It wasn’t that long ago, October 11, 2021, when the great Windows 11 migration began. In truth, the majority of devices still run on Windows 10, but that will undoubtedly start to change as we hurtle toward its inevitable end date.
However, like the die-hards of Windows 7 before them (we’re ignoring 8 on purpose), there will be many Windows 10 aficionados who will wait until the very last minute. One of the reasons for this, aside from personal preference, is the hardware requirements of Windows 11.
There is a very big difference between migrating from Windows 7 and Windows 10 and it is largely about the world we now live in – the needs of modern work and web browsing are far greater and also filled with more dangers.
To upgrade to the new Windows 11, users needed to have a machine with a minimum of 4GB of RAM, 64GB or more of storage, a high-definition display, a graphics card compatible with DirectX 12 or later, and, crucially, version 2.0 of the Trusted Platform Module (TPM) standard.
The TPM is key for Windows 11; it is an advanced operating system and it requires a modern laptop and, in particular, a strong layer of security deep within the hardware – at the processor level.
Why does your CPU choice matter? The simple answer here is Security; Windows 11 has been designed with security in mind, with essential features embedded into the system, one of them being TPM, and another being virtualization-based security, which is also largely dependent on your machine’s processor.
Older machines don’t generally support this as TPM version 2.0 has only been available since November 2019, so there will be businesses in need of a hardware refresh before they can start rolling out Windows 11. When choosing which devices to purchase, having the right CPU with Trusted Platform Module version 2.0 – or the more advanced Firmware Trusted Platform Module (fTPM) – should be a top priority.
What are TPM and fTPM?
Before we dig into fTPM, one must first know TPM, which is a hardware chip for computers that helps with data security. The TPM chip is a secure crypto-processor, which means that it’s designed and built to handle cryptographic operations. There are multiple physical security functions embedded that make it resistant to malicious software and tampering.
TPM is a standard set specifically for the security of microprocessors. Its main focus is to provide extensive security to the hardware. And it uses integrated cryptographic keys to do so. However, it is a little more complicated than just one set standard as there are five different types of TPMs, each with its own purpose and distinct properties. You have ‘discrete’ TPMs, ‘integrated’ TPMs, ‘hypervisor’ TPMs, ‘software’ TPMs, and, the ones that we will focus on, ‘firmware’ TPMs (fTPMs).
Firmware TPM or fTPM, as it is more commonly known, is AMD’s on-chip TPM. It runs in a safe environment directly on a CPU – so there is no need for an additional component to provide security as it runs on the chip. Its purpose is to thwart bugs that are found in the software on the processor, acting as a deeper form of the TPM standard.
fTPM uses Platform Security Processor for extra security, which leaves complete control over security to the dedicated security module of the processor. That means all your data is saved in AMD chips even if you have removed it from the motherboard.
An example of how fTPM works can be seen if you’ve ever had issues during the booting of a device. If you are unable to boot without a Bitlocker password, the standard TPM does not allow the users to access their boot drive and decrypt it without a password. Instead, fTPM resolves the problem by allowing the decryption of the boot drive without a password. You only have to check BIOS settings and enable fTPM in your AMD processor. This way, the boot drive can be decrypted and re-encrypted too without any password. And, it is also the only way to enable fTPM in the AMD motherboard and re-encrypt the boot drive.
Where can I get an fTPM processor?
Windows 10 is heading for the end – the end of patches and updates, to be exact. So businesses that don’t migrate to Windows 11 will have a rather large security risk on every computer in their network. You may see ‘hacks’ and workarounds suggesting you can install the OS without the specific requirements, but that would be just as risky, if not more so. The best and safest course of action for businesses is to upgrade and get machines that meet the requirements.
The only way to get the fTPM is with an AMD processor, such as the Ryzen series of chips. Therefore, when purchasing a laptop, it makes sense to take a longer look at the chip and find out if it has fTPM. Otherwise, it will be an additional piece of hardware (the TPM) and not security at a firmware level.
AMD’s Ryzen 3000 and 5000 series processors include the Firmware-based TPM and you can also find it on the chip giant’s more modern AI processors, such as the Ryzen AI chip found on the AMD version of the HP OmniBook Ultra 14. AMD Ryzen chips can also be found in the latest AI-PCs from Lenovo, Dell, Asus, and Razer.
So don’t wait till the last minute; now is the time to start thinking about upgrading hardware – with AMD fTPM as the main priority.
