win11 requires TPM 2.0, is this a deal breaker?

Discussion in 'Windows 11' started by god_paul, Jun 25, 2021.

  1. WildByDesign

    WildByDesign MDL Addicted

    Sep 8, 2013
    743
    403
    30
    The purpose of the TPM 2.0 requirement is all tied into the whole “zero trust” hardware security with Windows Defender System Guard and all of the other layers of VBS (virtualization based security) which ties the OS security together with the hardware security. This has been the direction that MS was going for the last few years and Windows 10x was also intended for this zero trust OS security as well.

    I haven’t tried 11 yet, but my assumption is that all of the VBS security features are enabled by default. If we trick the install to proceed without TPM 2.0, those VBS security features would be disabled and the OS less secure. The TPM has much more use than just BitLocker.

    Personally, I think the requirement should be optional on consumer devices though.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. scaramonga

    scaramonga MDL Senior Member

    Oct 27, 2012
    426
    261
    10
    :D

    Nah, I turn that s**t off in BIOS with all, and MS will NOT make me change my mind ;)
     
  3. I don't. My mobo does have a TPM chip but it is DRM locked.
     
  4. nosirrahx

    nosirrahx MDL Expert

    Nov 7, 2017
    1,232
    591
    60
    Requiring it on 11 home is pretty ridiculous but then again a mountain of preinstalled apps on Windows 10 Pro for workstations is also pretty ridiculous.
     
  5. EDK-Rise

    EDK-Rise MDL Member

    Aug 7, 2013
    114
    73
    10
    upload_2021-6-25_18-22-3.png
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. mrbbq

    mrbbq MDL Addicted

    Jul 18, 2015
    505
    272
    30
    elevenforum is going off about this. So yes, it's an issue.
     
  7. nosirrahx

    nosirrahx MDL Expert

    Nov 7, 2017
    1,232
    591
    60
    I started looking around and it looks like the intentional incompatibility between modules is going to piss a lot of people off. Motherboard makers could have adopted a universal standard but that does not look like what happened.

    The lack of universal TPM module compatibility provides a lot of incentive for scalpers.
     
  8. Cipher

    Cipher MDL Member

    May 31, 2008
    129
    37
    10
    I have ordered a TPM v2 chip to plug into the mobo for $8.
    No big deal really unless the scalapers start buying them all to resell at much higher prices.
     
  9. nosirrahx

    nosirrahx MDL Expert

    Nov 7, 2017
    1,232
    591
    60
    Newegg and Amazon are already selling out of certain modules, scalpers always start there since some buyers only buy from them. Its going to be a while before smaller outlets sell out but it will happen.

    I bought an Asrock module (old X99 workstation) and an Asus module (current X299 workstation) just to have them, not sure when I will move these production systems to 11.
     
  10. Cipher

    Cipher MDL Member

    May 31, 2008
    129
    37
    10
    #31 Cipher, Jun 25, 2021
    Last edited: Jun 25, 2021
    They were not terribly well stocked items for consumers at the best of times as no one really bothered with them.
    It was more of a corporate and large business sector security feature included and supplied by System Intergraters like HP and DELL.

    I know a private bank that replaced all their PCs last year because a internal security audit change request stated all thier PCs must support TPM and all drives must now be encrypted to the DoD standard.
     
  11. nosirrahx

    nosirrahx MDL Expert

    Nov 7, 2017
    1,232
    591
    60
    Key word bolded :)
     
  12. sof006

    sof006 MDL Novice

    Dec 16, 2010
    8
    13
    0
    My BIOS has a fTPM toggle that is off by default but I can enable very easily.

    I enabled it and the Windows 11 ready check states that my PC supports Windows 11.

    Gigabyte B550 Gaming X Rev 1.0 is my motherboard
     
  13. ruuu7

    ruuu7 MDL Member

    Mar 7, 2015
    229
    49
    10
    Got me a TPM module on amazon for 12.99€. So I`m save. :)
     
  14. Espionage724

    Espionage724 MDL Expert

    Nov 7, 2009
    1,066
    394
    60
    I have a Ryzen Zen+ CPU (2700X), and it comes with TPM 2.0 in its firmware. I typically leave it off, and only turned it on for legitimate use with 21996.

    For install, TPM needed to be enabled, but I was able to turn the TPM off after install seemingly without issue.
     
  15. wutno

    wutno MDL Novice

    Dec 6, 2014
    24
    14
    0
    Since I got on before the ship left on eBay. For cheap TPMs buy server ones, such as SuperMicro and HP. I wouldn't trust the $2 Chinese ones, these are meant to be security devices.
     
  16. murphy78

    murphy78 MDL DISM Enthusiast

    Nov 18, 2012
    7,394
    11,615
    240
    TPM is the microsoft version. Intel has their version. AMD has their version. I like that there is variety in the different encryption versions, but it's still hardware and hardware encryption is not trustworthy. I also don't trust that governments don't have backdoor access or haven't pushed these companies to specifically make them weak to certain attacks. They've done it before. Plus all of these companies are making these things in China and no offense to them but anything security related, especially on a national level should not be trusted to that country. I have nothing against those people at all but the country's government implements very authoritarian controls over their companies and often does shenanigans with their products.
     
  17. gooface

    gooface MDL Junior Member

    Aug 29, 2013
    52
    11
    0
    The TPM issue is going to be the downfall of windows 11 adoption rate... what a joke to lock out so many of your customers with this pointless requirement.
     
  18. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    47,006
    93,807
    450
    The only hardware i have with a TPM (1.2) option runs 21966.1, installed by using an untouched 21996.1 ISO, fine but the pc health check tool only says "your organization manages updates".

    Insider preview app says it doesn't meet the minimum requirements for running win 11.
     
  19. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    3,522
    2,093
    120
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...