Looking For Anything Specific?

AMD fTPM and Intel PTT: Everything You Need to Know

With Windows 11 on the horizon, a lot of people have started to discuss the possible implications of upgrading to the new operating system, as well as the potential obstacles that could come up along the way. Microsoft’s stated hardware requirements were seen as a bit odd by some, especially when it comes to the apparent need to have a TPM chip onboard.

As it turns out, that’s not quite the case, as both Intel and AMD already have a solution integrated in many of their chips—either on a chip-level, or in the firmware itself. With that said, let’s take a look at what the two technologies are about.

What Is a TPM Chip?

TPM stands for “Trusted Platform Module”, and it’s a chip that handles cryptography related to the operating system’s use on a hardware level. TPM chips can provide a number of functions to the system, such as generating secure encryption keys and hashing the entire hardware configuration of the machine into a unique key.

TPM chips are used for various purposes. A common one is to protect encrypted drives from being attacked in a separate computer. An attacker would not be able to simply take out an encrypted drive using TPM keys and attempt to decrypt it in another device. Instead, they will always be missing part of the key.

Many laptops come with a TPM chip nowadays, and it’s become a standard feature among high-end models aimed at security-conscious users. On the desktop side, it’s not something that’s typically included in configurations by default. But it can be easily purchased and installed, provided that the motherboard has proper support for it (more on that below).

How fTPM Works

AMD’s fTPM is a firmware-based implementation that provides similar functionality. The technology works similarly to the chip-based approach, but doesn’t require any extra hardware to function correctly. One benefit of fTPM is that it can allow users to unlock devices without having to input a password every time. This can improve the overall security level of the computer.

It should be noted that fTPM “seals” encryption keys according to specific parameters, which includes the current hardware and firmware configuration. This means that updating the system firmware can invalidate the sealed state, requiring the user to use recovery keys or other methods to gain access to their data.

This is not different from any other TPM implementation, including dedicated chips. Using TPM means that you’ll have to adjust your habits in one way or another if you don’t want to lose your data, but that’s part of the basic idea of the technology in the first place.

How PTT Works

On the other hand, Intel’s solution, named PTT—which is short Platform Trust Technology—is implemented directly into the processor itself. It still provides more or less the same features as a TPM chip, or AMD’s fTPM, but the underlying implementation is different. To the average end user, this should not make any difference. You will likely not notice any change when moving from a system using fTPM as opposed to one using PTT.

Of course, you’ll still have to reconfigure your encryption in that case, and likely generate new keys as your old ones will be incompatible after the hardware transition. But in the end, what matters to you is that both solutions are interchangeable in terms of the functionality they provide (with some exceptions). And more importantly, they are a valid answer to Microsoft’s stated hardware requirements, even if that might not be immediately obvious.

Can I Use These Solutions Instead of a Physical TPM Chip?

The question on most people’s minds right now is whether these solutions can be used as a substitute for a hardware TPM implementation on a dedicated chip. While the official requirements might make it sound like you actually need a chip to use the operating system, that’s not the case. Users with relatively recent AMD and Intel chips should be able to install Windows 11 just fine without having to make any hardware changes.

The only thing you may need to do is to go into your BIOS and change a setting to enable the appropriate solution for your platform. That’s it! Microsoft have not clarified whether they are planning to adjust their requirements, or whether users will still be able to install the operating system on machines without an actual TPM chip present.

If that happens, you might have to indeed go out and purchase a TPM chip. You will have to verify that your motherboard supports it first, but the procedure is relatively straightforward. From everything we’ve seen so far surrounding the rollout of Windows 11 though, you likely won’t need to resort to that at any point.

Things to Keep in Mind

The current situation may or may not change. There have been lots of discussions about Microsoft’s published requirements, and their implications on the PC market in the next couple of years.

It’s not very likely that the company is going to backtrack at this point and require users to specifically install TPM chips into their machines. In the end, their ultimate goal with this is to make things more secure for the average user—not to inconvenience them with unnecessary additions that are a pain to get hold of.

That said, if you’re currently building a machine, make sure that you’re purchasing a processor that specifically supports the functionality. As we said above, you might be able to buy and install a TPM chip separately at a later point. But you should not rely on that exclusively, and you should do your best to prepare your computer with viable alternatives.

Prepare for Windows 11

Can we expect other interesting developments around the release of Windows 11? That’s quite likely, at least looking at past precedents like the rollout of Windows 10.

Microsoft has some specific ideas in mind about how their operating system (OS) should be deployed and used, and they are doing their best to enforce that vision with their new releases.


Post a Comment

0 Comments