Stop! Why you shouldn't panic-buy a TPM for Windows 11
- 01 July, 2021 23:47
With the announcement of Windows 11 last Thursday, the humble Trusted Platform Module (TPM) has gotten more attention than ever. Home users are suddenly interested in this esoteric security tech.
Windows 11 will require a module, which could tempt savvy shoppers to buy a TPM 2.0 chip early, and slap it on their motherboard. The logic of such a move makes sense: You want to ensure existing hardware can make the jump to Windows 11. And with Windows being the dominant operating system, it’s not hard to imagine TPM shortages closer to the OS launch—like what happened with the abrupt high demand for toilet paper and webcams last year.
But a TPM isn’t a solid purchase right now.
Why not? Well, first, let’s assume two things. One, you’re a desktop PC owner. And two, you’ve done your homework and verified that your motherboard has a TPM 2.0 header plus UEFI settings that allow you to enable the module once installed.
(If neither applies, do not pass go, as you absolutely should not buy a TPM currently—and possibly ever. You’ll need to figure out this requirement in alternate ways.)
All right, so if your desktop motherboard is compatible, why not make the TPM purchase? For starters, Microsoft’s security requirements for Windows 11 may seem clear, but figuring out how one’s hardware fits into those criteria is not. Take 1st-generation Ryzen processors, like the Ryzen 7 1800X. They’re not on the official list of CPUs approved for Windows 11, but AMD says that those chips are capable of matching next-gen Windows’ security standards. And while Microsoft appears open to be evaluating 7th-generation Intel and AMD Zen 1 processors for compatibility, its blog post on the subject specifies a look into devices with those CPUs. The company made no firm promises about a green light on the chips themselves. That puts people with CPUs that could meet the TPM requirement via firmware in a bit of limbo.
Even if you’re confident that your system lacks a TPM, either of the firmware (fTPM) or physical variety, buying one won’t guarantee your PC will pass Windows 11’s security requirements. The TPM is just one part of the full checklist. Your system must also pass muster on other fronts: It has to be capable of Secure Boot as well as support UEFI and virtualization-based security (VBS).
Of course, you could ignore all of these cautions, because uncertainty doesn’t bother you and you’re willing to drop a few bucks on a hedge for the future. Just know that if your goal is to protect yourself against increased demand and possibly increased prices, you’re too late. Scalpers already beat everyone to the available supply of Windows 11–compatible TPMs.
Oh, yes. The availability and gouging scourge long known to graphics card enthusiasts has already seized TPMs—and it happened fast. Before the Windows 11 announcement, a TPM 2.0 cost under $15. Now prices have climbed dramatically, with some listings topping over $100 on eBay. The most egregious listing at the moment has a Gigabyte TPM 2.0 module with an asking price of $175. Or, you know, over 11 times the normal street price.
The smarter, more time-efficient solution here is to wait. Spend a little patience instead of money—bide your time as Microsoft incorporates community feedback, finishes its internal testing on older hardware, and settles on who actually gets to experience Windows 11. By then, TPM 2.0 production could increase, thwarting the scalpers. (Psst. Microsoft and partners: hint, hint.) Or you may find that you’ll have to replace your CPU or motherboard (or both, ouch) with new hardware that supports fTPM. Overall, you’ll have a much clearer picture of how to proceed, and potentially save yourself money in the process.