Shut Out of Windows 11: TPM Requirement Excludes Many PCs

Windows 11 Shuts Out Some PCs
(Image credit: Shutterstock)

Traditionally, we think of Windows as the operating system for the masses and that each new version is a no-brainer upgrade, even for those with older PCs. Right now, after six years on the market, Windows 10 makes up 78 percent of all Windows installs with Windows 7, which launched in 2009 (12 years ago!) taking second place at 16 percent. Windows 10 grew this fast because there was absolutely no reason not to upgrade. It works on every PC that runs Windows 7 or 8, it’s free (see how to get Windows 10 for free or cheap) and it has a slew of new features. 

Microsoft didn’t make Windows 10 a free and easy upgrade just to be kind. The company wants to spend its time supporting the latest OS and it wants people using features like the Microsoft Store and Edge browser. It wants developers using its latest SDK to make groundbreaking apps that help the platform grow.

But Windows 11 changes all that, leaving a significant number of Windows 10 computers -- even high-end workstations from just three years ago and possibly current Surface Studio  -- out in the cold, because they won’t meet the minimum requirements, which have changed significantly for the first time since Windows 7 launched in 2009. 

To be fair, these new requirements, particularly requiring TPM 2.0 functionality (more on that below) and DX12 GPUs, are designed to provide a higher minimum baseline of security and performance than we’ve seen before. And Microsoft even seems like it’s expecting a significant number of users to stay on the current OS, having recently announced that it plans to support Windows 10 through 2025.

Update (6/26): Since we originally published this article on Friday morning, the situation has gotten more opaque as Microsoft spokespeople have said that, if a CPU is not on the company's compatibility lists, it may not work with the final release of Windows 11, even if it otherwise meets standards. Also, the company edited a document which had said that TPM 1.2, rather than the newer TPM 2.0 would be acceptable so that now only TPM 2.0 is mentioned.

This is a sea change for Microsoft, because the company has previously prioritized new OS adoption over most else. In fact, the company was likely disappointed when it took two years longer than expected to reach 1 billion active monthly devices for Windows 10. With Windows 11, it’s going to take a lot longer and, as with Android devices, there’s likely to be more computers running older operating systems than the latest one for years and years to come. That’s bad news for users and developers. 

Swipe to scroll horizontally
Minimum Requirements for Windows Versions
Row 0 - Cell 0 Windows 7WIndows 8Windows 10Windows 11
CPU1-GHz CPU1-GHz CPU1-GHz CPU1-GHz, dual-core, 64-bit
GPUDX9 CapableDX9 CapableDX9 CapableDX12 capable
Storage Space16GB (32-bit) / 20GB (64-bit)16GB (32-bit) / 20GB (64-bit)16GB (32-bit) / 20GB (64-bit)64GB
DisplayN/A1024 x 768 (if you want to run store apps)800 x 600 minimum1280 x 720, 9-inch
BIOSN/AN/AN/ATPM 2.0 / UEFI Secure Boot

These new minimum requirements don’t look too strenuous at first glance. According to Stephen Baker, vice president at analyst firm NPD, less than 4% of PCs sold in the last year have storage drives that were 64GB or smaller and the amount of systems with less than 4GB was “inconsequential.” In other words, almost all 2020-era new PCs would fit the bill, even if they don't have one of the best SSDs.

However, most people don’t buy a new PC every year. In fact, according to Baker, the average replacement cycle for computers is 4 to 5 years. And I’m sure we all know people or have computers in our homes that are older than that. 

You might think that the only computers affected by these changes are netbooks or sub-$200 laptops like the Dell Inspiron 3000 series (circa 2018) and Amazon VivoBooks, some of which had 2GB of RAM and 32GB of storage quite recently. However, even a major workstation CPU that came out in 2018 will likely not be able to run Windows 11 and it's quite possible that any PC processor older than 8th Gen Core Intel or AMD Ryzen 2000 series will not be supported in the final release.

For example, Intel’s Xeon W-3175X, which launched in Q4 of 2018 for $2999 and sports 16 cores, drops into a platform that does not come with built-in TPM support. You can purchase a motherboard that has a TPM header and add a TPM chip after the fact, but many systems don’t have this by default. It’s hard to argue that a massive HEDT (high end desktop) system from less than three years ago should not be able to run Windows 11.

 TPM: A Deal Killer for Some 

The problem for most users is not the RAM, storage or GPU requirements, but the need for TPM 2.0, a feature most consumers don’t even know about that isn’t present on many computers from just a few years ago and is disabled on a lot of current-generation systems too.

A Trusted Platform Module (TPM) provides a secure way to store encryption keys, certificates and other sensitive data in hardware. For example, if you use Bitlocker encryption, TPM is what prevents someone from being able to just remove your hard drive, stick it in another computer and read the data.  

In a blog post, Microsoft explained its rationale for the TPM requirement saying:

“PCs of the future need this modern hardware root-of-trust to help protect from both common and sophisticated attacks like ransomware and more sophisticated attacks from nation-states. Requiring the TPM 2.0 elevates the standard for hardware security by requiring that built-in root-of-trust.” 

And, to be fair, TPM 2.0 is hardly brand new. Starting in 2016, Microsoft required that “all new device models, lines or series” of devices come with TPM 2.0 implemented and enabled by default. However, clearly, that only applied to the company’s partners making OEM laptops and desktops, because many current motherboards come with TPM disabled by default and some recent high-end chips don’t have it on board. The good news is that, if you have a processor from the last three to five years, there’s a good chance you can enable TPM in the UEFI BIOS and solve this problem.

CPU Limits 

Though it seems likely that preview builds of Windows 11 will install on any machine that meets the on-paper requirements of TPM 2.0 with secure boot, a 1-GHz 64-bit dual-core CPU, 4GB of RAM and 64GB of storage space, Microsoft has hinted that any processor that's older than an 8th Gen Intel Core series CPU or AMD Ryzen 2000 chip may be left out in the cold.

Microsoft posted official AMD and Intel CPU compatibility lists, which omit processors that came out as recently as 2017 and are still actively sold. For example, Microsoft's own Surface Studio 2, which can cost up to $5,000 and is still made and sold, tops out with a 7th Gen,  Core i7-7820HQ CPU. While it's possible that these compatibility lists aren't the final word for when Windows 11 launches, a company exec has strongly implied that they are.

Speaking on Twitter,  Microsoft VP Steve Dispensa wrote that "Windows 11 is only supported on the CPU list I posted above. There are more requirements than just TPM 2.0 support (and all supported chipsets should have TPM 2.0, so that's not generally a blocking requirement)."

Even if earlier CPUs would work, there a lot of PCs on the borderline here that don’t have TPM capability. Senior Writer Michelle Ehrhardt reports that her Core i7-6700K that she bought in 2016 did not have a TPM option in the motherboard BIOS so she’s probably out of luck. Some motherboards offer the ability to add a physical TPM module as an upgrade but who is going to do that?

Also note that there will be no more 32-bit Windows. So, if you have an old netbook with a 32-bit processor, there is no way it will run Windows 11.

 Incompatible GPUs 

Where Windows 10 required only DirectX 9 support, Windows 11 demands that your GPU handle DirectX 12. DirectX 9 is a standard that goes all the way back to 2002 when it debuted on Windows 98, Me and XP, but version 12 is only from 2015. 

Now, to be fair, Nvidia GPUs as old as the Fermi (GTX 400), AMD chips as old as Graphics Core Next (Radeon 7000) and integrated Intel graphics going back all the way to Haswell (2013) work with DirectX 12. But if you were thinking of throwing Windows 11 on your Viliv N5 UMPC, a personal favorite of mine which runs on a low-power Atom processor from 2010, you’re out of luck. 

Bifurcated Windows  

At some point it was inevitable that Microsoft would stop supporting older hardware. However, even if the CPU compatibility list grows to include older models, the TPM requirement by itself may force a lot of people with even four year old PCs to either stick with Windows 10 or upgrade to new computers.

The cynic in me says that Microsoft and OEMs are looking for reasons to drive a new PC upgrade cycle. But it’s also inevitable that, to guarantee a decent user experience with graphical features like rounded edges and translucent window widgets or modern security features like secure boot, you need to up your requirements. Just don’t expect to see Windows 11 hit 1 billion active devices any time soon. 

Note: As with all of our op-eds, the opinions expressed here belong to the writer alone and not Tom's Hardware as a team. 

Avram Piltch
Avram Piltch is Tom's Hardware's editor-in-chief. When he's not playing with the latest gadgets at work or putting on VR helmets at trade shows, you'll find him rooting his phone, taking apart his PC or coding plugins. With his technical knowledge and passion for testing, Avram developed many real-world benchmarks, including our laptop battery test.
  • LolaGT
    I won't have it, with my newest upgrade hardware that is still in the box under my desk, that would need the module, which I am sure not going to hunt down and buy.
    For those who aren't going to do well hunting through the bios to see if they have the option when the time comes(the average PC user), they aren't going to be able to do anything but sit and stew in confusion and anger, especially if they find their perfectly fine running PC can't install win11 no matter what. .
    It will not be happy PR time for MS.
    For the rest of us we will have little trouble getting linux up and running and while it might take a short adjustment period, we won't be looking back at MS again, ever.
    Of course, this possible reality deadline is four years away, and MS might change their tune between now and then if they want people on win11 very bad.
  • t.kolson
    "Microsoft’s list of compatible CPUs leaves out any Intel processor that is older than 8th Gen Core and any AMD CPU older than Ryzen 2000 series (first gen Ryzen is not on the list). However, a Microsoft spokesperson said that these CPUs were listed because they have TPM"

    not only the Ryzen 1800x/1600x/...but also the Ryzen 2400G/2200G aren't on the list. Why? and more important most x370 motherboards have the fTPM option to enable TPM, so I think even the first gen Ryzen have fTPM integrated. So why they are excluded from the list?
  • Co BIY
    If the support plan for Windows 10 goes out to 2025 then I don't see the pressure to upgrade as effecting me. What will I lose ?

    At some point to effectively integrate new tech they have to break compatibility especially with security hardware.
  • PapaCrazy
    This reminds me of the Orwellian T2 chip in Macs. The PC space become more alienating to me by the day. How will this affect builders? Do I lose access to my own installation or data if something goes wrong with the TPM module? Like Macs do?
  • I don't see why I would need TPM. In a corporate environment it makes sense for security reasons.
    I ask myslef, why do I need those sophisticated security methods at all, is the modern hardware and especially software still mine or am I licensing it. It's the matter of time when they tell you what you can or cannot do with your PC... Oh, wait. Too late...

    I postponed changing to Ubuntu, but I just got a new incentive why I should.
  • InvalidError
    Having drive encryption tied to firmware keys locked inside the motherboard's BIOS sounds problematic to me since it means that a motherboard failure effectively destroys your encrypted data unless there are methods to backup and restore keys.
  • t.kolson
    Co BIY said:
    At some point to effectively integrate new tech they have to break compatibility especially with security hardware.

    However they are doing something different here, apart from the fact that I doubt that requiring the compulsorily active TPM will bring real benefits from the point of view of security, this as always we will see in future. Seems more like that through a move (more or less unexpected), an attemp, "to cut away" as many systems they can to push even more hardware market demand. Of course they confirmed support for WIndows 10 until 2025, and they could not do otherwise...with the shortage / scalping and so on that there is at the moment if the support had not been confirmed a disaster would happen.

    Also there are other problems with TPM too and also as I have reported in other news, systems less than one year old have to be "dropped" if thing will remains as are now, due to the misbehavior of the manufacturers, as you can read here if you want to delve into the thing.
  • Loadedaxe
    I think everyone is blowing this out of proportion. Remember, MS wants everyone using One Drive, so with that you will never lose any data, and if you have to replace your mb or drive your files will be backed up to the cloud. Same thing macOS does. I think its a shock to those who are used to having the freedom MS created and now has taken away. If you sit down and really think about it, asking MS to support PCs 10+ years old or even older is asking much. Especially with free upgrades. Security is a topic that is hit or miss, some dont care for it, others want it without having to do much to get it. this solves that issue, just like Apple did. Its a transition, but it has to start somewhere.

    Aaaaand if you don't want to do it, you don't have to for 4 more years. Bitch in 4 years if you have a PC that still does not run W11, if you do....meh it is what it is, maybe MS is not the problem. MS is not required to cater to everyone, just like Apple doesnt.
  • kal326
    InvalidError said:
    Having drive encryption tied to firmware keys locked inside the motherboard's BIOS sounds problematic to me since it means that a motherboard failure effectively destroys your encrypted data unless there are methods to backup and restore keys.
    Bit locker recommends storing backup keys remotely and can tie them to a Microsoft account for recovery. You can do something like print them off and store them in a fire safe or safety deposit box if you don’t want them tied to a MS account.
  • USAFRet
    kal326 said:
    Bit locker recommends storing backup keys remotely and can tie them to a Microsoft account for recovery. You can do something like print them off and store them in a fire safe or safety deposit box if you don’t want them tied to a MS account.
    Not even considering BitLocker recovery keys, how many people do actual data backups NOW?

    Require BitLocker in a home environment, and there will be many many tears.

    Previous to yesterday, almost every single question here about BitLocker was in relation to - "I lost/don't have the BL key How do I recover my data?"