Remember when Microsoft announced that Windows 11 required something called TPM 2.0? The collective outrage from the tech community wasn’t really because people felt strongly about Trusted Platform Modules — it was more that Microsoft had suddenly decided its new operating system needed this technology that no one had heard of, with little explanation beyond “you need this.”

It wasn’t a great message, and TPM is doing far more on your system than most people realize.

The Windows 11 rollout framed TPM 2.0 as a compliance requirement — a box to tick, or what seemed like an arbitrary hardware threshold that would send loads of functional machines to the scrap heap. That framing was a disservice to what the technology actually does.

Trusted Platform Modules have been present on motherboards for years. TPM is a dedicated security chip — either baked into your motherboard firmware (fTPM) or a discrete module — and its main role is to handle cryptographic operations separately from your CPU and operating system. The TPM and your OS do interact, but the chip provides a separate, secure environment for encryption keys, authentication credentials, platform integrity checks, and features like Windows Hello. Keeping that sensitive data off general system memory makes it significantly harder to compromise.

TPM 1.2 vs. TPM 2.0

The confusion was compounded by Microsoft’s poor communication. Many of the so-called “incompatible” machines did have TPM — just an older version. Microsoft required TPM 2.0, which brings stronger cryptographic algorithms and a more flexible design compared to TPM 1.2.

TPM 1.2, released in 2005, uses SHA-1 and RSA — algorithms now considered aging. It also has a fixed algorithm set that’s difficult to update, and is found primarily in pre-2016 machines. TPM 2.0, released in 2014 and updated since, supports SHA-256 and newer standards including elliptic curve cryptography. Its algorithm-agile design means it can adapt over time, and it’s the required minimum for Windows 11 — commonly implemented as firmware fTPM in modern CPUs, or as a dedicated module on the motherboard.

In practice, this meant large numbers of people were told their Windows 10 machine wasn’t fit for purpose, when the reality was closer to: the security chip on your system is an older version that doesn’t meet the updated standard.

Source: What TPM Actually Does in Windows 11 — and Why Microsoft Botched the Explanation