虽然大多数家庭用户不会花太多时间考虑它,但计算机安全(computer security)至关重要。如此重要,以至于许多以商业为中心的计算机内部都有特殊的硬件(例如智能卡读卡器),因此很难破解或以其他方式破坏它们。
TPM(可信平台模块)(TPM (Trusted Platform Module))正在成为新计算机的标准功能,尤其是以业务为中心的计算机。那么什么是TPM,您为什么想要一个?
为什么要关心 TPM?
直到最近,唯一需要关心TPM(TPMs)的人是那些在网络安全是重中之重的大公司工作的人。在家使用个人电脑工作(working from home)的人或主要将电脑用于游戏和娱乐的人不需要了解TPM(TPMs)。
然而,随着Windows 11的发布,它突然成为计算世界中最重要的三字母缩写词之一。这是因为Windows 11需要计算机中的受信任平台模块(Platform Module)才能正常工作。具体来说,它需要TPM 2.0,尽管 Microsoft 可自行决定更改这些要求。
Windows 10 支持将于 2025 年10 月 14(October 14)日结束。它将不再收到来自Microsoft的进一步更新的安全补丁。此时,您要么需要断开计算机与 Internet 的连接,要么升级到Windows 11。
就目前而言,您根本无法升级,也无法继续使用Windows 10!除非您迁移到Linux(好主意!)或其他Windows替代方案,否则您将不得不购买新计算机。这是真的,即使你现有的仍然很好!微软(Microsoft)未来可能会软化立场,但现在,这就是现实。
既然您知道TPM问题为何如此重要,那么让我们深入了解TPM是什么。
TPM 是一个芯片
TPM是一个物理组件,通常内置在您的主板中。内部有许多组件可以让TPM完成其工作。它的具体工作是什么?以下是TPM执行的主要任务:
- TPM安全地存储密码、安全证书和加密密钥,并防止未经授权的篡改。
- 它安全地存储有关计算机的信息,因此很容易检测是否有人篡改了计算机。
- TPM可以安全地生成加密密钥,因此该过程不会被窥探或干扰。
除了这些功能之外,TPM还包括一个硬连线、唯一且不可更改的加密密钥,使其无法被替换或篡改。
简而言之,TPM是主板上的一块专用硬件,可实现安全的计算机使用和身份验证。好吧(Well),除非你有 f TPM或TPP。
fTPM 和 PTT
f TPM(固件TPM)和PTT(平台信任技术(Platform Trust Technology))是AMD和Intel对“固件”TPM(” TPMs)的各自名称。可信平台模块(Trusted Platform Module)功能不是主板上的专用芯片,而是存在于 CPU 的固件中。f TPM和TPP已集成到大多数现代AMD和Intel处理器中,但需要激活该功能才能工作。
这就是事情可能变得有点复杂的地方。通常,默认情况下,主板制造商会禁用固件TPM功能,但随后允许您在BIOS 或 UEFI 菜单(BIOS or UEFI menu)中手动打开它。但是,由于每个主板品牌和型号可能不同,您应该查看主板手册以获取有关如何激活固件TPM的具体说明。
在某些情况下,尽管您的CPU具有固件TPM功能,但您的主板可能缺少将其打开的选项。一些低端或以游戏为重点的主板可能缺少该选项,因为它们并非针对商业客户。希望(Hopefully)根据Windows 11的要求,大多数主板制造商会为其主板发布固件更新,添加该功能。(firmware updates)如果没有,那么您可能至少必须更换主板。
我可以添加可信平台模块(Platform Module)吗?
如果您的主板上没有物理TPM并且没有使用固件TPM的前景怎么办?在某些情况下,可以购买TPM作为附加组件。但是,您的主板需要明确支持升级并具有所需的TPM接头。如果没有TPM标头,就无法安装TPM。
在撰写本文时,TPM升级非常昂贵,因此请花时间将TPM模块的成本与主板更换的成本进行比较。
如何检查 TPM
如果您运行的是Windows 10并想确认您有一个当前可用的Trusted Platform Module,请执行以下操作:
- 同时按下Windows 和 R 键(Windows and R keys)。运行(Run)对话框应打开。
- 键入tpm.msc并按Enter。
- 一旦TPM 管理(TPM Management)窗口打开,检查状态(Status)下是否显示“TPM 已准备好使用”(“The TPM is ready to use”)。然后确认TPM 制造商信息(TPM Manufacturer Information)下的规范版本为2.0 或更高( 2.0 or greater)版本。
如果这两个信息都存在且正确,那么您就可以开始了。请记住,除非在(Just)BIOS中打开,否则在固件TPM的情况下它不会出现在这里。
Windows 11需要(Needs)的(Than)不仅仅是TPM
虽然受信任的平台模块在(Trusted Platform Module)Windows 11要求的普遍恐慌中受到了大部分关注,但在您的计算机中拥有TPM本身是不够的。虽然Windows 11在规格方面并不那么耗电,但它还有其他相当令人惊讶的要求。
其中最主要(Chief)的是对某一代CPU的需求。(CPUs)您需要一台至少配备第 8 代Intel CPU或 2000 系列Ryzen CPU的计算机,否则Windows将无法运行。同样(Again),这是我们在撰写本文时所知道的。
因此,尽管拥有足够多的计算能力,但高端的第 6 代和第 7 代Intel CPU(Intel CPUs)和 1000 系列Ryzen CPU(Ryzen CPUs)仅限于Windows 10。
确保您当前计算机符合所有当前要求的唯一方法是前往官方 Windows 11 要求页面(official Windows 11 requirements page)手动检查每个要求。不幸的是,微软(Microsoft)暂时取消了他们的 Windows 11 Health Checker应用程序。您也可以尝试第三方和开源的WhyNotWin11 应用程序(WhyNotWin11 application),但风险自负!
What Is Trusted Platform Module (TPM) and How Does It Work?
While most home users don’t sрend much tіme thinking abоut it, computer security is critical. So important that many business-focused computers have special hardware inside them (such as smartcard readers), making it difficult to hack or otherwise compromise them.
A TPM (Trusted Platform Module) is becoming a standard feature on new computers, especially business-focused ones. So what is a TPM, and why would you want one?
Why Should You Care About TPM?
Until recently, the only people who needed to care about TPMs were those working in large companies where network security is a top priority. People working from home on their personal computers or those who mainly use their computers for gaming and entertainment did not need to know about TPMs.
However, with the announcement of Windows 11, it has suddenly become one of the most important three-letter acronyms in the computing world. This is because Windows 11 requires a Trusted Platform Module in a computer for it to work at all. Specifically, it requires TPM 2.0, although these requirements are subject to change at Microsoft’s discretion.
Windows 10 support ends on October 14, 2025. It will no longer receive security patches of further updates from Microsoft. At that point, you either need to disconnect your computer from the internet or upgrade to Windows 11.
As it stands, you simply won’t be able to upgrade and also can’t keep using Windows 10! Unless you move to Linux (great idea!) or another Windows alternative, you will have to buy a new computer. That’s true even if your existing one is still fine! Microsoft may soften its stance in the future, but right now, that’s the reality of the situation.
Now that you know why the TPM issue is essential, let’s dig into what a TPM is.
The TPM Is a Chip
The TPM is a physical component that’s usually built into your motherboard. Inside there are many components that let the TPM do its job. What is its job exactly? Here are the main tasks a TPM performs:
- The TPM stores passwords, security certificates, and encryption keys securely and prevents unauthorized tampering.
- It stores information about the computer securely, so it’s easy to detect if anyone has tampered with the computer.
- A TPM can securely generate encryption keys so that the process cannot be spied upon or interfered with.
Apart from these functions, the TPM also includes a hard-wired, unique, and unalterable encryption key, making it impossible for it to be substituted or tampered with.
In a nutshell, the TPM is a dedicated piece of hardware on your motherboard that allows for safe computer use and authentication. Well, except if you have fTPM or TPP.
fTPM and PTT
fTPM (firmware TPM) and PTT (Platform Trust Technology) are AMD and Intel’s respective names for “firmware” TPMs. Instead of a dedicated chip on the motherboard, the Trusted Platform Module functionality exists within the CPU’s firmware. fTPM and TPP are integrated into most modern AMD and Intel processors, but the function needs to be activated for it to work.
This is where things can become a little complicated. Usually, by default, motherboard makers disable firmware TPM functionality but then allow you to switch it on manually in your BIOS or UEFI menu. However, since each motherboard brand and model may be different, you should check your motherboard manual for specific instructions on how to activate your firmware TPM.
In some cases, despite your CPU having a firmware TPM feature, your motherboard may lack the option to toggle it on. Some lower-end or gaming-focused motherboards may lack the option because they aren’t aimed at business customers. Hopefully, in light of the Windows 11 requirement, most motherboard makers will issue firmware updates for their motherboards, adding the feature. If not, then you may have to replace your motherboard at the very least.
Can I Add a Trusted Platform Module?
What if you don’t have a physical TPM on your motherboard and no prospect of using a firmware TPM? In some cases, it is possible to buy a TPM as an add-on. However, your motherboard needs to explicitly support the upgrade and have the required TPM header. Without a TPM header, there’s nowhere to install the TPM.
At the time of writing, TPM upgrades are surprisingly expensive, so do take the time to compare the cost of a TPM module against the cost of a motherboard replacement.
How to Check for a TPM
If you’re running Windows 10 and want to confirm that you have a present and working Trusted Platform Module, here’s what to do:
- Press the Windows and R keys together. The Run dialog box should open.
- Type tpm.msc and press Enter.
- Once the TPM Management window opens, check that it says “The TPM is ready to use” under Status. Then confirm that the specification version under TPM Manufacturer Information is 2.0 or greater.
If both of these bits of information are present and correct, you’re good to go. Just remember that it won’t show up here in the case of a firmware TPM unless toggled on in the BIOS.
Windows 11 Needs More Than Just a TPM
While the Trusted Platform Module has received most of the attention in the general panic about Windows 11 requirements, having a TPM in your computer isn’t enough by itself. While Windows 11 isn’t that power-hungry in terms of specifications, it also has other rather surprising requirements.
Chief among these is the need for CPUs of a certain generation. You’ll need a computer with at least an 8th-generation Intel CPU or 2000-series Ryzen CPU otherwise, Windows will not work. Again, that’s as far as we know at the time of writing.
So, despite having more than enough computing power, high-end 6th- and 7th- generation Intel CPUs and 1000-series Ryzen CPUs are limited to Windows 10.
The only way to ensure that your current computer complies with all current requirements is to head to the official Windows 11 requirements page to check every requirement manually. Unfortunately, Microsoft has pulled their Windows 11 Health Checker app for the time being. You can also try the third-party and open-source WhyNotWin11 application, but you do so at your own risk!