In fact, things are a little more complicated, the issue is in a seemingly unimportant term: COMPATIBLE. Microsoft has set some conditions for doing this update, and those are the reasons why a significant number of PCs will most likely never upgrade to Windows 11.
The American technology press and other parts of the world have dealt extensively with the subject of Windows 11 and the compatibility issues it raises.
The situation is so nuanced that Microsoft has removed from its website the application with which you could check the compatibility of your system with Windows 11. The night I wrote about the launch I downloaded it and checked my own system. Not compatible. Nothing special so far, my system is old, at least 7 years old. I will have support for Windows 10 until 2025 and by then it will be completely obsolete.
The compatibility criteria can be found here at the bottom of the page. I took them copy-paste, they are in English, but I organized them a little differently:
- Processor 1 GHz or faster with 2 or more cores on a compatible 64-bit processor or System on a Chip (SoC)
- Memory 4 GB RAM
- Storage 64 GB or larger storage device
- UEFI firmware system, Secure Boot capable
- TPM Trusted Platform Module (TPM) version 2.0
6. Internet connection Microsoft account and internet connectivity required for setup for Windows 11 Home
7. Certain features require specific hardware, see detailed system requirements.
In this blog post we will discuss points 5, 4 and 1 that seem more important to me.
5 . I've rarely heard of TPM (Trusted Module Platform) until Windows 11. I've written about TPM a few times, but I've never paid much attention to it. It usually appeared on high-performance business laptops, which put a lot of value on security and are quite expensive. So what is TPM and how do you know if you have it or not?
A book-like definition might sound like this:
"Trusted Platform Module (TPM) technology is designed to provide hardware-based security features. A TPM chip is a secure cryptoprocessor that is designed to perform cryptographic operations. The chip includes several physical security mechanisms to do so. tamper-proof, and malicious software is not capable of handling TPM's security features. "
In short, it is a security technology, a safe for important data, a device for storing security keys. Private keys in an SSL certificate, for example Bitlocker encryption keys.
There are 3 types of TPM:
- a TPM chip (discrete) - dedicated hardware and software; - an integrated TPM solution but logically separated from other components, using dedicated hardware integrated in one or more semiconductor packages - hybrid hardware and dedicated software; - a TPM firmware solution - a kind of enclave in a processor, in a trusted execution zone, running security functions.At this point TPM is considered very secure. That's why it has become a basic criterion for upgrading to Windows 11. If you want more details about TPM, go straight to Microsoft here.
How do you know if you have something like this in your system? Then click on the Windows button on the keyboard or with the mouse click on the Windows icon and in the search window type tpm.msc , then press Enter. A window will appear, in which you can receive various answers.
If you're unlucky, in the right window, your system doesn't have a TPM chip. Let's say that this can be solved by purchasing a TPM chip, although it is not valid in all situations, some of the systems will not be able to add this chip. Related to this possibility, the prices for these TPM chips exploded when Windows 11 was announced.
If the only obstacle were TPM, things wouldn't be too complicated. However, before we move on, let's talk a little about activating TPM. That is, you may have TPM, but it may not be enabled, and if you enable it, the PC system becomes compatible with Windows 11, an extra chance.
To do this, you need to restart your computer and enter the BIOS. It would be fair to call it UEFI (Unified Extensible Firmware Interface) or UEFI BIOS, but because most people still use the term BIOS, we stick to it. Read more about BIOS and UEFI here.
The most common keys for entering the BIOS are Esc, DEL (Delete), F2, F10, F12, etc. Depending on the device and the company that produced it, there may be others. Search Google for your device model and how you enter the BIOS. Here is a tutorial with key access. Or you can get the BIOS directly from Windows, tutorial here.
Suppose you have entered the BIOS, here things are divided according to the type of processor you are using Intel (PTT) or AMD (fTPM). That is, the BIOS looks different and the TPM is found / named differently, although it has the same functions.
In addition to the old desktop, I used a desktop computer with an AMD processor and a laptop with an Intel processor.
I'll start with the simple part, the laptop with Intel processor had TPM 2.0 enabled and the TPM disable enable option did not appear in the BIOS or I did not find it.
After entering the BIOS I pressed F7 to switch from Simple Mode to Advanced Mode and the TPM should have been in the Advanced / Advanced section, but it is not. I also searched in Security, but still nothing. Talking to a friend who works in IT, I advanced the possibility that the manufacturers will not allow you to disable TPM on new computers and completely remove it from the options.
Be predefined active, no deactivation. I'm not sure about that, it's an assumption, I'll investigate.
The Desktop system has a Gigabyte motherboard. In BIOS TPM activation is done in Peripherals - Trusted computing 2.0 - Security Device Support - Enable - Save & Exit.
If I haven't explained well enough how to activate TPM you can find video tutorials here, here and here. In any case, YouTube is full of videos on this topic.
4. What Microsoft says about Secure Boot:
"Secure Boot helps you make sure your computer starts using only the manufacturer's trusted firmware. You can usually disable Secure Boot through the computer's firmware (BIOS) menus, but how you disable it varies depending on by the computer manufacturer. "
When enabled and fully configured, Secure Boot helps your computer withstand malware attacks and infections. Secure Boot detects tampering with Boot Loader, operating system key files, and unauthorized ROM options by validating their digital signatures.
How does Secure Boot work?
Secure Boot works as a security gate. The code with valid credentials passes through the gate and is executed. However, Secure Boot blocks and rejects code that has bad credentials or no credentials.
Simply put, Secure Boot checks the integrity of the PC before booting the operating system. If the PC is modified in an unauthorized manner, the operating system is not allowed to start. Unauthorized changes are the result of a virus infection, malware, or even direct intervention (example: crack for Windows activation).
I didn't hit Secure Boot too often. I remember a few years ago, after assembling a new desktop computer, I had a problem, the system did not start. I disabled Secure Boot and it worked. The last time it happened was when I installed Linux Mint in a virtual machine on Hyper-V. It didn't start because Secure Boot was turned on, I turned it off and everything went well.
How do I check if you have Secure Boot enabled on your computer? Press the Windows key and type in the System Information or system inf search window and press ENTER.
A new window called System Information appears and on the second column you look for Secure Boot State. If it is On it means it is activated, if it is Off it must be activated.
I also created a short tutorial on how to enter the UEFI BIOS directly from Windows.
Settings - Update & Security - Recovery - Advacend startup - Restart Now - Troubleshoot - Advanced options - UEFI Firmware Settings - Restart.
Then to enable Secure Boot in UEFI BIOS:
Security - Secure Boot - Secure Boot Control - Enable - Save & Exit.
Here is another tutorial on this topic.
1. Now let's talk about the most important obstacle to compatibility with Windows 11, the processors. About 160 compatible AMD and 540 compatible Intel processors have been listed since the announcement. None older than 2018, most of them in 2019 and 2020. But not all these processors on the market are compatible in these years either. For example, in 2019 we tested an AMD 220GE processor, released in December 2018. Review here. It is not on the list of compatible processors.
Okay, I get this point, but why will Winows 11 be so expensive?
Well, support for Windows 10 will expire in 2025, and then all computers that can't upgrade to Windows 11 will have to go down the line and buy new ones. This is not just about personal PCs, it's about the entire fleet of computers owned by companies that will suddenly become garbage. I can't predict the exact number, but more than half of the computers on the market in 2021 probably won't switch to Windows 11.
They were old anyway. Correct. What should be noted at this point is that Windows 11 is free only if you upgrade, not if you purchase a new system.
Microsoft could change its mind and allow processors older than 2018 to be compatible with Windows 11. He said it could also consider older processors that do not meet the criteria set forth herein. As he said at one point that he could accept TPM 1.2. Subsequently, 2.0 remained.
The fact that Windows 11, the developer version, is currently running on almost any configuration does not mean that in October, when it launches and upgrades to an official version, you will still be able to use it on your incompatible computer.
Talk to you soon and keep up the good content.