Why Windows 11 has such strict hardware requirements, according to Microsoft

Home windows 11 guarantees to refine window administration, run Android apps, and to unify the appear and feel of the working system’s built-in apps after years of irritating hodgepodge. However none of that issues in case your pc cannot run the software program, and Microsoft has solely promised official Home windows 11 help for computers released within the last three or four years. Anybody else will be capable of run the working system in the event that they meet the efficiency necessities, however they will want to leap by way of the ring of downloading an ISO file and putting in the working system manually reasonably than grabbing it by way of Home windows Replace.

This can be a break from earlier variations of Home windows, which up till now have had roughly the identical system necessities for a decade. Microsoft really used the power to run on older {hardware} as a promoting level for Home windows 10, making it accessible as a free improve to all computer systems working Home windows 7 and Home windows 8—in case you get as many individuals as doable utilizing the most recent model of Home windows, the reasoning went, it might be simpler to get builders to benefit from the most recent options.

Microsoft’s rationale for Home windows 11’s strict official help necessities—together with Safe Boot, a TPM 2.0 module, and virtualization help—has at all times been centered on safety reasonably than uncooked efficiency. A new post from Microsoft today breaks down these necessities in additional element and in addition makes an argument about system stability utilizing crash knowledge from older PCs within the Home windows Insider program.

Drivers and stability

Microsoft says that Insider Program PCs that did not meet Home windows 11’s minimal necessities “had 52% extra kernel mode crashes” than PCs that did and that “gadgets that do meet the system necessities had a 99.8% crash-free expertise.” In response to Microsoft, this largely comes all the way down to energetic driver help. Newer computer systems largely use newer DCH drivers, a approach of packaging drivers that Microsoft started supporting in Home windows 10. To be DCH-compliant, a driver should set up utilizing solely a typical .INF file, should separate out OEM-specific driver customizations from the motive force itself, and should distribute any apps that accompany your driver (like a management panel for an audio driver or GPU) by way of the Microsoft Retailer. DCH drivers are frequent for {hardware} made within the final 4 or 5 years however uncommon to nonexistent for {hardware} that shipped within the Home windows 8 or Home windows 7 eras.

Actually, computer systems from 2012 or 2014 are going to be working outdated drivers that trigger crashes—utilizing Home windows 7-era drivers on older computer systems working Home windows 10 can result in instability or basic weirdness. However Microsoft’s numbers make no distinction between these older programs and newer computer systems that just about, however do not fairly, miss the system necessities, like Sixth- and Seventh-generation Intel Core programs and first-generation Ryzen programs that embody TPM 2.0 modules and nonetheless take pleasure in energetic DCH driver help from Intel, AMD, and (in lots of circumstances) the businesses that manufactured the computer systems. Presumably, putting in Home windows 11 manually on these PCs will really feel roughly as secure as putting in it on an formally supported gadget, nevertheless it’s one thing we’ll want to check for ourselves.

A towering stack of safety acronyms

That is the place the safety necessities come again into play. Microsoft goes to larger lengths to elucidate the advantages of utilizing Safe Boot and TPM 2.0 modules, however the important thing may very well be the less-discussed virtualization requirement and an alphabet soup of acronyms. Home windows 11 (and in addition Home windows 10!) makes use of virtualization-based security, or VBS, to isolate components of system reminiscence from the remainder of the system. VBS contains an non-obligatory function referred to as “reminiscence integrity.” That is the extra user-friendly identify for one thing referred to as Hypervisor-protected code integrity, or HVCI. HVCI may be enabled on any Home windows 10 PC that does not have driver incompatibility points, however older computer systems will incur a major efficiency penalty as a result of their processors do not help mode-based execution management, or MBEC.

And that acronym appears to be on the root of Home windows 11’s CPU help listing. If it helps MBEC, usually, it is in. If it does not, it is out. MBEC help is barely included in comparatively new processors, beginning with the Kaby Lake and Skylake-X architectures on Intel’s facet, and the Zen 2 structure on AMD’s facet—this matches fairly intently, albeit not precisely, with the Home windows 11 processor help lists.

It is best to think about MBEC as {hardware} acceleration for the reminiscence integrity function, form of like how AES-NI instructions sped up encryption operations a decade or so in the past. Computer systems with out AES-NI can nonetheless use BitLocker drive encryption, for instance, it simply comes with a extra noticeable efficiency penalty. The identical factor is true of the reminiscence integrity function and MBEC—PCs with out processors that help MBEC rely on software emulation referred to as “Restricted Person Mode,” which does get you the safety advantages however impacts efficiency extra. Some customers who’ve examined the HVCI function in Home windows 10 on processors with out MBEC help have seen efficiency reductions of up to 40 percent, although this may rely on the duties you are doing and the pc you are utilizing.

The reminiscence integrity function is absolutely current in Home windows 10—the “secured-core PC” initiative launched in late 2019 mandates help for all the Home windows 11 safety necessities plus just a few others. However for many PCs, HVCI is normally disabled by default on all however the latest programs. Microsoft instructs OEMs to allow HVCI by default on all Eleventh-generation Intel Core PCs, something with one in all AMD’s Zen 2 or Zen 3 processors (which covers Ryzen 3000, 4000, and 5000-series chips), and the Qualcomm Snapdragon 8180 SoC and newer; additionally they require not less than 8GB of RAM and a 64GB or bigger SSD. When you’re constructing a PC and carry out a contemporary set up of Home windows 10 your self, HVCI will not be enabled by default even in case you meet these necessities.

So if Microsoft is mandating MBEC-accelerated HVCI help (what a sentence) on all Home windows 11 PCs, then certainly it is altering the default safety settings to benefit from these options? In response to the corporate’s weblog publish, the reply is presently no, not less than not on current PCs (emphasis ours):

“Whereas we aren’t requiring VBS when upgrading to Home windows 11, we imagine the safety advantages it affords are so essential that we wished the minimal system necessities to make sure that each PC working Home windows 11 can meet the identical safety the [US Department of Defense] depends on. In partnership with our OEM and silicon companions, we might be enabling VBS and HVCI on most new PCs over this subsequent 12 months. And we are going to proceed to hunt alternatives to develop VBS throughout extra programs over time.”

Assuming that full HVCI and MBEC {hardware} help are what’s driving the brand new Home windows 11 necessities, there are nonetheless odd inclusions and exclusions from the supported processor lists. Why are solely a handful of high-end Seventh-generation Intel Core chips formally supported, although Microsoft’s personal Home windows 10 documentation says that HVCI works on all Kaby Lake processors? And why are AMD Zen+ processors just like the Ryzen 2000-series CPUs and 3000-series APUs included on the help listing, although AMD solely apparently added MBEC help beginning with the Zen 2 structure? These are questions we hope to get solutions to by the point Home windows 11 is launched to the general public this fall.