Microsoft, time and time once more, has defined why options like TPM (Trusted Platform Module) 2.0, VBS (Virtualization-based Safety), and Safe Boot are vital for a Home windows 11 PC. Whereas they’ve been obtainable since earlier than, Microsoft made these obligatory with Home windows 11 citing the improved safety advantages they introduced, and it had additionally revealed visible demos to raised clarify how.

That was again in 2021. Quick ahead to as of late, with the discharge of the Home windows 11 24H2 function replace (which simply grew to become downloadable to extra customers), the corporate just lately up to date one of many help articles on its official web site. Neowin found this modification whereas shopping the interwebs.

The article is about Automated Gadget Encryption by way of BitLocker, which Microsoft refers to as “Auto-DE”, and a selected part of this doc was up to date to mirror why TPM and Safe Boot are required for Gadget Encryption.

Beforehand, it said:

Why is not Gadget Encryption obtainable?

Listed here are the steps to find out why Gadget Encryption won’t be obtainable:

1. From Begin kind System Info, right-click System Info within the checklist of outcomes, then choose Run as administrator

2. Within the System Abstract – Merchandise‘s checklist, search for the worth of Automated Gadget Encryption Help or Gadget Encryption Help

• The worth offers the explanation why Gadget Encryption cannot be enabled

• If the worth says Meets conditions, then Gadget Encryption is out there in your gadget.

And here is what the up to date web page says now:

Why is not Gadget Encryption obtainable?

Listed here are the steps to find out why Gadget Encryption won’t be obtainable:

1. From Begin kind System Info, right-click System Info within the checklist of outcomes, then choose Run as administrator

2. Within the System Abstract – Merchandise‘s checklist, search for the worth of Automated Gadget Encryption Help or Gadget Encryption Help

   The worth describes the help standing of Gadget Encryption:

• Meets conditions: Gadget Encryption is out there in your gadget

• TPM will not be usable: your gadget would not have a Trusted Platform Module (TPM), or the TPM is not enabled within the BIOS or within the UEFI

• WinRE will not be configured: your gadget would not have Home windows Restoration Atmosphere configured

• PCR7 binding will not be supported: Safe Boot is disabled within the BIOS/UEFI, or you have got peripherals linked to your gadget throughout boot (like specialised community interfaces, docking stations, or exterior graphic card)

Primarily, the article particulars what these unmet “conditions” are. They embrace TPM, WinRE (Home windows Restoration Atmosphere), and Safe Boot. Moreover these, Microsoft additionally mentions PCR7.

PCR, or Platform Configuration Register, is a reminiscence location on the TPM and is used for storing hash algorithms. PCR profile 7, or PCR7, is what BitLocker binds with. This binding ensures {that a} cryptographic key, on this case, the BitLocker key, hundreds solely throughout a sure time throughout booting, neither earlier than nor after.

That is the place Safe Boot is available in because it verifies and validates the mandatory Microsoft Home windows PCA 2011 certificates throughout booting, since an invalid signature results in BitLocker utilizing profiles apart from 7.

For these questioning what this fuss about BitLocker and encryption on Home windows 11 24H2 is, the Redmond large lowered the OEM necessities for Auto-DE on the newest Home windows model and thus even Residence PCs may be routinely encrypted. Quickly after, the corporate additionally launched a useful restoration and backup information for the BitLocker key which ought to be a wise factor to bookmark.

Third-party backup and cloning apps like Acronis are additionally baking in related adjustments for a similar.

That is Microsoft’s manner of letting why it’s best to stick with an formally eligible PC on its newest model of Home windows, and the corporate’s official stance is that you simply get a brand new PC if yours is just too previous.

Not too long ago, the corporate additionally clarified its present place relating to the system necessities of Home windows 11 on unsupported {hardware} after explaining how TPM 2.0 is a non-negotiable customary on its OS.