Can My Machine Run Windows 11?

Introduction

On June 24th, 2021, Microsoft had a live online presentation where they revealed some details about the upcoming Windows 11 client operating system. Windows 11 is due to release by the 2021 Holiday season (perhaps in October), and it will be a free upgrade. This post will try to answer the question, Can My Machine Run Windows 11?

Since the announcement last week, there have been a number of breathless takes on the subject. For example, Jason Perlow penned “Orphaned by Windows 11? I’m mad as hell and I’m not gonna take it anymore“, which is one of the worst examples. Another hot take is “What Windows 11 means: We’ll be stuck with millions of Windows 10 zombies” from David Gewirtz.

What Has Changed?

Unlike previous Windows releases, Microsoft is trying to enforce some stricter minimum hardware/firmware security and processor generation standards for Windows 11. This is causing quite a bit of public angst. Too much in my opinion.

I’m old enough to remember how much flak that Microsoft got over their Windows Vista capable and Vista premium programs. Now, Microsoft is taking a more aggressive stance, and they are still being criticized.

Microsoft is mandating Trusted Platform Module (TPM) usage, which can be a discrete hardware TPM, or a firmware TPM. This is the first hurdle.

The second hurdle is mandating standards about the processor generation of the installed processor.

For Intel, anything older than 8th Generation Core “Coffee Lake” (Q4 2017) is not supported. With AMD anything older than 12nm Zen+ (Q2 2018) will not be supported on Windows 11. This will hit AMD a little harder than Intel. On the other hand, AMD’s desktop and mobile market share was miniscule in 2017/2018, so not as many AMD machines will be affected.

Here are some example high-end processors that don’t make the grade for Windows 11. These were all top-of the line, enthuisiast processors when they were released. You could argue that these are all still viable processors for many workloads (even though they don’t compare well to the latest generation processors).

The unfortunate reality is that many people will have far less powerful processors from those same generation processor families. Instead of a 4C/8T 2017 flagship Core i7-7700K, your relatives might have something much more pedestrian. For example, a 2C/4T Core i3-7300 processor. Lower tier processor SKUs from older processor generations will have more performance challenges.

Here are the official lists of supported processors from Intel and AMD.

Update: In the face of overwhelming criticism, Microsoft seems to be backing off on the processor requirements for preview builds from the Windows Insider Program. They “will test to identify devices running on Intel 7th generation and AMD Zen 1 that may meet our principles.”

How Can I Check My Machine?

There are several ways. First, Microsoft has a “PC Healthcheck Tool” that is designed to check whether your machine meets the requirements for Windows 11. This tool has been updated since the initial release on June 24th, so it is a little more helpful now.

The initial release (version 2.1.2106.23002) didn’t tell you why your machine didn’t qualify for Windows 11. A newer release. (version 2.3.2106.25001) at least tells you the main reason that your machine fails the check.

Update: Microsoft has decided to pull this tool completely, promising that it will be back online in the fall.

Can My Machine Run Windows 11?
Lenovo Legion 5 Passing Windows 11 Check

You can also do some manual checking with various tools. First you can check your TPM situation several ways.

  1. Windows Security, Device Security
  2. Device Manager, Security Devices
  3. TPM.MSC

The first way is under Windows Security, Device Security. If you check your current system, you may see this. This could mean that your system does not have a discrete hardware TPM, or it does not have a firmware TPM, or that they are not enabled.

Fortunately, you don’t actually need a discrete hardware TPM. Most recent vintage systems have some sort of firmware TPM functionality supplied by the UEFI BIOS.

Can My Machine Run Windows 11?
Standard Hardware Security Not Supported

Here is an example of how one of my DIY AMD desktop systems looks with fTPM enabled. This will be a BIOS setting that you will have to find and enable. Intel typically calls it PTT (Platform Trust Technology), while AMD usually calls it fTPM (Firmware Trusted Platform Module).

Security Processor Details

The second way is to check Windows Device Manager, looking under Security Devices. This is an HP Spectre laptop that lists a Trusted Platform Module 2.0 device.

Trusted Platform Module 2.0 device

The third way to check is to run TPM.MSC. These are the results on a four year old HP Spectre laptop that I have. This OEM machine has an Infinion TPM installed.

TPM.MSC Results on HP Spectre Laptop

Before you give up on TPM, consult the documentation for your motherboard or system to see what options you might have. This is more of a problem for DIY systems than OEM systems.

Most recent vintage DIY desktop motherboards have a TPM header, but no actual TPM installed. You might consider purchasing a discrete hardware TPM, which normally costs about $15-20. Unfortunately, scalpers have already jacked up the prices to 4X to 5X so far. Perhaps reality will set in and TPM prices will go back to normal.

What Can You Do About This?

First of all, stop and take a breath. The situation is not as bad as some would have you believe. If you have an OEM system that meets the minimum processor requirements, you will probably also have TPM support and you will be fine. You might have to enable a BIOS setting, but many OEM systems are already configured correctly from the factory.

If your OEM system does not meet the minimum processor requirements, then you can either stay on Windows 10 or you can get a new system. Obviously, not everyone wants to get a new system (or can afford one). But, if your situation allows, you will probably be much happier with a brand new system instead of a four year old (or older) system. Brand new OEM systems have so many advantages and improvements compared to a legacy OEM system.

DIY Systems

With a DIY system, you have a few more options in some cases. Again, if your system meets the minimum processor requirements, you will probably have a discrete TPM header or firmware TPM support.

With an Intel-based DIY system, you will need to replace many core components to get on a new enough generation processor. For example, if you have a 7th Generation Core i7-7700K, you will have to replace the CPU and your motherboard with something that supports 8th Generation or newer. You will also probably want to replace your RAM.

If possible, I would prefer to just buy or build a brand new system for this rather than trying to reuse components from the old system. This lets you get your new system working without breaking the old system.

With an AMD-based DIY system, you might have a few more options. You might be able to use a Zen+ or Zen 2 processor in your existing motherboard. Make sure to check the processor compatibility for your particular motherboard first though. You should still have the same TPM options as you would with an Intel system.

Whatever you do, don’t panic and pay a scalper $100 for a TPM!

Windows 10 Isn’t Going Anywhere

According to their product lifecycle page, Windows 10 will be supported until October 14th, 2025. The specific quote is:

Microsoft will continue to support at least one Windows 10 Semi-Annual Channel until October 14, 2025.

Windows 10 Home and Pro – Microsoft Lifecycle | Microsoft Docs

This means that your current machine can safely stay on Windows 10 for quite a while if it doesn’t meet the minimum security hardware requirements for Windows 11. This is not an immediate doomsday scenario!

Related Reading

Here are some related posts on this subject.

Final Words

Unfortunately, Microsoft has handled the rollout of these tougher hardware and security requirements pretty poorly. They should have anticipated some of the objections and had a better story explaining the security and performance benefits. Microsoft should have had consistent documentation and a unified message that tied this all together.

Tightening security at the hardware and firmware level is a good thing. It is not a panacea, but it will be beneficial. If you read through the release notes and launch slides for new processor generations, you will see that they often have important security improvements.

BTW, Microsoft has a lot of background information about what a TPM is and how it is used here.

If you have any questions about this post, please ask me here in the comments or on Twitter. I am pretty active on Twitter as GlennAlanBerryThanks for reading!

AMD, Intel, PC Hardware, Windows 11

Leave a Reply

%d bloggers like this: