Windows 11 to Ship Without TPM Requirement for 'Special Purpose' Systems
Not all Windows 11 installs are created equal.
Microsoft infused Windows 11 with an onerous new requirement that blocks any system without Trusted Platform Module (TPM) 2.0 tech from installing the new operating system, but it turns out the company will allow some systems to ship without the feature enabled. Unfortunately, normal users probably won't have access to the installation ISOs or workaround used for those builds, though it's conceivable that we could see them leak to the public. Instead, these special builds are likely tailored for use in countries that don't use Western encryption technologies, like China and Russia.
Windows 11 requires either a physical TPM key, resulting in an almost instant shortage of the devices and rampant scalping, or support for fTPM, excluding a large swath of relatively modern systems from receiving the update. And for those that thought Microsoft would bend under public pressure over the unpopular new TPM requirement, the company has doubled down — At first, Microsoft only listed support for TPM 1.2 as the baseline, but it has since clarified that Windows 11 would only support the newer 2.0 revision. That requirement further restricts the number of computers that can use Windows 11.
Now the company has clarified that some systems will work without any flavor of the TPM cryptoprocessor enabled [Edit: Clarified 'enabled'], which will certainly make the requirement seem superfluous to detractors. Microsoft lays out the full system requirements in its 'Windows 11 Minimum Hardware Requirements document (Warning - PDF), with the sixteen-page document giving us a much deeper look at the nuts and bolts of the OS than the basic version Microsoft published previously.
As we can see in the image above, upon approval, Microsoft will allow some systems to ship without TPM 2.0 enabled, meaning that it will obviously have either a special ISO for those installs or a method to bypass the TPM restriction during installation.
Installing Windows 11 on a system without TPM enabled will require special approval from Microsoft. The company allows "OEMs for special purpose commercial systems, custom order, and customer systems with a custom image" to ship systems without TPM support enabled.
Microsoft's uneven application of the TPM requirement is probably designed to cater to countries that either forbid or don't use the TPM cryptoprocessor security functionality, like China (which receives its own special Windows builds already) and Russia, both of which don't use the technology for security reasons. (Both countries have their own alternative encryption algorithms/technologies.) It's also conceivable that some systems without the TPM requirement could ship into other areas of the globe for other uses, so we're following up with Microsoft for more details.
Microsoft's TPM requirement isn't popular, particularly because it doesn't enable any new functionality — all of the tech it enables already exists on Windows 10 systems that don't require TPM for installation. The primary difference is that Windows 10 users can opt to use those features by enabling TPM, or simply choose not to use them. Enterprising enthusiasts are already finding workarounds to install Windows 11 on systems without TPM support (we're aware of a few already). Still, it is unclear if those techniques will work on shipping versions of the ISO.
Unfortunately, it appears Microsoft is sticking to its guns on the Windows 11 CPU support matrix, too. The updated Windows 11 minimum requirements document doesn't outline any expansion of the current list of supported Intel and AMD CPUs. That means Windows 11 will not install on all CPUs before second-gen AMD Ryzen and eighth-gen Intel models. Curiously, many unsupported CPUs, like Skylake-X, support TPM functionality but aren't on the supported CPU list.
We're reaching out to Microsoft for more information on the TPM matter and will update as necessary.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Paul Alcorn is the Managing Editor: News and Emerging Tech for Tom's Hardware US. He also writes news and reviews on CPUs, storage, and enterprise hardware.
-
Diabl0 Tried turning on fTPM and SecureBoot on my B450 board and I am still getting a no go on Win11 compatibility. Funny on a two year old PC. Might resort to this special ISO. Or just buy a TPM module for 11 Euro.Reply -
rocky01 Torque off half your users?Reply
Seems like folly added on top of the Windows10-Updates-breaking-stuff debacles. Something is wrong in Redmond. No mention of privacy in rollout? Multiple unforced errors -- keep coming. -
-Fran- What is Microsofts BS reason to require TPM in the first place? All I've read is they require it, but nowhere I've found a proper explained reasoning as to why they do. Anyone care to ellaborate, please?Reply
Regards. -
USAFRet
https://forums.tomshardware.com/threads/why-win-11-needs-trusted-platform-module.3710248/Yuka said:What is Microsofts BS reason to require TPM in the first place? All I've read is they require it, but nowhere I've found a proper explained reasoning as to why they do. Anyone care to ellaborate, please?
Regards.
I think they are overreaching, but this, so far, is their justification. -
dimar Do you really need a TPM if you're not using storage encryption?Reply
I enabled PTT setting in the BIOS, and got Trusted Platform Module 2.0 in device manager on Asus Strix Z390-E.
If Microsoft forces storage to become encrypted , how will that effect file recovery of damaged HDD/SSD? -
-Fran-
Thanks for that.USAFRet said:https://forums.tomshardware.com/threads/why-win-11-needs-trusted-platform-module.3710248/
I think they are overreaching, but this, so far, is their justification.
So Windows is trying to control our PCs by making this mandatory further implying we will no longer even be able to run software we want to run.
Great, just what we all needed: more nanny companies.
Regards. -
peachpuff
I'll bet it'll be as easy as editing setup.ini in the windows iso and setting tpm flag to 0.ezst036 said:This will get hacked real quick and that TPM requirement will be "gone". -
velocityg4 Diabl0 said:Tried turning on fTPM and SecureBoot on my B450 board and I am still getting a no go on Win11 compatibility. Funny on a two year old PC. Might resort to this special ISO. Or just buy a TPM module for 11 Euro.
If you can still get one at 11 Euro. You better buy it whether you're sure you need it or not. They're already scalping at $80 to $100.