LinkBack URL
About LinkBacksI think you should be more worried that a Microsoft account IS REQUIRED for installation rather than TPM and you CANNOT install without a tinternet connection
I think you should be more worried that a Microsoft account IS REQUIRED for installation rather than TPM and you CANNOT install without a tinternet connection
Old puter - still good enuff till I save some pennies!
Hmm, will have to run the checker later on my PC but it defo doesn't have a TPM header on the mobo and I dont think it's built into the CPU either so M$ may have just killed off my PC.
Free upgrade and Android apps. Brilliant.
Time for an upgrade to something more modern then!Originally Posted by Kanoe
Some people have been saying that Win 11 is the klaxon death knell for on prem domain join (in favour of Azure AD) and local user accounts.
Frankly, I think that's total horse manure because it would be complete utter chaos if that were true because Azure AD has improved a lot but it is certainly still nowhere near on-prem AD and Group Policy. But I'm not without a niggle that some idiot in Microsoft would think that would be a good idea.
Edit: It's only for Win 11 Home and Home S which frankly, is perfectly fine
blokeinkent (25-06-2021)
I didn't say it was DRM, i said it could be used for DRM, among other uses. It's also far from an open security module platform, the libraries (afaik) are open but the module most certainly isn't as that would sort of defeat the point of it.It's certainly not a DRM, it's an open security module platform usable by any OS to secure data at rest. While I agree that Microsoft dictating the use of it is silly but the umbrage should be for the right reasons not a belief that this is just MS flexing on you
Not sure what you mean by "flexing".
Intel IPT requires the use of Bitlocker being active as well, prior to the TPM 2.0 requirement being met. From what I can ascertain it's on a firmware level only, it really doesn't protect much. Enabling Bitlocker is going to suck for people not on NVMe drives due to the encryption process, it'll take a fair amount of time after enabling the setting in the Bios.
So, no more than the potential privacy issues not having Bitlocker or TPM active? Or having a CPU or OS that is vulnerable to attacks etc? I'm not entirely sure what your point is here, if you have privacy concerns why are you using Windows and not a Linux distro? There isn't any requirement forcing you to upgrade to Windows 11.
Agreed, for those who are not of technical mind (most users I suspect), just having to enable TPM is going to cause them issues. It's fine for those of us capable of rooting through the Bios for different settings. I suspect the requirement may end up being dropped like it was for Windows 8 (?). There are going to be a lot of older computers not meeting the TPM 2.0 standard.I don't like the mandatory TPM requirement, it's a good thing to push for but I expect will lead to an onerous amount of older systems that could support Win 11 just not being able to move up.
The vast majority of laptops have TPM chips but there are a large amount of home commercial laptops in the 200-500 price range that don't have a TPM, will the Intel/AMD processors within them have the fTPM/IIPT? Subsequently will it even be a configurable option outside of a BIOS update?
The general user doesn't even know what a BIOS is let alone how to get into it and even worse knowing how to update the BIOS firmware to access that feature.
My only wish is that Microsoft have done this to make the early adopters of Win 11 be restricted to somewhat technical persons initially.
It's certainly not a DRM, it's an open security module platform usable by any OS to secure data at rest. While I agree that Microsoft dictating the use of it is silly but the umbrage should be for the right reasons not a belief that this is just MS flexing on you
True, the hardware module is not, but it's not exactly like it's a quantum spy chip or the securities worst nightmare: IME. It's a data security module that sits between BIOS/UEFI and the kernel that is used to reference and access stored data through a transparent decryption method so yes, I expect either total openness or a black box, both have their merits and drawbacks. Not sure why TPM has become suddenly a leper in this situation as it literally serves no other purpose than being a security key layer and cryptographic store.
What I mean by "flexing" is "exhibiting they have a power over you". This doesn't look like what they're doing here, it's not a DRM and it's not a controlling authority, it's just an escalation of the minimum requirement for hardware security. I have expected something like this for a while, but I still think it's a little premature to be doing it due to Desktop systems either A)not having fTPM or IIPT enabled by default and B) a substantial amount of systems still just don't have TPM and sure you can buy a chip but that's another peripheral addition to my system at another cost.
Perhaps because some people just like to follow along with anything a company like MS (or it could be Apple, NVideo, and so on) does and have no concept of the notion that those who don't like it may have good reason for not liking it.
The same thing happened when I moaned about what MS did with W8, like the Start menu farce. All I wanted was to be able to carry on doing things the way I wanted to, which is the way I had evolved over about 20 years, was comfortable with, used to, and could pretty much manage in my sleep. All MS had to do was offer that mode as an option. That's it. Better yet, a question on install about new or tradional menu? But no, MS actually said that the new UI was deeply rooted into the OS and that couldn't be done .... until a couple of software houses released (free or minimal cost) utilities to enable exactly that.
That issue, and a few other similar things, led me to spending months working out how to migrate my workflow from Windows to Linux. I didn't want to, had been perfectly happy with everything how it was but apparently, me just wanting to carry on warranted that same dismissive attitude from a lot of people that did like the new UI.
I had no problem with MS changing the Start menu around .... if they left the option to adopt it to the user.
But even something as simple as a Start menu has implications some people may not appreciate, especially on a tech forum like this. My wife is dyslexic (as are a few others on here that I know of) and part of her dyslexia seems to be trouble with mapping things in her brain. It works differently to me. Not inferior, just different. If I want to describea route for her to drive, I have to do it in a way that works for her, not what works for me. And the same is true for where to find things on a menu. adaptive menus where things change position is a disaster for her, because she learns where things are by rote, and if they move ....
She uses a PC for her work and it isn't an option. When she uses home PCs, finding things where she expects to find them, which is where I put them over 20 years in no small part to help her find them, and having MS decide for whatever reason that we can't do it that way any more was amajjor problem for her, and hence for me. In my case, I do understand computers. I should, having been messing (i.e. writing software) with them since the early 70s, and playing games on them (IBM S360 mainframe) since the mid-60s. I can adapt to a new flipping Start menu. I just deeply resent having to because of some whim by marketing people in Redmond.
So, I "just moved away". That consisted of I don't know how many dozens of hours learning Linux, picking a suitable (for me) Ui and then finding software to replace many of the applications I had been using for years, on Windows. In some cases, that was trivial. But in others, it was next to impossiblee, which is why I still have some PCs with legacy OS. One such example was a custom built (by me) CIM/CRM that was a database-driven suite with a shedload of macros and routines moulded to my exact business needs. There was NOTHING available that would allow me to export my data, import it into a new package (under either Linux or even W8, since it wouldn't run on W8) and preserve both the full function of my system, and maintain the full customer history. To do that, I wopuld have to spend weeks or months trying to recreate that functionality in new software, then manually retype about 20 yearsand thousands of transactions into a new system just to carry on doing what I had been quite happily doing for years.
Yet that same dismissive and patronising attitude about "just" moving on, or away, or with the times (that latter being a favourite peopleused to use) as if somehow not wanting to spend months of my time on non-productive (and unpaid) admin chores somehow made me a luddite.
So I moved what I could to Linux, and kept legacy systems for the rest. Not ideal, but the most practical solution I could find. It still wasted dozens, probably hundreds of hours of my time, doing it.
It's paying off now, though. I still have a few things that require Windows. Most notably, my genealogysoftware (there might be a Linux version of that, though there wasn't last time I looked) and some software I use for photography, mainly ACDSee (as a Lightroom substitute) and Affinity (for non-Photoshop pixel poking). There's no Linux version of the former, though I could buy new hardware and move to Mac) and I haven't checked the latter recently.
What none of those demand, though, is net connectivity, so I could, if the need arises, just shift my current net-connected Win10 machines off-net, and only let one or two Linux machines have a net connection.
Which means I can "just move away", without the monumental hassle and expense it caused me last time, because I pretty much already have. Which gives me the very smug ability to adapt a "ho-hum, whatever" attitude to anything MS does.
So far, with the so-called Win 11, I'm not really seeing much to object to. Some of the UI changes look nice, and useful (like the panes) but nothing much that falls into either "no way in hell" or "must have". I'm also not seeing what really justifies calling it Win 11, beyond being able to set an end date for supporting W10.
I still have outstanding questions. Can the supposed cloud-integration stuff be turned off? Completely off. I want nothing of mine stored on the cloud, period. Can I even upgrade, and what happens with W10 systems if they#re old enough to not meet hardware requirements? and perhaps most relevantly, is upgrading optional, or just going to happen like W10 updates, whether I want it or not?
It seems I will have to upgrade explicitly if I want it to happen, but I'd like to see an official guarantee I won't get slipstreamed into it. If it is my choice, then I'll give it plenty of time after official release for the normal gotchas to get resolved, then organise a sacrificial goat system to test on. If and only if I'm happy with the full implications will I do it, and clearly, I can't yet tell. Or if I'm not happy, I'll just stick with W10 and if need be, disconnect those machines from the net, physically.
I can and will "just move away", if need me, because I mainly already have. But for anyone that hadn't been forced into proactive measures in the past, it could be a major headache, not something to be treated so dismissively.
A lesson learned from PeterB about dignity in adversity, so Peter, In Memorium, "Onwards and Upwards".
blokeinkent (25-06-2021),ik9000 (25-06-2021)
Yeah cause I'm sure I've got thousands of pounds lying around to do so!
Eh? second hand ryzen 2600 are around £100 - £125. S/hand mobo £50. Decent ddr4 16 gig £50Yeah cause I'm sure I've got thousands of pounds lying around to do so!
It's not a large amount at all - only graphics cards are super expensive right now
Back in 2012 tpm2 became pretty much standard on decent laptops. Every single system I have here except a low power server has the ability to use tpm 2.0
Old puter - still good enuff till I save some pennies!
Seems as if someone at Microsoft still has wet "Palladium" dreams... Gotta protect all that premium content from us thieving bastids.
Other than that I have nothing but utter disdain for Windows 11. There's nothing in there *requiring* a new Windows version. Especially considering that Windows 10 was supposed to be the last version of Windows EVAH! Of course, no one really believed that even back then, but Microsoft really hasn't done itself any favours with this. Just cements what most people already know: you can't believe a single word coming out of 1 Microsoft Way, Redmond WA.
It didn't require it in my case. I just enabled PTT in BIOS and it was fine (for the TPM requirement anyway, I then hit MBR issues).
They've already said they're going to allow TPM 1.2 later, and I suspect this is enabled by default on laptop installs.Agreed, for those who are not of technical mind (most users I suspect), just having to enable TPM is going to cause them issues. It's fine for those of us capable of rooting through the Bios for different settings. I suspect the requirement may end up being dropped like it was for Windows 8 (?). There are going to be a lot of older computers not meeting the TPM 2.0 standard.
My i7 4790k would be able to run this just as well as windows 10 (it's basically just a skinned win 10 + added 'hooks' to MS services) but due to MS list of supported hardware (and tpm, something I've never used) stopping at around 8000 series I can't.....
Got to love forced obsolescence of hardware (seems even gen 1 ryzen isn't supported).... the 'changes' to requirements really does feel like it's more about selling new pc's than any other reasona... they don't get any money from the 'free' upgrades, they do however from the oem sales.
It's already been shown with the leaked versions that you can literally change a few files and it will run without tpm 2.0 etc.
Last edited by LSG501; 25-06-2021 at 02:23 PM.
I found this hidden link last night which hopefully clears thing up surrounding TPM 2.0
If you have TPM 1.2, you will simply get an advisory.
https://docs.microsoft.com/en-us/win...ty/windows-11/
Important EDIT - The information has now changed on the page linked.Hard Floor:
CPU: Core >= 2 and Speed >= 1 GHz
System Memory: TotalPhysicalRam >= 4 GB
Storage: 64 GB
Security: TPM Version >= 1.2 and SecureBootCapable = True
Smode: Smode is false, or Smode is true and C_ossku in (0x65, 0x64, 0x63, 0x6D, 0x6F, 0x73, 0x74, 0x71)
Soft Floor:
Security: TPMVersion >= 2.0
CPU Generation
TPM 1.2 is now no longer mentioned nor the Hard/Soft floor requirements
Last edited by AGTDenton; 26-06-2021 at 01:00 AM.
It's more than just a store for data it also generates cryptographic hashes to confirm things (software, firmware) haven't changed. The decryption isn't transparent, that would defeat the purpose of generating the cryptographic hashes, perhaps you're talking about when those keys are used to decrypt something else though, like Bitlocker.
TPM has always been a leper so this is nothing new, there were objections to it when Microsoft said W8 would require TPM until they rowed back on that and made it optional. I'd disagree that its only purpose is being a security key layer and cryptographic store, at it's most basic it generates and stores cryptographic keys and hashes, much like https works with a public and private key pairs, with TPM storing the private key or hashes and checking if the public key or hash match. (At least that's my understanding, happy to learn more or be corrected).
It being just an escalation of the minimum requirement is what concerns me, we'll likely see further escalation in how TPM is used. With W8/W10 TPM was an optional requirement, with W11 it's looking like it will be mandatory, with W12, 13, or 14 will we see a situation where access to certain software or hardware will be restricted because you don't have the right private key. Will we see the TPM RNG being used to identify each and every unique system.
EDIT: This write up on linux-magazine does a good job of explaining things IMO. Before any berates me for unfounded DRM concerns because the article says...
I know and I've not said nor am i saying TPM is being used for remote attestation, I'm saying that it could be in the future. (à la Boiling frogs)Two big problems prevent this from being a real concern. First, for this to be viable, the remote site has to know that the EK is really from the TPM. More modern TPMs include an EK certificate that provides a chain of trust from the TPM to the TPM manufacturer, which means that a remote site can verify that the PCR values came from a TPM; however, they have no way of knowing which TPM unless the user has already registered this association in some way – which ties to the second problem: Nothing prevents a user from adding a second TPM to a system, programming the PCRs with "good" values, and then performing remote attestation with the second TPM.
Because of these problems (and other privacy concerns), remote attestation has never been used outside specific corporate or special case deployments, and this is unlikely to change in the future. Enabling your TPM does not put you at risk of having your freedoms infringed.
Last edited by Corky34; 25-06-2021 at 12:17 PM.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote
