In today's main article, we talked about the need for continuing Windows 10 support because the vast majority of PC's today Windows 11 requires TPM (Trusted Platform Module) but only newer PCs (circa >2018) have it.

I've always wondered why a tech company couldn't simply create a USB-based TPM device so that older machines would be able to meet the requirements of Windows 11, so I decided to ask ChatGPT some questions. I thought the answers were fascinating, so I decided to put together a Q&A style article.

Here's a breakdown of those questions in case you want to skip right to the answer:

• Why does Microsoft Require TPM 2.0 on the Motherboard?
• Are There Workarounds to the Windows 11 TPM Requirement?
• What Would happen if Windows 11 used a USB-based TPM?
• What is SPI and LPC and how does it affect TPM?
• Can I add a TPM Module to My Motherboard?
• How To Check If Your Motherboard Supports External TPM
• What is the estimated number of PCs that don't have TPM vs ones that do?
• Estimated Global PC TPM Adoption in 2025
• Total Number of PCs in Use (2025 Estimate)
• PCs without TPM 2.0 in 2025
• PCs with TPM vs those Without: Trend

Q. Why Does Microsoft Require TPM 2.0 on the Motherboard?

Windows 11 mandates TPM 2.0 primarily to enforce secure boot, measured boot, and BitLocker encryption.

These features rely on a hardware root of trust to:

• Prevent unauthorized firmware changes
• Store cryptographic keys securely
• Provide tamper detection and attestation

To be trusted, TPM must:

• Be resistant to tampering
• Boot with the system before the OS
• Be uniquely bound to the hardware

A removable USB device doesn't meet those conditions, especially the third one - it's inherently portable, so it can't form a trusted, persistent, and unchangeable identity for a specific machine.

Why a USB-Based TPM Isn't Widely Available

A USB-based TPM isn't widely available because of the following reasons:

Microsoft's spec excludes it: the official Windows 11 certification guidelines require TPM 2.0 to be either discrete (dTPM) or firmware-based (fTPM) - both embedded or locked into the system board. USB TPMs are not recognized as valid.

Security risk of a removable TPM: a USB device can be unplugged or cloned. That introduces risk of key theft, inability to enforce secure boot chain, and easier attack vectors for malware or rootkits.

Market demand vs. complexity: few users want to carry a dongle just to boot their system. Also, making it user-friendly while maintaining security is a hard balance to strike. Most consumer PCs already include firmware TPM (fTPM) in the CPU (AMD/Intel), so the need is decreasing.

Are There Workarounds to the Windows 11 TPM Requirement?

Yes - some workstations and servers do use external TPMs via LPC or SPI, but that's not USB, and it's not consumer-friendly.

Also, some modders and enthusiasts have bypassed Windows 11's TPM check, but that defeats the security purpose.

What Would happen if Windows 11 used a USB-based TPM?

If Microsoft wanted to allow USB TPMs, they'd have to:

• Add native OS support and drivers for them at boot level
   
• Ensure they're present before the OS loads
   
• Guarantee cryptographic binding to the device (hard to do with removable storage)

But for now, Microsoft sees the risk of a USB-based TPM as too high compared to the security benefit.

Q. What is SPI and LPC and how does it affect TPM?

Both SPI (Serial Peripheral Interface) and LPC (Low Pin Count) are hardware communication interfaces used on PC motherboards to connect peripheral devices - like TPM chips - to the CPU or chipset.

1. SPI (Serial Peripheral Interface)

Purpose: High-speed communication with embedded devices like BIOS chips, TPMs, flash memory.

Speed: Faster than LPC.

Wiring: 4 main lines: MISO, MOSI, SCLK, and CS (plus power/ground).

Use Case:

• Often used to connect TPM 2.0 modules to newer motherboards.
   
• Also used to read/write BIOS/UEFI firmware from a chip.
   
• Example: If you buy a discrete TPM module for an ASUS or Gigabyte motherboard, it likely connects via SPI header (often a 14-pin or 12-pin socket).

2. LPC (Low Pin Count)

Purpose: Legacy interface for slow, low-bandwidth devices - used a lot in older PCs.

Speed: Slower than SPI, but enough for TPM 1.2.

Wiring: 7 signals plus power/ground.

Use Case:

• Used in older motherboards to connect to TPM 1.2 modules.
   
• Also used for connecting Super I/O chips (which control serial ports, fans, legacy peripherals).
   
• Example: Older Dell or Lenovo business desktops may have a TPM 1.2 chip connected via LPC.

Can I add a TPM Module to My Motherboard?

If you're thinking about adding a discrete TPM module, your motherboard must have a dedicated SPI or LPC header. You can't just plug one into USB or PCIe without special support and firmware integration.

TPM 1.2 -> usually uses LPC

TPM 2.0 -> usually uses SPI

You can't use a TPM unless the motherboard firmware (BIOS/UEFI) supports it. Just soldering it in or plugging it into a header won't make it work unless the board knows how to talk to it.

How To Check If Your Motherboard Supports External TPM

To check if your motherboard supports 'external TPM' (a module that plugs onto the motherboard):

• Look at the motherboard manual for headers named TPM, SPI_TPM, or LPC_TPM.
   
• Check BIOS/UEFI for TPM options (Firmware TPM / PTT / fTPM).
   
• Manufacturers like ASUS, Gigabyte, MSI, ASRock often list compatible TPM modules.

Q. What is the estimated number of PCs that don't have TPM vs ones that do?

As of 2025, the best estimate for the number of PCs that don't have TPM (vs ones that do) is based on current trends, shipments, and global hardware.

Estimated Global PC TPM Adoption in 2025

• PCs with TPM 2.0 (Firmware or Discrete): approximately 85 - 90%
   
• PCs without TPM or only TPM 1.2: approximately 10 - 15%

Total Number of PCs in Use (2025 Estimate):

According to IDC and Statista estimates, there are roughly 2.25 - 2.5 billion PCs in active use worldwide (including desktops and laptops).

Of these, around 1.9 - 2.2 billion PCs likely have TPM 2.0 support.

Here's the Breakdown of PCs with TPM:

• Modern systems (after 2016-2018ish)
   
• Most Intel CPUs from 6th-gen (Skylake) onward support PTT (Platform Trust Technology) = Intel's version of firmware TPM 2.0.
   
• Most AMD CPUs from Zen+ (2018) onward support fTPM.
   
• Business laptops/desktops: almost universally TPM-equipped due to enterprise requirements.
   
• Gaming and enthusiast builds (last 5-7 years): typically have TPM headers or firmware TPM via UEFI.

PCs without TPM 2.0 in 2025

There are still plenty of systems that don't support TPM. This includes:

• Older consumer systems (pre-2015)
   
• DIY desktops with older motherboards
   
• Low-end or niche builds (some embedded systems, media PCs, or budget laptops/tablets)
   
• Devices with TPM 1.2 only: Not eligible for Windows 11 without modification.
   
• Estimate: 250 to 350 million PCs globally may still lack TPM 2.0 or support only TPM 1.2.

PCs with TPM vs those Without: Trend

The number of non-TPM systems is shrinking fast, as Windows 11 adoption increases and older hardware is retired.

By 2026, the TPM 2.0 coverage will likely exceed 95% for actively-used Windows-compatible PCs.

Many users have TPM 2.0 but don't know it, because it's disabled in BIOS (especially on custom or older OEM machines).

Enabling fTPM or PTT in UEFI is often all that's needed.

About the author: ChatGPT wrote most of this article, but Dennis curated it. Dennis Faas is the CEO and owner of Infopackets.com. Since 2001, Dennis has dedicated his entire professional career helping others with technology-related issues with his unique style of writing in the form of questions-and-answers; click here to read all 2,000+ of Dennis' articles online this site. In 2014, Dennis shifted his focus to cyber crime mitigation, including technical support fraud and in 2019, online blackmail. Dennis has received many accolades during his tenure: click here to view Dennis' credentials online DennisFaas.com; click here to see Dennis' Bachelor's Degree in Computer Science (1999); click here to read an article written about Dennis by Alan Gardyne of Associate Programs (2003). And finally, click here to view a recommendation for Dennis' services from the University of Florida (dated 2006).