its keys in system memory or on disk. Windows makes this easy with an OS component called the Platform Crypto Provider, which provides TPM-based cryptography services without developers needing to delve into the workings of the module itself. It can also act as a sort of gatekeeper for the TPM: if TPM is instructed only to use certain keys as directed by this process, that prevents rogue processes from performing an end-run around Windows’ security measures.

Probably the best-known popular application of cryptography in Windows is the BitLocker feature, which provides full-disk encryption. To be strictly accurate, BitLocker encrypts your whole disk except for the Windows Boot Manager, which launches as usual when you power on the PC. When it sees that the system disk is encrypted, this little programme then requests the decryption key from the TPM, which recognises the Boot Manager as a trusted process and provides it. This key is used to unlock the Windows startup files – along with all the other data that’s stored on the drive – allowing the computer to boot.

On its own this might sound rather pointless, since the drive is decrypted and booted automatically. However, it means that the only way to access the computer is by starting up Windows – so if you don’t have the right password, you’re locked out. If you try to access the hard disk from a different OS, or using different hardware, all you’ll see is unreadable encrypted data. The TPM can also refuse to provide the key if it detects a change to the boot manager code or to the hardware environment, shutting off the opportunity for malware to infect your startup code.

In general it’s a good thing that BitLocker uses the TPM to lock away its cryptographic key. However, it raises the significant question of what happens if – for example – the host PC dies, and you need to move the hard disk into a new system to keep working. Microsoft has thought of this: when a drive is encrypted, BitLocker generates a 48-character recovery password, which can be used to decrypt an entire drive. For obvious reasons, though, this can’t be safely stored on the drive itself. In an enterprise scenario it will be recorded in Active Directory Domain Services, where it can only be accessed by network administrators, while for individuals it’s stored in your Microsoft account and can be found via the Microsoft website.

On that note, it’s worth clearing up a point of confusion. BitLocker is only available in the Pro and Enterprise editions of Windows 10 and 11, but that doesn’t mean the Home editions can’t enjoy similar protections. Home users can turn on a feature called Device Encryption which does almost exactly the same things as BitLocker: the biggest difference is that it’s much less finicky about changes to the hardware and software environment, and will normally let you boot as long as the TPM is present and correct.

Aside from BitLocker, the TPM also helps power a few behind-the-scenes security features. In the Enterprise and Education editions of Windows, a technology called Device Guard can be used to run applications in a secure virtual environment, from which they can’t access the system software, while Credential Guard stores sensitive data like password hashes and stored credentials in a virtual machine (VM) that’s inaccessible to processes running in the normal OS space.

Elsewhere, Windows’ networking services can use the TPM to confirm that a computer trying to connect to a server is the same one as was originally registered, and check whether it’s using BitLocker and other security features – adding an extra level of reassurance to everyday security as well as remote support and administration.

What’s new in TPM 2.0?

Windows 11 doesn’t just require a TPM – it specifically calls for version 2.0, which should come as standard in most new Windows machines. The difference isn’t enormous, however. Everything we’ve described so far is fully covered by the original 1.2 specification.

What TPM 2.0 does bring is a few technology upgrades. The original TPM specification used the popular RSA encryption algorithm, but the newer version also supports stronger elliptic-curve cryptography. It can also generate 256-bit SHA-2 hashes, which are far harder to crack than the 160-bit SHA-1 ones supported by the original TPM standard. It makes sense that Microsoft would want to standardise on the most secure TPM version available.

There’s another possible reason why Microsoft has chosen to insist on TPM 2.0: it requires a UEFI BIOS, which the company has long recommended as the best choice for Windows. As well as allowing some BIOS functions to be integrated into Windows, UEFI supports the Secure Boot option, which will refuse to load an OS that doesn’t match a recognised hash. This ensures that if any rootkit-type malware tampers with the Windows startup routine, the boot process will fail and you’ll know something is amiss. Secure Boot doesn’t use the TPM, but it ties in with the same desire to improve security at the most fundamental level.

What’s wrong with the TPM?

The most common complaint about Windows 11’s hardware requirements is that they’re unnecessary: for everyday desktop use, the new OS works perfectly well on older hardware. However, there are some who take issue with the very idea of the TPM.

RELATED RESOURCE

Operationalising anti-fraud on the mainframe

Reducing losses in banking, cards, and payments

FREE DOWNLOAD

One objection is that it fosters a false sense of security. The TPM concept relies at least partly on the stability and trustworthiness of the OS that interfaces with it, but that’s not something that can be taken for granted. We haven’t yet heard of an exploit that hijacks Windows to compromise access to the TPM, but it’s impossible to guarantee that one won’t ever be found.

It’s also important to realise that TPM techniques can’t defeat all types of attack. For example, they’re powerless to protect against keyloggers which monitor the hardware as you’re typing in a password, or phishing attempts which invite you to enter your credentials into a nefarious website. This may be one reason why Apple has chosen not to join the Trusted Computing Group, and has instead developed its own T2 security chip, which not only handles credentials such as fingerprint and password data but can control the microphone, camera and other sensitive hardware.

Then there are concerns about the potential of TPM technology to prevent users from doing what they want on their own computers. For example, an OS could use the TPM to remotely verify an application with the publisher, and refuse to open it if it doesn’t match an approved signature. Worse, that approval could be rescinded at any point – such as when the publisher opts to stop supporting it, or goes out of business – leaving you unable to use your installed software.

That complaint was common in the early days of trusted computing – the media referred to the TPM as a “DRM chip”, and free software evangelist Richard Stallman derided it as “treacherous computing”. Those issues are rarely brought up today, though – perhaps because it’s become apparent that such restrictions are more likely to be implemented via cloud-based software subscriptions rather than through the TPM.

This isn’t the place to get into that debate, though. What we can say is that, so far, the rise of the TPM has toughened up security without bringing about the Big Brother-esque consequences that some feared. It might be frustrating to see Microsoft cut off so many computers from its latest operating system, but we can’t entirely criticise the company for establishing a new security baseline, and helping to ensure that the coming generation of PCs are as secure as they can be.

Darien Graham-Smith

Darien began his IT career in the 1990s as a systems engineer, later becoming an IT project manager. His formative experiences included upgrading a major multinational from token-ring networking to Ethernet, and migrating a travelling sales force from Windows 3.1 to Windows 95.

He subsequently spent some years acting as a one-man IT department for a small publishing company, before moving into journalism himself. He is now a regular contributor to IT Pro, specialising in networking and security, and serves as associate editor of PC Pro magazine with particular responsibility for business reviews and features.

You can email Darien at darien@pcpro.co.uk, or follow him on Twitter at @dariengs.