Microsoft has had six years to prepare for the launch of Windows 11, but the company is still struggling to explain its new hardware requirements. Windows 11 officially supports Intel 8th generation Coffee Lake or Zen 2 CPUs and later, leaving behind millions of PCs sold during the launch of Windows 10.
It’s an unusual surprise if you’ve bought a new PC for Windows 10, or maybe you have a perfectly compatible machine that’s even older. Windows 11 requires Intel 8th generation Coffee Lake or Zen 2 CPUs and later, TPM 2.0 (Trusted Platform Module) support, 4 GB RAM and 64 GB storage.
Microsoft typically does not enforce such specific processor requirements with Windows – with both Windows 8 and Windows 10 requiring only a 1 GHz processor, 1 GB of RAM (2 GB to 64-bit) and 16 GB of storage (20 GB to 64-bit) . Power users of Windows and both IT administrators have built up an expectation of being able to upgrade to the latest operating system no matter what hardware they are running. It looks like it’s about to end with Windows 11.
After much confusion last week, Microsoft tried to explain its hardware requirements again yesterday, and it sounds like the main driver behind these changes is security. Along with Microsoft’s hardware requirements is a push to enable a more modern BIOS (UEFI) that supports features such as Secure Boot and TPM 2.0 (Trusted Platform Module).
When you combine TPM with some of the virtualization technologies that Microsoft uses in Windows, there is an understandable security benefit that we have discussed in detail in the past. Microsoft claims that a combination of Windows Hello, Device Encryption, virtualization-based security, hypervisor-protected code integrity (HVCI) and Secure Boot “has been shown to reduce malware by 60 percent.”
Of course, you need modern hardware to enable all of these protections, and Microsoft has been building up to this moment for years. TPM support has been a requirement for OEMs to obtain Windows certification since around the release of Windows 10, but Microsoft has not forced businesses or consumers to enable it.
Microsoft’s decision to force Windows 11 users to TPM, Secure Boot and more comes at a crucial moment for Windows. It’s Microsoft’s operating system that is always caught in ransomware and malware attacks, and things only get worse if the level of Windows hardware security does not go up.
The delicate balance between security and the typical openness of Windows is something that Microsoft will struggle with over the next decade as it struggles to modernize Windows and the understandable setback. While Microsoft is relinquishing its new hardware requirements during the pre-phase of Windows 11, we still do not know exactly which devices will be supported when it launches later this year.
Microsoft tried to offer more clarity around this yesterday, but it was not the level of detail we were hoping for. “When we release to Windows Insiders and work with our OEMs, we will test to identify devices running on Intel 7th generation and AMD Zen 1 that may adhere to our principles,” said a blog post from the Windows team. That could be good news for Surface Studio 2, a $ 3,499 device that Microsoft is still selling with a 7th generation chip that is not on the Windows 11 list.
The same blog post also revealed that 7th Genes is probably as far back as Microsoft is willing to admit. “We also know that devices running on the 6th generation of Intel and AMD pre-Zen will not” meet Microsoft’s minimum system requirements, “the blog post said before it was edited to remove this line. It’s not clear why Intel’s sixth generation chips are definitely off the list, but part of that decision could be related to Specter and Meltdown – two major security issues for computer processors that affected almost every device made in 20 years.
“Microsoft’s CPU choice for Windows 11 does not look much like performance at all, but looks like security reduction for side channel attacks,” says Patrick Moorhead, chief analyst at Moor Insights and Strategy. “It also helps chip makers focus driver work on the future, not the past.”
Side channel attacks like Specter and Meltdown were revealed just before Intel implemented hardware restrictions to protect against some speculative execution attacks in some 8.Gen chips in 2018. Not all Intel 8.Gen chips include these hardware outages, but Microsoft has set a specific cut of 8 generation and above. Microsoft has not fully explained this decision, and the company is now asking people to wait and see if it is able to include more older machines during its testing. Either way, there will be a CPU cutoff that will affect millions of PCs.
Critics of Microsoft’s approach note that this move will generate unnecessary e-waste as consumers move to upgrade PCs that are more than capable of running Windows 11. The complexity of TPM and UEFI is also being discussed by IT administrators , especially if devices are not configured to use these technologies yet.
Security expert Kevin Beaumont, who spent nearly a year at Microsoft during the pandemic, has criticized the company over its Windows 11 hardware requirements. “In the midst of a pandemic when organizations hurt, with a global chip shortage, Microsoft [is] trying to get people to replace things for safety reasons that are questionable, ”Beaumont said on Twitter. “Buy a surface? No. Create a better operating system. ”
In the midst of a pandemic, when organizations hurt, with a global chip shortage, MS is trying to get people to replace things for security reasons that are questionable.
Buy a surface? No. Create a better operating system.
– Kevin Beaumont (@GossiTheDog) June 28, 2021
Microsoft’s hardware changes also arrive just weeks after Apple announced macOS Monterey with support for Mac Pros sold in late 2013 and beyond, and Mac Minis sold from late 2014 onwards. Of course, Apple does not have to support a massive selection of hardware configurations like Microsoft does, but the latest version of macOS still runs on systems that are eight years old. Microsoft’s changes mean that some PCs that are only three years old will be excluded from the Windows 11 upgrade.
However, there will be some exceptions to Microsoft’s new rules. “Windows 11 does not use the Virtualization instance hardware compliance check during either installation or upgrade,” notes a Microsoft document (PDF) on minimum hardware requirements for Windows 11. This means that if you run Windows 11 as a virtual machine, you can ignore CPU and the safety requirements. It flies in front of Microsoft’s big security button here, but the reality is that most consumers and commercial customers are not running Windows 11 in a VM.
Microsoft still has a few months left to test Windows 11, and feedback from preview will inform “any adjustments [Microsoft] should meet our minimum system requirements in the future. The software maker has also removed its PC Health Check app, which led to much confusion about Windows 11 upgrades. “We recognize that it was not fully prepared to share the level of detail or accuracy you expected of us as to why a Windows 10 PC does not meet the upgrade requirements,” says the Windows team.
It gives Microsoft some breathing space between now and launch, and enough time for testers to play with Windows 11 without these new restrictions. However, if you are testing Windows 11 right now on an older CPU that is not on the official list, chances are you will need to reinstall Windows 10 at the end of the preview period.
Microsoft is giving testers access to Windows 11 on a wide range of hardware during the preview, but it plans to apply these new restrictions at launch. I would be surprised if there is a major change in these hardware requirements later in the year, other than Microsoft stepping back to some 7th generation chips. So enjoy testing Windows 11 while you still can.