[Hardware] Windows 11 to Ship Without TPM Requirement for 'Special Purpose' Systems

[Love Pulse]

 

 

Microsoft has fitted Windows 11 with onerous new requirements that prevent any system without Trusted Platform Module (TPM) 2.0 technology from installing the new operating system, but it turns out that the company will allow some systems to ship without the feature enabled. Unfortunately, normal users probably won't be able to access ISO installs or the workaround used for those builds, although we could see them leak to the public. Alternatively, these special builds are likely to be designed for use in countries that don't use Western encryption technologies, such as China and Russia.

Windows 11 requires either a physical TPM key, which results in an almost immediate hardware shortage and rapid inflation, or fTPM support, with the exception of a large number of relatively recent systems from receiving the update. And for those who thought Microsoft would bend under public pressure due to unpo[CENSORED]r new TPM requirements, the company doubled down on it — at first, Microsoft only listed TPM 1.2 support as a baseline, but has since clarified that Windows 11 will only support the latest 2.0 revision. This requirement also limits the number of computers that can use Windows 11.

The company has now clarified that some systems will operate without any flavor of TPM-enabled cryptographic processors [edit: spell "enabled"], which will make the requirements appear redundant to critics. Microsoft outlines the full system requirements in its Windows 11 Minimum Hardware Requirements Document (Warning - PDF), with the sixteen-page document giving us a much deeper look into the nuts and bolts of the operating system than the base version Microsoft previously published.

 

 

As we can see in the image above, upon approval, Microsoft will allow some systems to ship without TPM 2.0 enabled, meaning that it will obviously have either a special ISO for those installs or a method to bypass the TPM restriction during installation.

Installing Windows 11 on a system without TPM enabled will require special approval from Microsoft. The company allows "OEMs for special purpose commercial systems, custom order, and customer systems with a custom image" to ship systems without TPM support enabled.

Microsoft's uneven application of the TPM requirement is probably designed to cater to countries that either forbid or don't use the TPM cryptoprocessor security functionality, like China (which receives its own special Windows builds already) and Russia, both of which don't use the technology for security reasons. (Both countries have their own alternative encryption algorithms/technologies.) It's also conceivable that some systems without the TPM requirement could ship into other areas of the globe for other uses, so we're following up with Microsoft for more details.

Microsoft's TPM requirement isn't po[CENSORED]r, particularly because it doesn't enable any new functionality — all of the tech it enables already exists on Windows 10 systems that don't require TPM for installation. The primary difference is that Windows 10 users can opt to use those features by enabling TPM, or simply choose not to use them. Enterprising enthusiasts are already finding workarounds to install Windows 11 on systems without TPM support (we're aware of a few already). Still, it is unclear if those techniques will work on shipping versions of the ISO.

Unfortunately, it appears Microsoft is sticking to its guns on the Windows 11 CPU support matrix, too. The updated Windows 11 minimum requirements document doesn't outline any expansion of the current list of supported Intel and AMD CPUs. That means Windows 11 will not install on all CPUs before second-gen AMD Ryzen and eighth-gen Intel models. Curiously, many unsupported CPUs, like Skylake-X, support TPM functionality but aren't on the supported CPU list.

We're reaching out to Microsoft for more information on the TPM matter and will update as necessary.