Microsoft mandates minimum hardware specs for security in Windows 10 devices

From today, Trusted Platform Module 2.0 support will be required for all new Windows 10 PCs, smartphones and tablets

Microsoft is mandating a series of hardware changes for companies making Windows 10 devices that are intended to improve security.

Starting today, PC makers will be required to build all Windows 10 PCs, smartphones and tablets to the Trusted Platform Module (TPM) 2.0 specification.

TPM 2.0 is an international standard led by an industry group called the Trusted Computing Group. This provides a secure area to store authentication keys built into the hardware of the device. The TPM 2.0 function can be firmware-based, integrated into the silicon, or a module built into the device.

In a nutshell, it provides cryptographic features embedded in silicon and embedded into the device. TPM 2.0 supports new authentication modes and new algorithms, including SHA-2 and SHA-256. A number of Windows 10 features, including BitLocker, Credential Guard, Measured Boot, Device Health Attestation and Virtual Smartcard all require TPM, and their security ought to be improved by TPM 2.0.

TPM 2.0 needs to be built into devices as follows:

The forthcoming anniversary update to Windows 10 will complete the work that Microsoft has been doing to support TPM 2.0 in Windows 10. That will be shipped from 2 August, and auto-updated to all Windows 10 devices. Prior to that, Windows 10 had only supported version 1.0 of the TPM.

For Microsoft, part of the aim is to push its Windows Hello authentication, which uses biometrics to log users in, across all Windows 10-based devices. The security system supports facial, fingerprint and iris recognition, enabling users to log-in with just a glance once it has been set up. That, at least, is the theory.

Windows Hello is being integrated into a variety of Microsoft devices, not just PCs, smartphones and tablets, but also the Xbox games console and the HoloLens augmented reality headset.