All new Windows 10 PCs to have Trusted Platform Module 2.0 enabled by default with Redstone

When Microsoft initially introduced the concept of trusted computing via hardware enforcement of the cryptographic integrity of the operating system in the early 2000s there was a massive outcry which set the Trusted Computing initiative back a decade, and let malware and rootkits run free on the operating system.

The growth of smartphones, which came with this technology from the start, has given Microsoft the opportunity to try again, and with Windows Vista we once again saw the introduction of support for hardware signing of the OS via the Trusted Platform Module, an industry standard which safely stores the hardware keys which ensures secure boot and that the operating system you use has not been compromised along the way. The feature is an important part of Bitlocker.

Now with Windows 10 Anniversary Edition aka Redstone, support for the Trusted Platform Module has become mandatory and will be enabled by default, meaning we should see a slow phasing out of devices vulnerable to rootkits and other malware which compromise computers at that level.

The news was revealed at WinHec 2016 recently, as noted in the slides below.

It is of note that TPM has been a requirement of Windows Phone since its inception, and was also built into the ARM version of Windows 8. Its presence is not a complete positive, as it can cause users to be locked out of their computers due to trivial changes in hardware such as firmware upgrades on hard drives with little hope for recovery, and it has also been criticized for its potential to block users from installing other operating systems on their hardware or eventually the ability to restrict users from running unsigned software.  As of yet however all motherboards allow users to disable to feature, leaving users free to use their hardware as they please.

Read more about the technology at Microsoft’s Technet here.