In an unsigned post on the Windows Insider blog, the company announced that it will make “a small number of additions to the compatible processor list … but otherwise will maintain the minimum system requirements as originally set.” Also: Microsoft leaves a loophole for those wanting to run Windows 11 on ‘unsupported’ hardware The company also said it’s releasing a new version of its compatibility checker for members of the Windows Insider Program and will make that tool generally available “in the coming weeks”: The core requirements to run Windows 11 are unchanged from those that were revealed as part of the original announcement: A PC will need a minimum of 4GB of memory and 64GB of storage; UEFI secure boot must be enabled; the graphics card must be compatible with DirectX 12 or later, with a WDDM 2.0 driver; and a Trusted Platform Module (TPM) 2.0 must be included. As for those additions to the compatible processor list, the list is indeed short. Two families of server- and workstation-class Intel processors are now on the list: the Core X-Series and the Xeon W-series. The only mainstream Intel CPU added to the list is sure to raise eyebrows: Intel’s Core 7820HQ also happens to be the CPU that ships with Microsoft’s pricey Surface Studio 2. The list of supported AMD processors didn’t change. Microsoft said it “carefully [analyzed] the first generation of AMD Zen processors in partnership with AMD” and concluded that none of those CPUs deserved to be added to the supported CPU list. In the remainder of the long (nearly 2000 words) blog post, the Windows team reiterated the principles it’s relying on to justify the new system requirements. Enforcing the stricter standards, they argue, will make Windows 11 PCs more reliable and more secure than their predecessors, in addition to being more compatible with modern applications. In terms of reliability, Microsoft says its telemetry makes a strong case for the new standards. “Devices that do not meet the minimum system requirements had 52% more kernel mode crashes,” the company reported. “While devices that do meet the minimum system requirements had a 99.8% crash free experience.” That’s a curious change in scales there. Converting those two statistics to a common scale suggests that the older PC designs, absent other issues, should still have a nearly 99.7% “crash free experience.” Microsoft is on more solid ground when it comes to the security argument. The TPM 2.0 requirement, for example, supports hardware-based authentication and also enables secure storage of Bitlocker disk encryption keys. The UEFI Secure Boot requirement has already been part of the Windows PC requirements since 2013 and is effective at blocking pre-boot ransomware attacks such as NotPetya.
Windows 11 is the COVID-19 vaccine for your PC
Newer CPUs are designed to support virtualization-based security features that prevent dynamic code injection into the Windows kernel and also increase the security of kernel-level drivers. “The United States Department of Defense (DoD) requires virtualization-based security on Windows 10 for their devices,” Microsoft argues. “While we are not requiring VBS when upgrading to Windows 11, we believe the security benefits it offers are so important that we wanted the minimum system requirements to ensure that every PC running Windows 11 can meet the same security the DoD relies on.” The unspoken piece of the CPU puzzle here is the vulnerability of older CPUs to security exploits collectively known as Spectre and Meltdown. Although Intel and Microsoft have collectively shipped microcode updates and Windows system-level patches that mitigate the impact of those exploits, there’s no cure, and the patches are known to affect system performance. Microsoft says there’s no connection, but it’s a remarkable coincidence that the list of vulnerable Intel CPUs includes virtually all processors designed and sold in 2017 and early 2018 that are unsupported on Windows 11. As I noted at the time, “[W]hile software patches can mitigate the effects for now, the long-term solution involves fundamental changes to CPU design that could take years to reach the market.”
Windows 11 has advanced hardware security. Here’s how to get it in Windows 10 today
A January 3, 2018 bulletin from the security experts at CERT (a partner of the U.S. Department of Homeland Security) was even more blunt: The only solution for Spectre/Meltdown attacks? “Replace CPU hardware. The underlying vulnerability is primarily caused by CPU architecture design choices. Fully removing the vulnerability requires replacing vulnerable CPU hardware.” Nearly four years later, it looks like Windows 11 is going to play a major role in that wholesale, wrenching replacement cycle. Anyone who intends to continue using older hardware will remain on Windows 10, with that operating system supported until October 2025. What happens after that is anyone’s guess.