TPM (Trusted Platform Module) version 2.0 is a hardware-based security module that provides a secure storage and processing environment for cryptographic keys and other sensitive data. It is a dedicated microcontroller that is integrated into a computer’s motherboard, and it works independently of the main CPU and operating system.
TPM 2.0 provides a range of security features, including secure boot, measured boot, device identity, and remote attestation. These features help protect against attacks such as rootkits, malware, and other unauthorized modifications to the system. For example, secure boot ensures that only trusted software is loaded during the boot process, while remote attestation allows a third party to verify the security state of a system.
TPM 2.0 also includes several new features and improvements over its predecessor, TPM 1.2. These include support for stronger cryptographic algorithms, such as Elliptic Curve Cryptography (ECC), a larger memory capacity, and better performance.
In order to run Microsoft Windows 11, TPM 2.0 is a requirement, and must be enabled in the system BIOS or UEFI firmware. This is part of Microsoft’s efforts to improve the security of the operating system and protect against increasingly sophisticated attacks. Many modern computers and motherboards already include TPM 2.0, but some older systems may not be compatible and will need to be upgraded.