LinkBack URL
About LinkBacksOfc I could if I wanted a serious downgrade. I mean I could save even more and drop to 1st Gen Ryzen and 8GB of RAM.Originally Posted by 3dcandy
Ofc I could if I wanted a serious downgrade. I mean I could save even more and drop to 1st Gen Ryzen and 8GB of RAM.
Anything closed book is classified by the open source community as a leper, that's just nature of the beast but TPM, in this instance, is getting over stated about how much it does/can affect/will affect your systems. It's used as a store to facilitate a transparent data decryption layer (i.e. Hardware Security Module). What I'm not understanding is you have accurately described TPMs purpose solely as a security/cryptographic key storage layer and yet propagating a notion it is more that that? As that is the case, it is up to the software developer and the flashback to them if they use it maliciously. Additionally, it's more of a key storage enclave than just a hashmatch database.
Secure boot through Windows, Linux and other OSes that utilise it is very effective at preventing at boot/kernel loading viruses because it is an end to end check of the integrity of the kernel and its installed medium, they can't do it really any other way without having a separate system to load the values that they're expecting in. I get where you're coming from but I do not believe your expectation will come to reality.
Edit: Every system is already stamped with UUID based on a hash of the hardware mixed with DMI and other environmental elements so TPM isn't needed for that...
Pretty sure that I have never heard nor seen of a system having multiple TPMs (if someone has a link to one, would be very interested to see it!) let alone the UEFI BIOS would have to be overridden to allow multiple TPMs to be available to the system (which would mean loading an unsigned/fake BIOS which is hard enough as it is on modern systems) and then I have never seen or heard of an OS being compatible with multiple TPMs so due to these two points, I am highly dubious if such a hypothetical is even possible. A quick 5 minutes of very targeted googling to confirm this yielded me no results on multi-TPM systems even existing. So as much as I respect Matthew Garretts piece on that about the hypothetical possibility, I do not think it would be any time soon.
We already have remote attestation for Office 365 services, if your TPM is corrupt or malfunctioning it will prevent Office from functioning as it cannot establish hardware security. As long as it stays in the Enterprise, that's where I draw the line.
Yes, it could be, we could go to subscription Windows with custom silicon and a locked down app store. I just don't think fighting the TPM fight is worth it over "privacy" or "restricting your systems" when it's nothing, really, to do with your privacy or restricting the use of your software.
But, this will really be a case of each persons opinion is valid in their own way and my belief they shouldn't enforce it because it draws a substantial line in the sand that I don't think the wider public is ready to cross technologically.
Last edited by Tabbykatze; 25-06-2021 at 02:25 PM.
While I entirely agree with your view (both that they shouldn't enforce it, and that it crosses a line the public isn't ready for) I would just remind you of two principles :-
- the notion of the thin end of the wedge, and
- the law of unintended consequences.
What worried me, right back with the release of Win8, wasn't so much what it was or what it specifically did (despite the problems it gave me personally), but the 'direction of travel' it, and some of MS's comments, suggested.
In short, I don't trust them. Or their intentions.
A lesson learned from PeterB about dignity in adversity, so Peter, In Memorium, "Onwards and Upwards".
I am well aware of those principles but I pick my battles so I don't end up over-exerting myself unnecessarily down a path while not actually preventing those same things I'm trying to avoid from happening to my data.
TBF,I wouldn't upgrade to Windows 11 in the 1st 6~12 months because you are going to be a beta tester!
I'll test it in work, but absolutely not going to be moving for 6-12 unless there's something really compelling. The Direct Storage API is looking mighty fine though...TBF,I wouldn't upgrade to Windows 11 in the 1st 6~12 months because you are going to be a beta tester!
I think Direct Storage could probably work under Windows 10 TBF! However,the only NVME SSD in my system is 500GB,and the rest are SATA drives,so would need a new SSD!
Agreed. But it's a judgement call over when to exert yourself, if you want to be sure. For me, that was W7 to W8. Going to W8 would have meant a lot of exertion to do so, as did not going, but at least the not-going route meant I don't have to worry about it now.
A lesson learned from PeterB about dignity in adversity, so Peter, In Memorium, "Onwards and Upwards".
If we get the choice, as opposed to turning a machine on one day to find it's installed itself invisibly. Unless I've missed the bit where MS guaranteed it has to be an explicit user choice to upgrade, not automatic. And I may have, having not paid that much attention.TBF,I wouldn't upgrade to Windows 11 in the 1st 6~12 months because you are going to be a beta tester!
A lesson learned from PeterB about dignity in adversity, so Peter, In Memorium, "Onwards and Upwards".
I have this feeling you might not be wanting it full stop... supposedly, outside of desktop, MS requires a front facing camera too, I have absolutely zero idea why that is a requirement of an OS.... mind you it does seem to be a way to stop it on laptops, just disable them lol
Nice of you to be so dismissive, although I'm not sure why you felt the need to blah, blah, blah about peoples concerns instead of getting on with you life and having 'fun'.
I am having fun.
I've just read ALL of this jazz before. It's not even out for testing yet.
Considering that iMacs etc do not have TPM's to my knowledge, I guess that means no more boot camp on intel ones for Win 11.
Will there be any implications for using it for Virtual Machines, in particular Vbox? I have never paid much attention to whether a TPM is available to it.
I have an Asus Maximus VIII Formula motherboard with an Intel i7-6700K and 32GB ram along with a Nvidia 3090FE
It fails the Windows 11 compatibility check.
The Asus motherboard has NO TPM header at all and it does not even have the intel PTT support in the BIOS either.
Also the I7-6700k is deemed not supported by Microsoft for Windows 11.
I'm running near all games in ultra everything at 1440p on a 144Hz G-Sync LG monitor with fullest possible FPS.
My PC is fine.
Microsoft can suck a fat one.
Out of touch, as always they seem to be. Idiots working for them, absolute morons.
Ah, for some reason I swapped over to GPT a while ago. I didn't hit that issue.
Actually all very good points to be made, additionally to your own scenarios, I really do not wish to have to teach my mum how to use Windows again. The less they change in it on the front facing aspect the better in that regards.But even something as simple as a Start menu has implications some people may not appreciate, especially on a tech forum like this. My wife is dyslexic (as are a few others on here that I know of) and part of her dyslexia seems to be trouble with mapping things in her brain. It works differently to me. Not inferior, just different. If I want to describea route for her to drive, I have to do it in a way that works for her, not what works for me. And the same is true for where to find things on a menu. adaptive menus where things change position is a disaster for her, because she learns where things are by rote, and if they move ....
....
I can and will "just move away", if need me, because I mainly already have. But for anyone that hadn't been forced into proactive measures in the past, it could be a major headache, not something to be treated so dismissively.
TBF,I wouldn't upgrade to Windows 11 in the 1st 6~12 months because you are going to be a beta tester!Well I hope we get the choice, I delay major updates in Windows 10 anyway, purely because Microsoft "could do better" in regard to not causing issues.
It'll likely be an emulation of TPM using the T2 chip?
(The T2 chip is far far more horrendous than the TPM!)
I wouldn't know if the open source community classify anything closed book as a leper, that sounds more like your personal view as I'm sure there's many instances of closed book not being treated as a leper, the article i provided from linux-magazine certainly doesn't and I'm sure i could find many other instances. I'd also say it's not being over stated about how much it does effect your system, i even pointed out that I'm not saying TPM is being used for remote attestation so I've been pretty clear on the front IMO. To know how it can or maybe will effect your system in the future you'd really have to look into the history of Trusted Computing as a lot of the issues (PDF) people had have been 'addressed' essentially making them a nonissue, however IMO those issues have simply been put on the back burner and will eventually find their way back into TPM once it see widespread adoption and people are just used to using it (boiling frogs).
It's also not just a store to facilitate a transparent data decryption layer, I've already explained that it's not, if it was just that a tiny bit of NVRAM would suffice.
The reason I'm saying it's more than just a store to facilitate a transparent data decryption layer is because it is, it generates a root key that's used to decrypt any private keys that it's issued to requesting applications.When a TPM is initialized, it generates a key called the Storage Root Key (SRK). This key never leaves the TPM, and the OS has no way to access it. When an application asks the TPM to generate a key, the TPM does so and gives the public and private halves back to the application. However, before handing back the private half, the TPM encrypts it with the SRK. The private key can only be used by passing it back to the TPM, which will then decrypt it and store it in the TPM's internal RAM. Any material that's been encrypted with the public half of the key can only be decrypted by the TPM that can read the corresponding private key: If you have a TPM key pair and someone steals your hard drive, the thief will have no way of using those keys because they can only be decrypted by the TPM that generated them.
And that's great but what about if i want to load something on my PC that hasn't been authorised by Microsoft, because AFAIK Linux and other OSes can only be loaded when secure boot is enabled because Microsoft allow the loading of a shim. The system UUID is easily spoofed and all it's really based on is the smBIOS or drive serial number, it's also not something that's persistent between OS's, if i boot into Linux or anything that isn't Windows 8 and upwards that identifier is no longer valid.
I assume two TPM's are fairly easy considering most MoBo come with TPM headers and most new CPU's come with embedded TPM (fTMP), switching from one to another would probably be a simple change of a BIOS setting (have you maybe misinterpreted it to mean two running at the same time rather than swapping between one and another?).
But we can be fairly certain that it's not going to stay in the enterprise space and that it can be used to prevent software from running, as you say "an escalation of the minimum requirement", first TPM was a requirement for W8 then after backlash they made it optional, now, if things stay as they are, it's no longer optional again.
Well on that we're going to have to agree to disagree as i think Microsoft have telegraphed their intentions fairly clearly, like i said you only have to look at the history of TPM (PDF) to understand what their intentions were for it, intentions i suspect will slows and inevitably be added to TPM as it become accepted (boiling frogs).
So just trolling then, got ya'.
There are currently 3 users browsing this thread. (0 members and 3 guests)
Posting Permissions
Reply With Quote