Updates regarding pre-TPM hardware are ongoing beyond October.
Updates regarding pre-TPM hardware are ongoing beyond October.
In essence, the situation involved ransomware incidents combined with malware targeting CPU vulnerabilities in both x86 and ARM architectures. Minimum requirements included fTPM, MBEC (Intel) and GMET (AMD) support, and VBS functionality with low CPU impact. Enabling HVCI without specific CPU commands could reduce performance by 20% to 40% due to frequent context switches between kernel and user processes. SQL performance suffered notably. Microsoft emphasized security over consumer features, aiming for enterprise-focused Windows 11 while the consumer segment had to adapt.
It seems many hardware makers might have been aware of the upcoming W11 transition, but they didn’t act sooner. If they had implemented changes earlier—two or three generations ago—the situation could have been different. Performance didn’t drop noticeably from W10 to W11, though RAM usage did increase slightly. My systems with 16GB RAM weren’t too affected by this shift.
7th generation Intel models included fTPM and MBEC as a first-generation feature. There are whispers about some problems, but it seems Microsoft chose not to resolve them, which might explain why they moved to the 8th generation. I’m not convinced by that idea since the Surface Book 2 ran on an i5-7300U and supports Windows 11. VBS was designed to safeguard kernel areas from malware, and MBEC followed a year later to reduce performance effects. Speculative execution attacks seem to be pushing further improvements in VBS and HVCI. Still, CPU development often takes years before reaching final production, so it’s possible they simply couldn’t have advanced this quickly. Considering the timeline, Intel, AMD, and Microsoft likely collaborated to tackle security issues across the industry.