Update on Windows 11 minimum system requirements


  • Staff
UPDATE 8/27: Update on Windows 11 minimum system requirements and PC Health Check app

Windows Insiders,

Today we’re releasing our first Insider build for Windows 11, and we’re looking forward to the insight that comes from you installing and using on a variety of your PCs. Last week’s introduction of Windows 11 signaled the first step on our journey to empower people with the next generation of Windows. With a new generation comes an opportunity to adapt software and hardware to keep pace with people’s computing needs today and in the future.

The intention of today’s post is to acknowledge and clarify the confusion caused by our PC Health Check tool, share more details as to why we updated the system requirements for Windows 11 and set the path for how we will learn and adjust. Below you will find changes we are making based on that feedback, including ensuring we have the ability for Windows Insiders to install Windows 11 on 7th generation processors to give us more data about performance and security, updating our PC Health check app to provide more clarity, and committing to more technical detail on the principles behind our decisions. With Windows 11, we are focused on increasing security, improving reliability, and ensuring compatibility. This is what drives our decisions.

Why new Windows 11 minimum system requirements

Windows 11 is designed and built as a complete set of experiences, unlocking the full power of the PC our customers have come to rely on, including in areas like security, reliability, compatibility, video conferencing, multitasking, playing, creating, building, learning and more. We need a minimum system requirement that enables us to adapt software and hardware to keep pace with people’s expectations, needs and harness the true value and power of the PC to deliver the best experiences, now and in the future. To do that, we were guided by the following principles:
  1. Security. Windows 11 raises the bar for security by requiring hardware that can enable protections like Windows Hello, Device Encryption, virtualization-based security (VBS), hypervisor-protected code integrity (HVCI) and Secure Boot. The combination of these features has been shown to reduce malware by 60% on tested devices. To meet the principle, all Windows 11 supported CPUs have an embedded TPM, support secure boot, and support VBS and specific VBS capabilities.
  2. Reliability. Devices upgraded to Windows 11 will be in a supported and reliable state. By choosing CPUs that have adopted the new Windows Driver model and are supported by our OEM and silicon partners who are achieving a 99.8% crash free experience.
  3. Compatibility. Windows 11 is designed to be compatible with the apps you use. It has the fundamentals of >1GHz, 2-core processors, 4GB memory, and 64GB of storage, aligning with our minimum system requirements for Office and Microsoft Teams.
Using the principles above, we are confident that devices running on Intel 8th generation processors and AMD Zen 2 as well as Qualcomm 7 and 8 Series will meet our principles around security and reliability and minimum system requirements for Windows 11. As we release to Windows Insiders and partner with our OEMs, we will test to identify devices running on Intel 7th generation and AMD Zen 1 that may meet our principles. We’re committed to sharing updates with you on the results of our testing over time, as well as sharing additional technical blogs.

PC Health Check App

See if PC meets Requirements for Windows 11 with PC Health Check app

With these minimum system requirements in mind, the PC Health Check app was intended to help people check if their current Windows 10 PC could upgrade to Windows 11. Based on the feedback so far, we acknowledge that it was not fully prepared to share the level of detail or accuracy you expected from us on why a Windows 10 PC doesn’t meet upgrade requirements. We are temporarily removing the app so that our teams can address the feedback. We will get it back online in preparation for general availability this fall. In the meantime, you can visit our minimum system requirements page here to learn more.

First build of Windows 11 available to Windows Insiders today

Today, we’re releasing the first preview build of Windows 11 to the Windows Insider community. In support of the Windows 11 system requirements, we’ve set the bar for previewing in our Windows Insider Program to match the minimum system requirements for Windows 11, with the exception for TPM 2.0 and CPU family/model. By providing preview builds to the diverse systems in our Windows Insider Program, we will learn how Windows 11 performs across CPU models more comprehensively, informing any adjustments we should make to our minimum system requirements in the future. We look forward to the product feedback and learnings as it’s an important step to prepare Windows 11 for general availability this year – thank you to the Windows Insider community for your excitement and feedback thus far!

UPDATED 6/28 at 10:24am PDT.
Click to expand...


Source: Update on Windows 11 minimum system requirements | Windows Insider Blog
 

Attachments

  • Windows_11_flag.png
    Windows_11_flag.png
    2.6 KB · Views: 117
Last edited:
Click to expand...
tinmar49 said:
My laptop has the TPM embedded in the motherboard, but only has a gen 6 Intel processor,should I try updating to W11? The pc which I use daily is AMD which seems to have left out of this discussion
Click to expand...
For Intel, the processor requirement is 8th gen or newer, having said that the current Insider ISO will accept two of my machines with 6th or 4th gen processors for an in-place upgrade, but they do meet the secure boot/TPM requirements. But that may change come the official release, they may no longer qualify.

There are similar requirement for AMD processors, the list is here:
docs.microsoft.com

Windows processor requirements Windows 11 supported AMD processors

This specification details the AMD processors that can be used with Windows 11 customer systems that include Windows products, including custom images.
docs.microsoft.com
 

My Computers

System One System Two

  • OS
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB Samsung EVO 870 SSD
    Internet Speed
    50 Mbps
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. A test migration ran Insider builds for 2 months. When 11 was released on 5th October it was re-imaged back to 10 and was offered the upgrade in Windows Update on 20th October. Windows Update offered the 22H2 Feature Update on 20th September 2022. It got the 23H2 Feature Update on 4th November 2023 through Windows Update.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 8GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Beta as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 4GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus the Insider Beta, Dev, and Canary builds as a native boot .vhdx.
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Lattitude E4310
    CPU
    Intel® Core™ i5-520M
    Motherboard
    0T6M8G
    Memory
    8GB
    Graphics card(s)
    (integrated graphics) Intel HD Graphics
    Screen Resolution
    1366x768
    Hard Drives
    500GB Crucial MX500 SSD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround. In-place upgrade to 22H2 using ISO and a workaround. Feature Update to 23H2 by manually installing the Enablement Package. Also running Insider Beta, Dev, and Canary builds as a native boot .vhdx.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 8GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Beta as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 4GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus the Insider Beta, Dev, and Canary builds as a native boot .vhdx.
Thanks, Bree, my lowly Athlon 3000G is on the supported list, so the only thing missing from my most used pc is the TPM module and getting a 17 pin Asrock one will take some time.
 

My Computers

System One System Two

  • OS
    W11 pro beta
    Computer type
    PC/Desktop
    Manufacturer/Model
    home built
    CPU
    Athlon 3000G
    Motherboard
    Asrock A320M-HDV r4.0
    Memory
    16Gb Crucial DDR4 2400
    Graphics Card(s)
    onboard cpu
    Sound Card
    onboard
    Monitor(s) Displays
    AOC 27
    Screen Resolution
    2560-1440
    Hard Drives
    WD black SN750 M2 500Gb
    PSU
    500W Seasonic core 80+gold non modular
    Case
    Fractal Design Define R2
    Cooling
    front 2 x 120mm rear 100mm stock psu
    Internet Speed
    135/20
    Browser
    Firefox and edge
    Antivirus
    Windows Security and free Malwarebytes
  • Operating System
    W11 pro 64 beta (from W10 pro system builder pack)
    Computer type
    PC/Desktop
    Manufacturer/Model
    homebuilt
    CPU
    Ryzen 7 5700G
    Motherboard
    MSI B450 tomahawk max II
    Memory
    4 x 8Gb Corsair Vengeance LPX 3000 DDR4
    Graphics card(s)
    onboard cpu
    Sound Card
    motherboard
    Monitor(s) Displays
    LG 21.5" IPS
    Screen Resolution
    1920 x 1080
    Hard Drives
    WD 1Tb Black M2 SN850X on Asus hyper M2 X16 max V2 card
    PSU
    Be Quiet 400 semi modular 80+gold
    Case
    Coolermaster Silencio 650
    Cooling
    140mm front, 120 rear Akasa Vegas Chroma AM
    Internet Speed
    135/20
    Browser
    edge/Firefox
    Antivirus
    WD plus Malwarebytes free
tinmar49 said:
...the only thing missing from my most used pc is the TPM module and getting a 17 pin Asrock one will take some time.
Click to expand...
Not sure what mainboard you have, but wouldn't you most likely have TPM already via a BIOS setting? My Asrock B450 based board (with Ryzen5 2600) does. It's called fTPM in the BIOS and once enabled and rebooted, a "Security Device" toggle becomes available under "Trusted Computing" section. Both must be enabled. Definitely check that before getting gouged/scalped on a discrete TPM module!
 

Attachments

  • 01.jpg
    01.jpg
    68.2 KB · Views: 7
  • 02.jpg
    02.jpg
    87.5 KB · Views: 6
  • 03.jpg
    03.jpg
    69.9 KB · Views: 5
  • 04.jpg
    04.jpg
    76.2 KB · Views: 6

My Computer

System One

  • OS
    Windows 10 21H1
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    Ryzen 5 2600
    Motherboard
    Asrock B450 Gaming K4
    Memory
    2x8 GB 16-18-18-36 tRC-56 DDR4 3200
    Graphics Card(s)
    GTC 1660 Super
    Screen Resolution
    1920x1080
    Hard Drives
    1 NVME, 1 SATA M.2 SSDs
    PSU
    Antec TP750
    Antivirus
    nope
The motherboard is an Asrock A320M-HDV rev4, there is a socket for one of their 17 pin TPM2-S V2.0 modules, its getting hold of a module that is difficult, if not impossible at the moment. Because of this Microsoft is taking it off the slow lane and moving it to the release preview channel.
 

My Computers

System One System Two

  • OS
    W11 pro beta
    Computer type
    PC/Desktop
    Manufacturer/Model
    home built
    CPU
    Athlon 3000G
    Motherboard
    Asrock A320M-HDV r4.0
    Memory
    16Gb Crucial DDR4 2400
    Graphics Card(s)
    onboard cpu
    Sound Card
    onboard
    Monitor(s) Displays
    AOC 27
    Screen Resolution
    2560-1440
    Hard Drives
    WD black SN750 M2 500Gb
    PSU
    500W Seasonic core 80+gold non modular
    Case
    Fractal Design Define R2
    Cooling
    front 2 x 120mm rear 100mm stock psu
    Internet Speed
    135/20
    Browser
    Firefox and edge
    Antivirus
    Windows Security and free Malwarebytes
  • Operating System
    W11 pro 64 beta (from W10 pro system builder pack)
    Computer type
    PC/Desktop
    Manufacturer/Model
    homebuilt
    CPU
    Ryzen 7 5700G
    Motherboard
    MSI B450 tomahawk max II
    Memory
    4 x 8Gb Corsair Vengeance LPX 3000 DDR4
    Graphics card(s)
    onboard cpu
    Sound Card
    motherboard
    Monitor(s) Displays
    LG 21.5" IPS
    Screen Resolution
    1920 x 1080
    Hard Drives
    WD 1Tb Black M2 SN850X on Asus hyper M2 X16 max V2 card
    PSU
    Be Quiet 400 semi modular 80+gold
    Case
    Coolermaster Silencio 650
    Cooling
    140mm front, 120 rear Akasa Vegas Chroma AM
    Internet Speed
    135/20
    Browser
    edge/Firefox
    Antivirus
    WD plus Malwarebytes free
tinmar49 said:
The motherboard is an Asrock A320M-HDV rev4, there is a socket for one of their 17 pin TPM2-S V2.0 modules, its getting hold of a module that is difficult, if not impossible at the moment. Because of this Microsoft is taking it off the slow lane and moving it to the release preview channel.
Click to expand...



On the Advanced tab > CPU Configuration, you have fTPM (firmware TPM).
All you have to do is enable it. :)


You don't NEED to buy a TPM module.




Image1.png








Now this is for the TPM Module. You don't need both.



Image1.png
 
Last edited:

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦22631.3527 ♦♦♦♦♦♦♦23H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 4702)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 13 years?
See... this is my BIOS. My motherboard doesn't even have a TPM connector...



210624215945.png






And, as you can see, I passed the requirement...



000000 GitHub tool.png






So all you have to do is enable AMD CPU fTPM in your BIOS and then run this tool to see if you're all set...

GitHub Tool...


Lots more info, here: How to pass the Windows 11 Compatibility Checks
 

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦22631.3527 ♦♦♦♦♦♦♦23H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 4702)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 13 years?
I have found and enabled the fTPM and will see if Microsoft change their mind about my getting W11 with the slow lane. There seem to be conflicting reports about the suitability of the Athlon 3000G for W11.
 

My Computers

System One System Two

  • OS
    W11 pro beta
    Computer type
    PC/Desktop
    Manufacturer/Model
    home built
    CPU
    Athlon 3000G
    Motherboard
    Asrock A320M-HDV r4.0
    Memory
    16Gb Crucial DDR4 2400
    Graphics Card(s)
    onboard cpu
    Sound Card
    onboard
    Monitor(s) Displays
    AOC 27
    Screen Resolution
    2560-1440
    Hard Drives
    WD black SN750 M2 500Gb
    PSU
    500W Seasonic core 80+gold non modular
    Case
    Fractal Design Define R2
    Cooling
    front 2 x 120mm rear 100mm stock psu
    Internet Speed
    135/20
    Browser
    Firefox and edge
    Antivirus
    Windows Security and free Malwarebytes
  • Operating System
    W11 pro 64 beta (from W10 pro system builder pack)
    Computer type
    PC/Desktop
    Manufacturer/Model
    homebuilt
    CPU
    Ryzen 7 5700G
    Motherboard
    MSI B450 tomahawk max II
    Memory
    4 x 8Gb Corsair Vengeance LPX 3000 DDR4
    Graphics card(s)
    onboard cpu
    Sound Card
    motherboard
    Monitor(s) Displays
    LG 21.5" IPS
    Screen Resolution
    1920 x 1080
    Hard Drives
    WD 1Tb Black M2 SN850X on Asus hyper M2 X16 max V2 card
    PSU
    Be Quiet 400 semi modular 80+gold
    Case
    Coolermaster Silencio 650
    Cooling
    140mm front, 120 rear Akasa Vegas Chroma AM
    Internet Speed
    135/20
    Browser
    edge/Firefox
    Antivirus
    WD plus Malwarebytes free
tinmar49 said:
I have found and enabled the fTPM and will see if Microsoft change their mind about my getting W11 with the slow lane. There seem to be conflicting reports about the suitability of the Athlon 3000G for W11.
Click to expand...

It's on the supported CPU list. AMD CPUs. This is an official Microsoft link.
 

My Computers

System One System Two

  • OS
    Windows 11 22631.2861
    Computer type
    PC/Desktop
    Manufacturer/Model
    homebuilt
    CPU
    Amd Threadripper 7970X
    Motherboard
    Gigabyte TRX50 Aero D
    Memory
    128GB (4 X 32) Kingston DDR5 5200 (RDIMM)
    Graphics Card(s)
    Gigabyte RTX 4090 OC
    Sound Card
    none (USB to speakers), Realtek
    Monitor(s) Displays
    Philips 27E1N8900 OLED
    Screen Resolution
    3840 X 2160 @ 60Hz
    Hard Drives
    Crucial T700 2TB M.2 NVME SSD
    WD 4TB Blue SATA SSD
    Seagate 18TB IronWolf Pro
    PSU
    eVGA SuperNOVA 1600 GT
    Case
    Lian Li 011 Dynamic Evo XL
    Cooling
    Alphacool Eisbaer Pro Aurora 360, with 3 Phanteks T30 fans
    Keyboard
    Logitech K120 (wired)
    Mouse
    Logitech M500s (wired)
    Internet Speed
    1200 Mbps
  • Operating System
    windows 11 22631.2861
    Computer type
    PC/Desktop
    Manufacturer/Model
    homebuilt
    CPU
    Intel I9-13900K
    Motherboard
    Asus RoG Strix Z690-E
    Memory
    64GB G.Skill DDR5-6000
    Graphics card(s)
    Gigabyte RTX 3090 ti
    Sound Card
    built in Realtek
    Monitor(s) Displays
    Asus PA329C
    Screen Resolution
    3840 X 2160 @60Hz
    Hard Drives
    WDC SN850 1TB
    8 TB Seagate Ironwolf
    4TB Seagate Ironwolf
    PSU
    eVGA SuperNOVA 1300 GT
    Case
    Lian Li 011 Dynamic Evo
    Cooling
    Corsair iCUE H150i ELITE CAPELLIX Liquid CPU Cooler
    Mouse
    Logitech M500s (wired)
    Keyboard
    Logitech K120 (wired)
If anyone with 6th gen CPU can share his/her speculation control settings, I just wanna check something please.

Here is mine for the 7th gen CPU.

Code: 
For more information about the output below, please refer to https://support.microsoft.com/help/4074629

Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: True [not required for security]

Speculation control settings for CVE-2018-3639 [speculative store bypass]

Hardware is vulnerable to speculative store bypass: True
Hardware support for speculative store bypass disable is present: True
Windows OS support for speculative store bypass disable is present: True
Windows OS support for speculative store bypass disable is enabled system-wide: True

Speculation control settings for CVE-2018-3620 [L1 terminal fault]

Hardware is vulnerable to L1 terminal fault: True
Windows OS support for L1 terminal fault mitigation is present: True
Windows OS support for L1 terminal fault mitigation is enabled: True

Speculation control settings for MDS [microarchitectural data sampling]

Windows OS support for MDS mitigation is present: True
Hardware is vulnerable to MDS: True
Windows OS support for MDS mitigation is enabled: True


BTIHardwarePresent                  : True
BTIWindowsSupportPresent            : True
BTIWindowsSupportEnabled            : True
BTIDisabledBySystemPolicy           : False
BTIDisabledByNoHardwareSupport      : False
BTIKernelRetpolineEnabled           : False
BTIKernelImportOptimizationEnabled  : True
KVAShadowRequired                   : True
KVAShadowWindowsSupportPresent      : True
KVAShadowWindowsSupportEnabled      : True
KVAShadowPcidEnabled                : True
SSBDWindowsSupportPresent           : True
SSBDHardwareVulnerable              : True
SSBDHardwarePresent                 : True
SSBDWindowsSupportEnabledSystemWide : True
L1TFHardwareVulnerable              : True
L1TFWindowsSupportPresent           : True
L1TFWindowsSupportEnabled           : True
L1TFInvalidPteBit                   : 45
L1DFlushSupported                   : True
MDSWindowsSupportPresent            : True
MDSHardwareVulnerable               : True
MDSWindowsSupportEnabled            : True
 

My Computer

System One

  • OS
    Windows 11 vmware
    Computer type
    Laptop
    Manufacturer/Model
    MSI GT83VR 7RF Titan SLI
    CPU
    i7 7820HK
    Memory
    64GB
    Graphics Card(s)
    NVIDIA 1080 2x SLI
    Sound Card
    Realtek Nahimic 3
Hi there
I've posted this before with ZERO answers so far.

Can any Windows GURU tell me what exactly is the TPM module doing currently and what do you as a user have to do if you are installing W11 and enable secure boot -- what keys are generated - what goes into the BIOS etc etc.

I've generated a TPM key as an experiment but I can't find any info on what to do next.

While I can understand Ms have relaxed the requirements (albeit possibly temporarily) to relax the requirements -- surely some of us that have the full hardware should be able to test exactly what Ms wants to do with the TPM / Secure boot thing --otherwise its just vapourware and panacking a load of people into unnecessary expense.

Cheers
jimbo
 

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7
jimbo45 said:
Hi there
I've posted this before with ZERO answers so far.

Can any Windows GURU tell me what exactly is the TPM module doing currently and what do you as a user have to do if you are installing W11 and enable secure boot -- what keys are generated - what goes into the BIOS etc etc.

I've generated a TPM key as an experiment but I can't find any info on what to do next.

While I can understand Ms have relaxed the requirements (albeit possibly temporarily) to relax the requirements -- surely some of us that have the full hardware should be able to test exactly what Ms wants to do with the TPM / Secure boot thing --otherwise its just vapourware and panacking a load of people into unnecessary expense.

Cheers
jimbo
Click to expand...
Now you can encrypt disk.
 

My Computer

System One

  • OS
    W10 and Insider Dev.+ Linux Mint
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home brewed
    CPU
    AMD Ryzen 9 7900x
    Motherboard
    ASROCK b650 PRO RS
    Memory
    2x8GB Kingston 6000MHz, Cl 32 @ 6200MHz Cl30
    Graphics Card(s)
    Gigabyte Rx 6600XT Gaming OC 8G Pro
    Sound Card
    MB, Realtek Ac1220p
    Monitor(s) Displays
    3 x 27"
    Screen Resolution
    1080p
    Hard Drives
    Kingston KC3000. 1TBSamsung 970 evo Plus 500GB, Crucial P1 NVMe 1TB, Lexar NVMe 2 TB, Silicon Power M.2 SATA 500GB
    PSU
    Seasonic 750W
    Case
    Custom Raidmax
    Cooling
    Arctic Liquid Freezer III 360mm
    Internet Speed
    20/19 mbps
TPM implementation is probably purely for Microsoft's benefit in terms of enforcement of licenses and digital rights management.
But it can also benefit the users through BIOS level control of operation that no one else can perform if you have no physical control of the hardware. But regular users don't even care about it. Haha...
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 9 3900X
    Motherboard
    MSI MPG Gaming Edge Wifi (X570)
    Memory
    32GB Adata XPG DDR4
    Graphics Card(s)
    ASUS GTX 1070 8GB ROG
    Monitor(s) Displays
    LG Ultrawide 34"
    Screen Resolution
    3440x1440
    Hard Drives
    Main Boot Drive : 512GB Adata XPG RGB Gen3x4 NVMe M.2 SSD
    PSU
    EVGA 600 Watts Gold
    Case
    Deepcool Genome II
    Cooling
    Deepcool Fryzen
    Internet Speed
    1Gbps
    Browser
    Chrome
    Antivirus
    "Moderna"
  • Operating System
    Windows 11 Pro
    Computer type
    PC/Desktop
    CPU
    i7-4790K
    Motherboard
    ASRock Xtreme6 Z97
    Memory
    16GB Corsair Vengeance Pro
    Graphics card(s)
    MSI R9 290
    Monitor(s) Displays
    LG Ultrawide 34"
    Screen Resolution
    3440x1440
    Hard Drives
    Samsung M.2
    PSU
    Thermaltake 475 Watts 80 Bronze
    Case
    Thermaltake Commander I Snow Edition
    Cooling
    Deep Cool Archer Air Cooler
    Mouse
    Logitech G402
    Keyboard
    Armageddon MKA-5R RGB-Hornet
    Internet Speed
    1Gbps
    Browser
    Chrome
    Antivirus
    Moderna :)
badrobot said:
TPM implementation is probably purely for Microsoft's benefit in terms of enforcement of licenses and digital rights management.
But it can also benefit the users through BIOS level control of operation that no one else can perform if you have no physical control of the hardware. But regular users don't even care about it. Haha...
Click to expand...
Hi there
I think we all can understand this and I can read "Ad Nauseam" the idea behind TPM etc -- BUT WHAT CAN WE DO TO TEST IT !!!! Nobody has answered my basic question -- we all can read the Ms Spiel of "Enhanced Security" etc etc - and I have no reason to disbelieve them but what do I actually do to test this -- as I assume a lot will be installing W11 on their own systems - not everybody buys or will buy a "pre-installed W11 system on a new PC".

Cheers
jimbo
 

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7
Just a thought.....

The TPM and Secure Boot, and enhanced security (I'm assuming that includes the higher level CPUs for the instruction sets), may from MS's point of view be a growing concern and impending requirement on their part to qualify for GSA certification on contracts, and be compliant with the increasingly stringent requirements of the general corporate environment. Utilities, State and local Governments, and many other corporate users will be demanding security unheard of 6 years ago with Win 10's birth.

Perhaps all the reasons have not come out yet and some may not.
 

My Computer

System One

  • OS
    Multi-boot Windows 11 & 10 - RTM, RP, Beta, Dev and Canary
    Computer type
    PC/Desktop
    Manufacturer/Model
    Alienware R12
    CPU
    11th Gen i9-11900KF @ 3.50GHz, 8 cores/16 logical proc.
    Motherboard
    Alienware 07HV66 (U3E1)
    Memory
    32GB
    Graphics Card(s)
    NVIDIA GeForce RTX 3080 w/10GB GDDR5X mem
    Sound Card
    Realtek High Definition Audio
    Monitor(s) Displays
    Samsung 27" Curved C27F591
    Screen Resolution
    1920 x 1080 x 60 hertz
    Hard Drives
    1TB NVMe PM961 NVMe SSD SAMSUNG (Boot),
    2TB Seagate ST2000DM001-1ER164 (SATA),
    1TB Samsung SSD 850 EVO,
    1TB Seagate ST1000DM003-1ER162,
    1TB WD Elements 10A8 USB Device,
    1TB BUFFALO HD-PNTU3 USB Device,
    1TB x4 Seagate BUP Slim SCSI Disk Device
    PSU
    850W PSU Liquid Cooled Chassis - CyberPower 1500 UPS
    Case
    Alienware Mid-Tower (Dell)
    Cooling
    Liquid Cooled - 3 fan - Top exhaust
    Keyboard
    Logitech K800 Wireless
    Mouse
    Logitech MX Master Wireless
    Internet Speed
    1 Gigabit
    Browser
    FF, Chrome, Opera, Edge
    Antivirus
    Defender, MBAM, SuperAntiSpyware
    Other Info
    Blueray R/W Optical,
    Canon MX410 series Printer/Fax/Scanner/Copier,
    Altec 5.1 Speakers L-R, Mid Base Boom,

    Macrium Home Premium, Revo Pro, Screenspresso Pro
jimbo45 said:
Hi there
I think we all can understand this and I can read "Ad Nauseam" the idea behind TPM etc -- BUT WHAT CAN WE DO TO TEST IT !!!! Nobody has answered my basic question -- we all can read the Ms Spiel of "Enhanced Security" etc etc - and I have no reason to disbelieve them but what do I actually do to test this -- as I assume a lot will be installing W11 on their own systems - not everybody buys or will buy a "pre-installed W11 system on a new PC".

Cheers
jimbo
Click to expand...
Unless maybe if you are a hacker or know anything about hacking through firmware, maybe you can test it. A TPM module will act like a base layer of hardware protection much like what Windows Defender does as a software protection.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 9 3900X
    Motherboard
    MSI MPG Gaming Edge Wifi (X570)
    Memory
    32GB Adata XPG DDR4
    Graphics Card(s)
    ASUS GTX 1070 8GB ROG
    Monitor(s) Displays
    LG Ultrawide 34"
    Screen Resolution
    3440x1440
    Hard Drives
    Main Boot Drive : 512GB Adata XPG RGB Gen3x4 NVMe M.2 SSD
    PSU
    EVGA 600 Watts Gold
    Case
    Deepcool Genome II
    Cooling
    Deepcool Fryzen
    Internet Speed
    1Gbps
    Browser
    Chrome
    Antivirus
    "Moderna"
  • Operating System
    Windows 11 Pro
    Computer type
    PC/Desktop
    CPU
    i7-4790K
    Motherboard
    ASRock Xtreme6 Z97
    Memory
    16GB Corsair Vengeance Pro
    Graphics card(s)
    MSI R9 290
    Monitor(s) Displays
    LG Ultrawide 34"
    Screen Resolution
    3440x1440
    Hard Drives
    Samsung M.2
    PSU
    Thermaltake 475 Watts 80 Bronze
    Case
    Thermaltake Commander I Snow Edition
    Cooling
    Deep Cool Archer Air Cooler
    Mouse
    Logitech G402
    Keyboard
    Armageddon MKA-5R RGB-Hornet
    Internet Speed
    1Gbps
    Browser
    Chrome
    Antivirus
    Moderna :)
To test one of TPM aspects.
Encrypt a disk with BitLocker, turn TPM off and see if you can access it.
 

My Computer

System One

  • OS
    W10 and Insider Dev.+ Linux Mint
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home brewed
    CPU
    AMD Ryzen 9 7900x
    Motherboard
    ASROCK b650 PRO RS
    Memory
    2x8GB Kingston 6000MHz, Cl 32 @ 6200MHz Cl30
    Graphics Card(s)
    Gigabyte Rx 6600XT Gaming OC 8G Pro
    Sound Card
    MB, Realtek Ac1220p
    Monitor(s) Displays
    3 x 27"
    Screen Resolution
    1080p
    Hard Drives
    Kingston KC3000. 1TBSamsung 970 evo Plus 500GB, Crucial P1 NVMe 1TB, Lexar NVMe 2 TB, Silicon Power M.2 SATA 500GB
    PSU
    Seasonic 750W
    Case
    Custom Raidmax
    Cooling
    Arctic Liquid Freezer III 360mm
    Internet Speed
    20/19 mbps
CountMike said:
To test one of TPM aspects.
Encrypt a disk with BitLocker, turn TPM off and see if you can access it.
Click to expand...
Hi there

@CountMike - doesn't Bitlocker work even if you don't have a TPM.

But as a Home user I for one don't want to encrypt my disks --it's far too much hassle especially if these are moved /shared between machines with different OS'es on them -- if I've got really secure data I either won't have it online line or will store it with a reliable Cloud service who will do all the relevant data security required. The only security I really use as far as encryption is concerned is network transmission via sftp so data is transferred encrypted rather than "in the clear" e.g when entering passwords / account numbers for accessing e-commerce sites such as amazon or e-banking.

If people want to use things like Bitlocker -- that's fine but I really am as far as ordinary people are concerned in the K.I.S.S camp - the simpler the better commensurate of course with reasonable protection.

I'm far more worried about "Identity theft" and lack of decent security by some big banks than by any amount of hackers.

I'm sure even the most devoted hacker would get bored reading any of my emails -- even if they could understand the lingo -- not sure if Icelandic would be taught in N.Korea educational institutions !!! - although given the quite large number of "Dark server Farms" in Iceland currently (very cheap energy) they might get a buzz at trying to hack some of that infrastructure !!!

Cheers
jimbo
 

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7
jimbo45 said:
Hi there
as a Home user I for one don't want to encrypt my disks much too much hassle especially if these are moved between machines with different OS'es on them -- if I've got really secure data I either won't have it oin line or will store it with a reliable Cloud service who will do all the relevant data security required. The only security I really use as far as encryption is concerned is network transmission via sftp so data is transferred encrypted rather than "in the clear"..

If people want to use things like Bitlocker -- that's fine but I really am as far as ordinary people are concerned in the K.I.S.S camp - the simpler the better commensurate of course with reasonable protection.

I'm far more worried about "Identity theft" and lack of decent seciurity by some big banks than by any amount of hackers.

I'm sure even the most devoted hacker would get bored reading any of my emails -- even if they could understand the lingo -- not sure if Icelandic would be taught in N.Korea educational institutions !!! - although given the quite large number of "Dark server Farms" in Iceland currently (very cheap energy) they might get a buzz at trying to hack some of that infrastructure !!!

Cheers
jimbo
Click to expand...
It was just a suggestion for testing. As far as the rest, only you can protect yourself by being smart.
 

My Computer

System One

  • OS
    W10 and Insider Dev.+ Linux Mint
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home brewed
    CPU
    AMD Ryzen 9 7900x
    Motherboard
    ASROCK b650 PRO RS
    Memory
    2x8GB Kingston 6000MHz, Cl 32 @ 6200MHz Cl30
    Graphics Card(s)
    Gigabyte Rx 6600XT Gaming OC 8G Pro
    Sound Card
    MB, Realtek Ac1220p
    Monitor(s) Displays
    3 x 27"
    Screen Resolution
    1080p
    Hard Drives
    Kingston KC3000. 1TBSamsung 970 evo Plus 500GB, Crucial P1 NVMe 1TB, Lexar NVMe 2 TB, Silicon Power M.2 SATA 500GB
    PSU
    Seasonic 750W
    Case
    Custom Raidmax
    Cooling
    Arctic Liquid Freezer III 360mm
    Internet Speed
    20/19 mbps
CountMike said:
It was just a suggestion for testing. As far as the rest, only you can protect yourself by being smart.
Click to expand...
Hi there

@CountMike

interesting to try this but I'm sure Bitlocker has been around for "Donkeys years - I remember in a workplace running W7 years ago that all external things like USB sticks were "bit locked / encrypted" so could only be used on work supplied laptops and I'm sure those didn't have TPM in them. Could be wrong of course !!

quote from Ms docs :


Can I use BitLocker on an operating system drive without a TPM?​


Yes, you can enable BitLocker on an operating system drive without a TPM version 1.2 or higher, if the BIOS or UEFI firmware has the ability to read from a USB flash drive in the boot environment. This is because BitLocker will not unlock the protected drive until BitLocker's own volume master key is first released by either the computer's TPM or by a USB flash drive containing the BitLocker startup key for that computer. However, computers without TPMs will not be able to use the system integrity verification that BitLocker can also provide. To help determine whether a computer can read from a USB device during the boot process, use the BitLocker system check as part of the BitLocker setup process. This system check performs tests to confirm that the computer can properly read from the USB devices at the appropriate time and that the computer meets other BitLocker requirements.

Cheers
jimbo
 

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7
I installed Win11 on this machine with TPM 2.0 and SB enabled without any problem even though it has only 7th gen intel CPU. Out of idle curiousity, I booted with TPM disabled, and it got as far as asking for the PIN, but said "something happened and we can't find your PIN, click here to fix it". I clicked, there were a few seconds of black screen, and it came back to that message.

Rebooted with TPM enabled, and it all worked fine again. Interestingly, It booted fine with SB disabled.
 

My Computer

System One

  • OS
    Windows 11 Pro build 22000.65
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP Pavilion PC 570-p026
    CPU
    Intel Core i5 7400 @ 3 GHz
    Motherboard
    HP Model 82F2 (U3E1)
    Memory
    12 GB
    Graphics Card(s)
    Intel HD Graphics 630
    Sound Card
    Realtek High Definition Audio
    Monitor(s) Displays
    Acer V173
    Screen Resolution
    1280x1024
    Hard Drives
    500MB Samsung Evo+ SSD
    1TB Western Digital WDC WD10EZEX-60WN4A0 (SATA) 7200 RPM
    Internet Speed
    300/300 Mbs fiber
You must log in or register to reply here.

Similar threads

  • Article
Updates on Microsoft's Secure Future Initiative
Replies
0
Views
486
Brink
Brink
  • Article
Insider KB5036908 Windows 11 Insider Dev build 26100.268 (24H2) - April 26
2
Replies
22
Views
5K
Brink
Brink
  • Article
Visual refresh in Microsoft Teams for personal use on Windows 11
Replies
1
Views
414
BrianInEngland
B
  • Article
Microsoft Reducing environmental impact of Windows 11 devices
Replies
0
Views
446
Brink
Brink
  • Sticky
  • Article
Insider Windows 11 Insider Canary build 26200.5001 (24H2) - April 19
2 3 4
Replies
74
Views
8K
Winuser
Winuser

Latest Support Threads

Latest Tutorials

Back
Top Bottom