With windows 11 rolling out, Microsoft have taken the opportunity to set a new minimum hardware requirement for its operating system. While most of the requirements are an understandable raise from what Windows 10 was asking, some do stand out. Let’s look at the changes:
|Windows 10||Windows 11|
|Processor||1 gigahertz (GHz) or faster*||1 gigahertz (GHz) or faster with 2 or more cores*|
|Ram||1 gigabyte (GB) for 32-bit or 2 GB for 64-bit||4 gigabytes (GB)|
|Storage||16 GB for 32-bit OS 32 GB for 64-bit OS||64 GB or larger storage device|
|System firmware||None specified||UEFI, Secure Boot capable|
|TPM||2.0 required for OEM||Trusted Platform Module (TPM) version 2.0|
|Graphics card||DirectX 9 or later with WDDM 1.0 driver||Compatible with DirectX 12 or later with WDDM 2.0 driver|
|Display||800×600||High definition (720p) display|
|Internet connectivity||Required for updates, and for device set up for devices in S mode||Required for updates, and set up of windows 11 home edition|
While the processor requirements seem simple enough at a first glance, the real catch is with what CPUs Microsoft have validated for official support. Notably, Microsoft list desktop processors back to Ryzen Zen 2 series for AMD, and 8th gen Core series for Intel. Those just came out in 2018 and 2017 respectively. There will also be no 32 bit version of windows 11, but as Microsoft had phased out the 32 bit version of windows 10 from early 2020, this isn’t a surprise.
Given the wide range of CPUs that can run windows 10, this is quite a tight restriction for Windows 11, but the choice was not arbitrary. Microsoft have officially stated that they chose this cut off as these CPUs (and newer) support the new Windows Driver model, and that systems using this model have a 99.8% crash free experience. As you will see with other requirements, Microsoft are wanting to push certain standards to raise the reliability and security bar on windows 11.
However, if you are running a slightly older Zen 1 or 7th gen CPU, there might be a bit of hope, as Microsoft have stated they are testing those devices through the insider’s program. Although there is nothing official yet, they have stated that the results of the testing will be shared over time.
TPM and Firmware
The two requirements that caused the biggest stir was easily the requirement for a UEFI Secure boot capable system, and a TPM. But just what are they, and what do they do?
When a PC starts up, the first thing to run is the BIOS (Basic Input/Output System). The job of this bit of software is to initialize hardware, run a quick test to check the hardware is ok, and load the Operating system. Think of it like how the ignition starts a car, or your morning Coffee gets you going when you wake up.
However, the BIOS standard is quite old at this point, and has several restrictions associated with it. UEFI (Unified Extensible Firmware Interface) is the more modern standard with benefits such as support for larger drives, a pre-OS environment with a graphical interface, overclocking support, support for multiple Operating system loaders, as well as several security enhancements.
The 2.0 spec of UEFI has been around since 2006 and has become the standard for modern PCs. Because of this, the UEFI is still often referred to as the BIOS. Even if the system is using the newer standard. At this point, dropping support for the old BIOS standard makes sense, given the modern CPU requirements previously mentioned as anyone with those CPUs will have a UEFI system.
Secure Boot is a newer feature of UEFI that ensures a device will only boot using trusted software and drivers, providing protection against malware, rootkits and booting into a compromised system. Most newer pcs will have this enabled, but it can otherwise be easily turned on through the UEFI menu.
TPMs (Trusted Platform Module) are special bits of hardware that can generate and store cryptographic keys. TPMs will use a true Random Number Generator, using something like temperature fluctuations to generate these keys. TPMs are a notable requirement for Bitlocker, Windows drive encryption. When a drive is encrypted, the TPM generates and stores a key to unlock the drive when it is needed during start-up. This protects against hard drive theft, as without the TPM on the original PC, you won’t be able to get into the encrypted drive. The TPM can also be used to add further protection against malware, and be used by programs to handle SSL certificates, or key-signed emails in applications like Outlook.
TPMs are not new and have actually been a requirement for new windows 10 devices since 2016, so if you have a newer PC you should have one already. A TPM is typically installed in one of two ways. First, it can be its own dedicated bit of hardware (a discrete TPM) that is installed onto a header on a motherboard, much like how USB connectors are attached.
However, both Intel and AMD have TPM implementations directly in their CPUs since Intel’s 4th generation Core series and AMDs Ryzen series processors. These are known as firmware TPMs and can show up as an fTPM for a Ryzen CPU, or IPTT (Intel Platform Trust Technology) in the UEFI settings. For most people, this is the TPM that they will use. Given the CPU requirements for Windows 11, a compatible CPU will also have a firmware TPM built right into it so there is no need for any extra hardware.
So why is Microsoft pushing for these requirements in Windows 11? Well, it comes down to security. Microsoft claims that the combination of secure boot, a TPM and other technologies can reduce malware by up to 60%. With malware becoming more and more common, it is understandable why Microsoft wants to add extra security and protections to the windows platform. In an ever more security and privacy conscious world, Windows needed to keep up with the times. With these new requirements in place, we can expect to see Microsoft improve the security and stability of Windows over the life of windows 11.
Although this may prevent some users from upgrading due to the hardware requirements, Windows 10 will be in support through to 2025 so there is no need to ditch your PC just yet.