TPM: not just for BitLocker anymore —
New requirements aren’t being enforced on Windows 10—at least not yet.
Andrew Cunningham
–
Enlarge / Vanguard-protected titles like Valorant will require more security features when running on Windows 11.
We already know that Windows 11 will officially require a TPM 2.0 module and Secure Boot support for installation when the operating system is released on October 5, but it looks like Riot Games’ Vanguard anti-cheat software will be getting in on the fun, too. Users running Vanguard on Windows 11 systems have seen pop-ups notifying them that a TPM 2.0 module and Secure Boot support will both need to be present and enabled before Vanguard-protected games like Valorant will run on a Windows 11 PC. PCGamer reports that those requirements do not appear to apply to Windows 10 users, at least not yet (any Windows 10 system bought or built within the last five years or so will usually include TPM 2.0 and Secure Boot support, though one or both may be disabled by default).
Vanguard is already notable for the low-level access it has to your system—it uses a kernel-mode driver that launches when Windows boots, whether you’re playing a game that requires it or not. Shut down Vanguard for any reason, and you need to reboot Windows before you can launch a protected game. Services like Easy Anti-Cheat also advertise kernel-level protection.
These kernel-level services do work better than anti-cheat services that run in “user mode” with most of your other apps, but buggy or compromised kernel-level software can also potentially cause more instability and security problems. They also aren’t foolproof; external hardware can still be used to get around kernel-level anti-cheat software, and many online games rely on user reports to identify and ban cheaters.
Windows 11 will be able to run on TPM-less systems in some fashion if you have an older computer without a built-in TPM or if you just opt to use Windows with your TPM disabled. Vanguard is one of the first apps we’re aware of that is also requiring a TPM when running on Windows 11 instead of just assuming that the TPM is there because Windows 11 is running. TPMs have historically been used primarily for security features like BitLocker disk encryption—important but not something that makes a big difference in the day-to-day experience of running apps on your PC. Windows 11’s new security requirements will likely lead to even more software taking advantage of the module, since programs will be able to assume that it’s present and enabled on most Windows 11 PCs.