The purpose of the TPM 2.0 requirement is all tied into the whole “zero trust” hardware security with Windows Defender System Guard and all of the other layers of VBS (virtualization based security) which ties the OS security together with the hardware security. This has been the direction that MS was going for the last few years and Windows 10x was also intended for this zero trust OS security as well. I haven’t tried 11 yet, but my assumption is that all of the VBS security features are enabled by default. If we trick the install to proceed without TPM 2.0, those VBS security features would be disabled and the OS less secure. The TPM has much more use than just BitLocker. Personally, I think the requirement should be optional on consumer devices though.
Requiring it on 11 home is pretty ridiculous but then again a mountain of preinstalled apps on Windows 10 Pro for workstations is also pretty ridiculous.
I started looking around and it looks like the intentional incompatibility between modules is going to piss a lot of people off. Motherboard makers could have adopted a universal standard but that does not look like what happened. The lack of universal TPM module compatibility provides a lot of incentive for scalpers.
I have ordered a TPM v2 chip to plug into the mobo for $8. No big deal really unless the scalapers start buying them all to resell at much higher prices.
Newegg and Amazon are already selling out of certain modules, scalpers always start there since some buyers only buy from them. Its going to be a while before smaller outlets sell out but it will happen. I bought an Asrock module (old X99 workstation) and an Asus module (current X299 workstation) just to have them, not sure when I will move these production systems to 11.
They were not terribly well stocked items for consumers at the best of times as no one really bothered with them. It was more of a corporate and large business sector security feature included and supplied by System Intergraters like HP and DELL. I know a private bank that replaced all their PCs last year because a internal security audit change request stated all thier PCs must support TPM and all drives must now be encrypted to the DoD standard.
My BIOS has a fTPM toggle that is off by default but I can enable very easily. I enabled it and the Windows 11 ready check states that my PC supports Windows 11. Gigabyte B550 Gaming X Rev 1.0 is my motherboard
I have a Ryzen Zen+ CPU (2700X), and it comes with TPM 2.0 in its firmware. I typically leave it off, and only turned it on for legitimate use with 21996. For install, TPM needed to be enabled, but I was able to turn the TPM off after install seemingly without issue.
Since I got on before the ship left on eBay. For cheap TPMs buy server ones, such as SuperMicro and HP. I wouldn't trust the $2 Chinese ones, these are meant to be security devices.
TPM is the microsoft version. Intel has their version. AMD has their version. I like that there is variety in the different encryption versions, but it's still hardware and hardware encryption is not trustworthy. I also don't trust that governments don't have backdoor access or haven't pushed these companies to specifically make them weak to certain attacks. They've done it before. Plus all of these companies are making these things in China and no offense to them but anything security related, especially on a national level should not be trusted to that country. I have nothing against those people at all but the country's government implements very authoritarian controls over their companies and often does shenanigans with their products.
The TPM issue is going to be the downfall of windows 11 adoption rate... what a joke to lock out so many of your customers with this pointless requirement.
The only hardware i have with a TPM (1.2) option runs 21966.1, installed by using an untouched 21996.1 ISO, fine but the pc health check tool only says "your organization manages updates". Insider preview app says it doesn't meet the minimum requirements for running win 11.