win11 requires TPM 2.0, is this a deal breaker?

Discussion in 'Windows 11' started by god_paul, Jun 25, 2021.

  1. d5aqoëp

    d5aqoëp MDL Addicted

    Jan 19, 2017
    550
    407
    30
    #121 d5aqoëp, Jul 5, 2021
    Last edited: Jul 5, 2021
    My Intel NUC4 (D34010WYKH) having 4th generation Intel Core i3 has TPM 2.0 when Platform Trust Technology is enabled in Bios. It passes all tests apart from Old 4th gen Core i3 CPU. What are the chances of me able to run Windows 11 unmodified setup? I ask this question because right now, the Windows 11 unmodified setup does not throw any error and does not even complain about my CPU.
     
  2. cengizhan

    cengizhan MDL Senior Member

    Jul 29, 2009
    467
    151
    10
    cpu models are not limited for now.
     
  3. d5aqoëp

    d5aqoëp MDL Addicted

    Jan 19, 2017
    550
    407
    30
    But in future they will block it?
     
  4. Shonk

    Shonk MDL Junior Member

    Oct 10, 2007
    78
    23
    0
    The dealbreaker isnt the tpm 2.0 requirement its that
    its running behind a hypervisor and a vm

    no way in hell i would ever run my main pc virtualised
     
  5. toyo

    toyo MDL Senior Member

    Aug 14, 2009
    450
    298
    10
    Is this true? I didn't bother keeping up with all this.
    When I previously tested the full VBS mode in Windows 10 it decreased performance in various applications and games, as expected. Credential Guard or w/e it was called.
     
  6. Shonk

    Shonk MDL Junior Member

    Oct 10, 2007
    78
    23
    0
    yes they said thats why they requre tpm 2.0 and secure boot for the hypervisor and virtualisation
    for an office pc sure let them eat that vm performance hit
    but for gamers this is such a no way in hell
     
  7. sutt359

    sutt359 MDL Novice

    Apr 11, 2011
    5
    1
    0
    I don't know if anyone can help me. I have a Dell latitude 7285 currently running TPM 1.2 there is a firmware update available to v2.0. but every time I run it I get upgrade failed blocked by tpm fw policy

    I've cleared TPM info, disabled auto provisioning, tried usb boot and even deleting the drive and setting up a fresh windows install and also downgrade the bios version.
     
  8. d5aqoëp

    d5aqoëp MDL Addicted

    Jan 19, 2017
    550
    407
    30
    #128 d5aqoëp, Jul 5, 2021
    Last edited: Jul 6, 2021
    Try updating after disabling tpm from bios.
     
  9. toyo

    toyo MDL Senior Member

    Aug 14, 2009
    450
    298
    10
    Well this is bad
     
  10. donmiller

    donmiller MDL Addicted

    Jun 4, 2016
    554
    354
    30
    Win11 requires TPM 2.0, is this a deal breaker?

    *****Warning Opinion Ahead*****

    Yes, it's a deal breaker. It is an inappropriate marketing method.

    The malware war is one that should be fought with software, not hardware. Malware attack techniques are too dynamic (ever-changing). The PC Industry should not try to fight malware issues with hardware (or constant firmware updates). TPM, Secure Boot, etc. are extraneous. Let the malware war be fought by anti-malware companies.
     
  11. Carlos Detweiller

    Carlos Detweiller MDL Spinning Tortoise

    Dec 21, 2012
    4,910
    5,078
    150
    #132 Carlos Detweiller, Jul 5, 2021
    Last edited: Jul 6, 2021
    Ordered two ASUS SPI-TPM 2.0 on 22nd for €12.98, got them today. On 24th, after the announcement, all Amazon offers were rapidly sold out (scalpers getting crazy-go-nuts).

    I predict that all or nearly all mainboards will come with TPM 2.0 preinstalled (unless they want to rely on fTPM which, the BIOS warned me, could be less secure).
     
  12. toyo

    toyo MDL Senior Member

    Aug 14, 2009
    450
    298
    10
    Less preoccupied about TPM, my main worry is because of the allegedly VBS requirement. This will essentially run the OS behind a HyperV VM, at a sizable performance loss.
    The TPM itself doesn't have any impact on performance, you just have to have it, and will likely be able to mod the OS to install without. But the VM is worrying.
     
  13. exonym

    exonym MDL Novice

    Apr 21, 2015
    1
    0
    0
    Any source on this claim that the OS runs behind a HyperV VM?
     
  14. donmiller

    donmiller MDL Addicted

    Jun 4, 2016
    554
    354
    30
    I wasn’t aware of that. That’s a bit scary.
     
  15. 7Lover

    7Lover MDL Novice

    Oct 17, 2009
    42
    17
    0
    Because of the performance hit from VBS, maybe it is a blessing that my hardware doesn’t meet the new system requirements.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. loader24

    loader24 MDL Junior Member

    May 18, 2016
    64
    9
    0
    as far as I knew there are important parts of our registry that must enabled in order to bypass windows 11 requirements you can find it here
    [HKEY_LOCAL_MACHINE\SYSTEM\Setup\LabConfig]
    edit the following
    "BypassTPMCheck"=dword:00000001
    "BypassSecureBootCheck"=dword:00000001
    hope it will works in your end.
     
  17. toyo

    toyo MDL Senior Member

    Aug 14, 2009
    450
    298
    10
    The truth is, the performance hit was impossible to notice "by eye" and daily tasks when I first tested the Defender VBS in Win 10 (Win 11 seems to just mandate the same previously optional features). At least on a 8700K. You can only see it in benchmarks like Cinebench and maybe 2-3 frames lost in some games that are more CPU bound, although it depends on how capable the CPU/GPU are etc.
    But running things in VM, especially if the Memory Integrity feature is enabled, will complicate things, some older drivers won't work at all (this must be one of the reasons for Microsoft having such strict hardware requirements).
    For those that want to test these features and see their impact, they can do it in Windows 10 by enabling Core Isolation>Memory Integrity in Defender. If that fails to enable, I think that enabling Application Guard or Windows Hypervisor Platform in Windows Features will enable VBS too. If you run the Sandbox feature, that also might enable HyperV and VBS. A bit messy, as these features were added 1 by 1 to Win10 over the years.
    They present almost 0 utility for the vast majority of people. I disabled them immediately after testing out of curiosity. Haven't had any malware issues for more than a decade, regardless of me using Kasperky IS or Defender itself.