The burden of Microsoft’s efforts to secure Windows 10 is now falling on PC, tablet, and smartphone makers.
Microsoft is making a hardware-based security feature called TPM (Trusted Platform Module) 2.0 a minimum requirement on most Windows 10 devices. Starting July 28, the company will require device manufacturers shipping PCs, tablets and smartphones to include TPM 2.0.
TPM has been available for years, mostly on business PCs. TPM 2.0 provides a hardware layer to safeguard user data by managing and storing cryptographic keys in a trusted container.
The TPM requirement “will be enforced through our Windows Hardware Certification program,” Microsoft said in a blog post.
Hardware makers will need to implement TPM 2.0 in the form of chips or firmware. TPM will be activated by default, though it’s not certain if users will have the option to disable it.
TPM could lead to wider use of two-factor authentication in Windows 10 to log into PCs, applications and Web services. For example, Windows Hello—a biometric authentication technique using face, fingerprint, or iris recognition—could be used along with encryption keys in TPM chips to authenticate users.
TPM 2.0 has important security enhancements over the aging TPM 1.2, and is a “minimum hardware requirement for Windows 10 going forward,” Microsoft said in a presentation at UEFI PlugFest in late March.
Many new business laptops, hybrids, and tablets with Intel chips already include TPM 2.0. Low-cost PCs typically don’t have TPM, but will now need to comply with Microsoft’s new hardware requirements. Some Windows laptops now ship with TPM 1.2.
Microsoft is also making TPM 2.0 a requirement for Windows 10 smartphones.
TPM 2.0 won’t be a requirement for devices like Raspberry Pi 3 with Windows 10 IoT Core, a slimmed down version of the desktop Windows 10 OS.
“The goal is to make the PC a more secure platform,” said Kevin Krewell, principal analyst at Tirias Research. Windows is one of the least secure OSes around, he added.
Microsoft is also encouraging Windows 10 PC users to move to advanced hardware like Intel’s Skylake chips, which are more secure than previous platforms.
TPM 2.0 is a specification from Trusted Computing Group, and it was approved as an international standard by ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission) in June last year.