Skip to main content

Even the Surface Laptop Studio doesn’t come with a hardware TPM chip

Microsoft just announced the new Surface Laptop Studio at its fall Surface event. Sandwiched between updates to the Surface Pro and the Surface Duo, the Laptop Studio is an entirely new product that balances powerful hardware with the design language of the Surface range. And it even looks like a decent gaming machine.

One of the specs raises an eyebrow, though. The Surface Laptop Studio comes with firmware TPM, not hardware TPM. This tiny processor has been the center of some controversy since the Windows 11 announcement, and the launch of the new Surface Laptop Studio shows that the buzz around hardware TPM was mostly hot air.

Firmware TPM is the right call

Internals of Surface Laptop Studio.
Image used with permission by copyright holder

Before getting too deep into this issue, some background is important. A Trusted Platform Module (TPM) is a processor that serves as a root of trust on your device. It’s basically a vault for highly sensitive data like cryptographic keys. The best implementation for security is a dedicated chip that lives on your motherboard, separated from other parts of the machine so it can’t be breached.

However, many consumer TPM implementations don’t use hardware. They use firmware instead. Firmware TPM does the same thing as hardware TPM, but it stores the sensitive data in secured parts of software and uses the CPU’s power to handle any cryptographic functions. As the Trusted Computing Group says, “the downside to the … firmware TPM is that now the TPM is dependent on many additional aspects to keep it secure.”

Basically, there’s a trade-off. Firmware TPM is easier to use and cheaper to implement, but it’s less secure than a dedicated chip.

For consumer devices, firmware TPM is all you need. Things like passwords and biometric data aren’t valuable enough for attackers to use sophisticated attacks to get them. Hardware TPM is meant for the data center and enterprises, where hacking groups are more likely to utilize complex tactics to steal data.

The Surface Laptop Studio comes with firmware TPM on the consumer version and hardware TPM on the enterprise version — and that’s the right call. The irony is that TPM caused a big fuss when Windows 11 was announced, with dedicated TPM modules shooting up to four times their price on the secondhand market. The Surface Laptop Studio shows that even Microsoft knows that hardware TPM isn’t necessary for most people.

Poetic justice

asus tpm chip in motherboard.
A TPM is usually soldered to the motherboard, but add-on modules are available, too. Image used with permission by copyright holder
When Microsoft announced Windows 11, DIY PC builders were sent into a frenzy when they thought they couldn’t run the new operating system on their high-end hardware. They could by enabling firmware TPM, but Microsoft’s PC Health Check app said otherwise at the time. Microsoft quickly removed its Windows 11 compatibility checking app to avoid further confusion.

A couple of months later, Microsoft resurfaced and held its ground on the TPM requirement. To be clear, Windows 11 supports hardware and firmware TPM — the OS recognizes them as the exact same thing. As scalpers showed around the time of the announcement, though, there were a lot of people that didn’t understand that.

The announcement of the Surface Laptop Studio is a bit of poetic justice, and a recognition from Microsoft that the TPM requirement is less important than it was portrayed. I still have issues with the TPM requirement in the first place, but I’ve written about that plenty in the past.

Firmware TPM doesn’t change anything about the Surface Laptop Studio. It still looks as secure as it needs to be, and it uses TPM for the latest security features. Firmware TPM is also cheaper — it doesn’t require a separate processor on the motherboard — so it’s nice to see some level-headed thinking when extra manufacturing cost is on the table.

Security isn’t everything

Microsoft surface Laptop 4
Microsoft

Although security is vital in a world of increasing cyber threats, it comes at a cost. Sometimes it’s a time cost, like having to enter complex passwords manually, and other times it’s a monetary cost, like adding a dedicated security processor when software does the trick almost as well. Cybersecurity is inherently a risk assessment.

As the Surface Laptop Studio shows, the trade-off between firmware and hardware TPM isn’t relevant for the vast majority of people. Even Microsoft, the company pushing hard for updated security measures on the what’s been called the most secure version of Windows, recognizes that fact.

You don’t need to worry about TPM if you plan on picking up a Surface Laptop Studio. Before you go to check out, though, make sure to glance at the spec sheet so you know that TPM isn’t as important as Microsoft made it out to be.

Editors' Recommendations

Jacob Roach
Senior Staff Writer, Computing
Jacob Roach is a writer covering computing and gaming at Digital Trends. After realizing Crysis wouldn't run on a laptop, he…
Microsoft’s Surface Laptop Studio 2 might get a massive performance boost
The new Bing preview screen appears on a Surface Laptop Studio.

A mysterious laptop was spotted in an impressive Geekbench 5 benchmark, and many signs point to it being the next-gen Microsoft Surface Laptop Studio 2.

The test gives us the first bits of insight into the laptop's specifications. If everything checks out, we're going to see a huge performance jump in this upcoming generation.

Read more
Why Microsoft Surface still doesn’t have a true answer to the MacBook Air
The lid of the Surface Laptop 5.

Microsoft today announced new versions of its Surface line of PCs, including the Surface Laptop 5 and Surface Pro 9. The Surface Laptop 5, in particular, hasn't changed much over the years, but has remained a very thin and light laptop with a sleek build -- in many ways, the perfect foil to Apple's MacBook Air.

The Surface Laptop 5 makes some minor adjustments to the formula, adding a new color option and updated 12th-gen Intel processors. But in 2022, it doesn't feel like quite enough.

Read more
The Surface Laptop 5 ditches AMD for a simpler lineup
The Surface Laptop 5 in new Sage color.

Microsoft has announced the Surface Laptop 5 at its annual fall Surface event. There aren't many changes from the outside, but inside, Microsoft has made a drastic change to the hardware by pulling support for AMD Ryzen processors in this generation.

The Surface Laptop 4 was the first (and only) Surface device to provide an option for Ryzen processors. Notably, it was a highlight of the laptop, providing better multi-core performance and longer battery life than its Intel rival.

Read more