Microsoft infused Windows 11 with an onerous new requirement that blocks any system without Trusted Platform Module (TPM) 2.0 tech from installing the new operating system, but it turns out the company will allow some systems to ship without the feature enabled. Unfortunately, normal users probably won't have access to the installation ISOs or workaround used for those builds, though it's conceivable that we could see them leak to the public. Instead, these special builds are likely tailored for use in countries that don't use Western encryption technologies, like China and Russia.
Windows 11 requires either a physical TPM key, resulting in an almost instant shortage of the devices and rampant scalping, or support for fTPM, excluding a large swath of relatively modern systems from receiving the update. And for those that thought Microsoft would bend under public pressure over the unpopular new TPM requirement, the company has doubled down — At first, Microsoft only listed support for TPM 1.2 as the baseline, but it has since clarified that Windows 11 would only support the newer 2.0 revision. That requirement further restricts the number of computers that can use Windows 11.
Now the company has clarified that some systems will work without any flavor of the TPM cryptoprocessor enabled [Edit: Clarified 'enabled'], which will certainly make the requirement seem superfluous to detractors. Microsoft lays out the full system requirements in its 'Windows 11 Minimum Hardware Requirements document (Warning - PDF), with the sixteen-page document giving us a much deeper look at the nuts and bolts of the OS than the basic version Microsoft published previously.
As we can see in the image above, upon approval, Microsoft will allow some systems to ship without TPM 2.0 enabled, meaning that it will obviously have either a special ISO for those installs or a method to bypass the TPM restriction during installation.
Installing Windows 11 on a system without TPM enabled will require special approval from Microsoft. The company allows "OEMs for special purpose commercial systems, custom order, and customer systems with a custom image" to ship systems without TPM support enabled.
Microsoft's uneven application of the TPM requirement is probably designed to cater to countries that either forbid or don't use the TPM cryptoprocessor security functionality, like China (which receives its own special Windows builds already) and Russia, both of which don't use the technology for security reasons. (Both countries have their own alternative encryption algorithms/technologies.) It's also conceivable that some systems without the TPM requirement could ship into other areas of the globe for other uses, so we're following up with Microsoft for more details.
Microsoft's TPM requirement isn't popular, particularly because it doesn't enable any new functionality — all of the tech it enables already exists on Windows 10 systems that don't require TPM for installation. The primary difference is that Windows 10 users can opt to use those features by enabling TPM, or simply choose not to use them. Enterprising enthusiasts are already finding workarounds to install Windows 11 on systems without TPM support (we're aware of a few already). Still, it is unclear if those techniques will work on shipping versions of the ISO.
Unfortunately, it appears Microsoft is sticking to its guns on the Windows 11 CPU support matrix, too. The updated Windows 11 minimum requirements document doesn't outline any expansion of the current list of supported Intel and AMD CPUs. That means Windows 11 will not install on all CPUs before second-gen AMD Ryzen and eighth-gen Intel models. Curiously, many unsupported CPUs, like Skylake-X, support TPM functionality but aren't on the supported CPU list.
We're reaching out to Microsoft for more information on the TPM matter and will update as necessary.