Microsoft’s upcoming Windows 11 operating system will require a heretofore little-known PC security feature, the Trusted Platform Module (TPM), which is cause for concern among early adopters who can’t wait to get their hands on the new OS.

“Do I have a TPM that works with Windows?” is a question you probably never thought you’d need to ask. But the good news for people who have a PC bought in the last few years is that the answer is almost certainly “Yes.” For everyone else looking to upgrade to Windows 11, especially people who built or upgraded their own Windows desktop, the answer could be more complicated. 

Let’s take a look at what TPMs do and how Microsoft is incorporating them into the next version of Windows, based on what we know so far. 

What Is a TPM?

At its most basic, the TPM is a tiny chip on your computer’s motherboard, sometimes separate from the main CPU and memory. The chip is akin to the keypad you use to disable your home security alarm every time you walk in the door, or the authenticator app you use on your phone to log in to your bank account. In this scenario, turning on your computer is analogous to opening the front door of your home or entering your username and password into the login page. If you don’t key in a code within a short period of time, alarms will sound or you won’t be able to access your money.

Likewise, after you press the power button on a newer PC that uses full-disk encryption and a TPM, the tiny chip will supply a unique code called a cryptographic key. If everything is normal, the drive encryption is unlocked and your computer starts up. If there’s a problem with the key—perhaps a hacker stole your laptop and tried to tamper with the encrypted drive inside—your PC won’t boot up. 

Does My PC Already Have TPM 2.0? 

If you’ve got a computer that meets the other Windows 11 minimum system requirements, there’s a chance that it supports TPM 2.0. The standard is relatively recent, however. If you bought your PC after 2016, it almost certainly comes with TPM 2.0. If your computer is older than a few years, it likely either has the older TPM 1.2 version (which Microsoft says is not recommended for Windows 11) or has no TPM at all. 

Microsoft attempts to simplify the situation by referring to its 2016 deadline for implementing TPM 2.0. The company notes in its Windows 11 FAQs that “many PCs that are less than four years old will be able to upgrade to Windows 11.”

Because TPMs take so many forms, as mentioned earlier, there isn’t a way to verify at a single glance whether your PC has an enabled TPM 2.0-compatible chip or firmware. Windows offers a generic "security processor" status indicator, but to be sure, you’ll have to check with the company that made your desktop or laptop.

Most of the larger vendors have straightforward support articles published on their website that explain which products have TPM 2.0 support. For example, Dell publishes a handy chart that indicates which type of TPM is installed in which system. The company uses three different types of TPM 2.0 in modern Latitude, Precision, OptiPlex, and consumer laptops and desktops. 

Can I Add a TPM to My PC? 

If you built your own desktop PC in the last few years and you’re comfortable tinkering with hardware and software security settings in the system's BIOS, you can probably add a discrete TPM 2.0 chip to your motherboard. Many motherboards come with a cluster of header pins clearly labeled “TPM.” And, as Extreme Tech notes, you can pick up a TPM module for some motherboard models for less than 2000/-. 

But it’s not as simple as buying a TPM 2.0 add-on module and plugging it into the header. Even if you’ve got a hardware TPM installed in your home-built computer, you’ll need to ensure that it’s properly set up in the BIOS for the Windows operating system to recognize it. This process varies widely based on which motherboard and CPU you're using. Even Microsoft acknowledges that turning on TPM isn't necessarily a straightforward process. Microsoft VP of Product Management Steve Dispense suggests that it may be necessary to enable a setting like Platform Trust Technology (PTT) in the BIOS of Intel-based computers, or f TPM for AMD-based ones.

Will a TPM Limit Which Windows 11 Features I Can Use?

One of the many tricky parts of the TPM 2.0 requirement in Windows 11 is that Microsoft may take a page out of Apple’s playbook and introduce additional limitations related to TPM security in future Windows updates. For instance, Macs with the T2 chip have many capabilities that Apple computers without it do not, including fingerprint recognition and enhanced image signal processing. This situation also exists in the Windows 10 world, with the Windows Hello face-recognition mentioned earlier being a prime example. 

With Windows 11 and future TPM versions, Microsoft could further segment the Windows experience. This could include adding new features that require the TPM, but it could also include bringing additional locked-down versions of Windows akin to the current Windows 10 S Mode. For most consumers, this won’t be an issue, but it’s something to keep in mind if you’re planning to upgrade to Windows 11 as soon as it becomes available.