How a banned encryption chip is stopping China from running Windows 11, for now
- For any device looking to run Windows 11, Microsoft has made it a minimum system requirement for it to support the latest TPM 2.0 specification
- China banned foreign TPM chips as far back as 1999 over national security concerns, and has adopted a home-grown equivalent amid clashes with US over tech
Microsoft released Windows 11 on Tuesday but many personal computer users in China found themselves unable to switch to the latest version of the operating system as their devices lack a critical component called a trusted platform module (TPM) chip.
TPM is an international encryption standard and a TPM chip is a component on the motherboard which allows hardware to conform to that standard. A TPM chip not only helps protect a computer from external tampering, it also helps a slew of software to perform encryption tasks.
For any device looking to run Windows 11, Microsoft has made it a minimum system requirement for it to support the latest TPM 2.0 specification.
But China has banned foreign TPM chips as far back as 1999 over national security concerns, and has adopted a home-grown equivalent as it races with the US in setting global tech standards. However, without TPM chips, many PC users in China now find themselves struggling to update to Windows 11.
“Today Microsoft released Windows 11. But the Dell laptops sold in China have filtered out TPM in accordance with China’s policies. So we can’t install it. Looking forward to a China-only version of Windows 11,” a commentator wrote on Weibo, China’s equivalent of Twitter, on Tuesday.
Analysts said the problem would likely be fixed.
Canalys research analyst Himani Mukka said that the Chinese government has particularly strict requirements to make sure TPM modules are made in China and controllable.
“Anything that concerns security is of national importance in China and possibly has to be regulated or dealt with accordingly based on current rules,” said Mukka. “As such, some users in China may be unable to update their Windows operating systems without explicit government approval of TPM modules.”
“It is possible that Microsoft will find a way out of the situation … admittedly, the China market is too big for Microsoft to not make any negotiations around their product offering,” said Mukka.
William Li, semiconductor analyst at Counterpoint Research, said Microsoft has already allowed certain systems to update without the TPM feature enabled. “Those specific offerings are tailored for countries that don‘t allow original encryption technologies, namely China and Russia,” Li said.
Windows is the most popular operating system in China, the world’s second-largest economy and biggest PC market. In the second quarter of this year, total PC shipments in China reached 19.4 million units.
Despite this huge addressable market, Microsoft has not traditionally drawn a large part of its total revenue from the country, partly down to past issues with software piracy. According to the company’s president Brad Smith, in January 2020 China contributed less than 2 per cent of Microsoft’s annual revenue, or around US$2 billion.
Microsoft did not immediately reply to a request for comment sent by the Post on Tuesday.
US, Britain and EU accuse China of sponsoring massive Microsoft email server hack
In a note published in June, Microsoft said that with its permission, original equipment manufacturers (OEM) can ship Windows 11 PCs without TPM chips.
China’s ban on foreign TPM chips has drawn controversy over the years. The TPM standard, first proposed in 2003 by the Trusted Computing Group (TCG) – an alliance of international hardware makers including Intel, IBM, HP and Sony – has been viewed with mistrust by Beijing from the beginning.
To push back against the standard, China rolled out its own standard called the Trusted Cryptography Module (TCM) with the launch of Lenovo’s Hengzhi chip, a TCM encryption chip, in 2005.
In 2010, the US International Trade Commission slammed China for going at it alone with TCM and complicating global supply chains. In a report, the agency said that “Chinese development of TCM is motivated by the desire to reduce royalties for patents embedded in TCG technology standards, and will negatively affect interoperability and globally integrated supply chains.”
Computer companies also found themselves embroiled in the fight between TPM and TCM. In 2005, HP quietly wanted to keep inactivated TPM chips inside their computers in China but they were forced to remove the chips later on. In 2012, The Register reported that Intel was working behind the scenes to strike a deal with Chinese regulators to make TCM interoperable with the rest of the world.
In the lead-up to Windows 11’s release, Microsoft has been actively lobbying for TPM, saying that it will bring major benefits in terms of device safety.
At its most basic level, a TPM chip plays a critical part in keeping a laptop shut if it was stolen or accessed by a hacker who is looking to tamper with its encrypted drive. TPM also helps email clients such as Outlook handle encrypted messages, and web browsers including Firefox and Chrome to maintain SSL certificates for websites. TPM is also crucial for computers to run anti-cheat software for video games.
Days before Windows 11’s launch, many computer enthusiasts released various circumvention tools to help unqualified PCs to cheat Windows 11’s TPM check. However, these workarounds, which require a high level of tech savvy to implement, come with heavy compromises.
PCs around the world will all be affected by Microsoft’s strict requirement for TPM 2.0. Recent research published by IT management outfit Lansweeper, which examined 30 million Windows devices, showed that nearly half of surveyed machines do not have TPM enabled, though it did not specify how many devices have TPM chips embedded and are capable of enabling the technology.
When Microsoft first unveiled Windows 11 and its minimum system requirements, TPM chips prices soared as scalpers moved to stockpile the components. According to screenshots shared on Twitter, certain types of TPM chips saw their prices jump from US$24.9 to US$99.9 in just 12 hours.