Читать книгу Windows 11 All-in-One For Dummies - Ciprian Adrian Rusen - Страница 19
Secure boot, TPM, and Windows 11
ОглавлениеWindows 11 is a big deal when it comes to the security requirements it has for running on PCs and devices. Microsoft wants it to become the most secure Windows version ever and decided to enforce some stringent restrictions. As a result, for Windows 11 to work, your PC must have a processor with an embedded Trusted Platform Module (TPM) 2.0 and Secure Boot support. The TPM 2.0 chip has been a requirement for Windows devices since 2016, and Secure Boot has been around since the days of Windows 8. Because of that, you may think that these security features aren’t be a big deal and that most computers should be able to handle Windows 11. However, many computers with a TPM 2.0 chip don’t have it enabled by default, and you have to fiddle with your computer’s BIOS to enable it — a task many users have no idea how to perform. To cope with this issue, motherboard manufacturers like ASUS have released new BIOS updates that enable this chip for you. Most probably others will follow their example. However, if your PC runs Windows 10 and you want to upgrade to Windows 11, you can’t do that without enabling TPM and Secure Boot first.
What is a TPM chip, you ask? It's a device used to generate and store secure and unique cryptographic keys. The cryptographic keys are encrypted and can be decrypted only by the TPM chip that created and encrypted them. Encryption software such as BitLocker in Windows 11 uses the TPM chip to protect the keys used to encrypt your files. Since the key stored in each TPM chip is unique to that device, encryption software can quickly verify that the system seeking access to the encrypted data is the expected system and not a different one.
Secure Boot, on the other hand, detects tampering attempts that may compromise your PC's boot process (which spans when you press the power button on your PC to when Windows starts) and key files of the operating system. When Secure Boot detects something fishy, it rejects the code and makes sure only good code is executed. Both security features are a big deal when it comes to protecting your data and your computer from all kinds of nasty cyberthreats.
These requirements significantly reduce the list of processors that work with Windows 11. To run this operating system, PCs and devices must have an Intel Core processor from at least 2017 or an AMD Ryzen processor from 2019 onward. They also need at least 4GB of RAM and 64GB of storage on their hard drives. It’s ironic that Microsoft's own $3,499 Surface Studio 2 desktop, which was released at the end of 2018 and is still being sold, doesn’t make the cut. New and expensive hardware like this isn’t “good enough” for Windows 11. And I’m sure Microsoft’s inflexible attitude on this subject will make many people frustrated.
Before upgrading a Windows 10 PC to Windows 11, it's a good idea to download and install the PC Health Check app from Microsoft (see Figure 1-6). Run it and click or tap Check Now. It tells you whether or not you can install Windows 11 and why. Download it here: www.softpedia.com/get/System/System-Info/PC-Health-Check.shtml
FIGURE 1-6: The PC Health Check app tells you whether you can upgrade to Windows 11.