Specialized system won't need to have TPM to run Windows 11

[NumLock21]

With Windows 11 just recently announced, Microsoft has listed the requirements for the new OS. One of the requirements is the need for a TPM 2.0 module. This has cause a massive buyout of that module and caused a sky rocket in price. Turns out a TPM 2.0 module may not be required after all, if you're Windows 11 has to be specialized.

 

Quote

Based on this, it seems TPM really isn't a necessary requirement to run Windows 11, but there are no words, whether or not the OS will install, if you manage to get a hold of these specialized no TPM Win11 ISO, on a CPU that isn't on the supported list.

 

Source

[Helpful Tech Witch]

So, you should be able to mod it out pretty easy.
Cool

[Murasaki]

Every system is special in some way

 

Edit: hOw iS tHiS fUnNy?

[Mark Kaine]

Well my pc is a specialized gaming system, dodged a bullet there. Phew!

 

 

 

[Kisai]

10 minutes ago, Mark Kaine said:

Well my pc is a specialized gaming system, dodged a bullet there. Phew!

 

 

 

Nah. They are talking about Enterprise systems and Embedded systems. Where Enterprise is more likely to have the TPM turned on, they will not have Microsoft accounts. Embedded systems on the other hand will likely have it turned off, eg ticket/turnstile/ATM/etc type machines, because they are not "logged in" to. They just run one program.

 

[NumLock21]

49 minutes ago, Kisai said:

Nah. They are talking about Enterprise systems and Embedded systems. Where Enterprise is more likely to have the TPM turned on, they will not have Microsoft accounts. Embedded systems on the other hand will likely have it turned off, eg ticket/turnstile/ATM/etc type machines, because they are not "logged in" to. They just run one program.

 

Gaming is as Enterprise as enterprise can be. I also have a specialized gaming system, and I too deserve this specialized Win11 ISO that doesn't need that stupid TPM requirement!

[DeScruff]

4 hours ago, NumLock21 said:

Gaming is as Enterprise as enterprise can be. I also have a specialized gaming system, and I too deserve this specialized Win11 ISO that doesn't need that stupid TPM requirement!

Calling it: Win 11 LTSC

[atxcyclist]

10 hours ago, HelpfulTechWizard said:

So, you should be able to mod it out pretty easy.
Cool

Someone will come out with a patch, or Microsoft will drop the requirements, or they will get limited interest in non-OEM systems. Broad hardware support has always been one of the big strengths of Windows, so denying that ability will ultimately cause low adoption/upgrade rates. Similarly to people still keeping XP for years after Vista came out or never upgrading to it, without reaching further back for hardware support W11 will be a flop outside of pre-builts.

[atxcyclist]

5 minutes ago, huilun02 said:

Isn't TPM only needed on a per-app basis? Just avail TPM to apps that can use it, when the hardware is available.

 

Why must it be a requirement when there is no benefit beyond making it an option?

The worst bit is that drive encryption won't be available on the Home version, and most home-built systems have no biometric devices. So really, they should at least remove the requirement for Home Edition because outside of OEM systems none of the features are even relevant.

[Jet_ski]

More evidence the TPM and CPU requirements are made up just to make older hardware obsolete.

[Kisai]

3 hours ago, huilun02 said:

Isn't TPM only needed on a per-app basis? Just avail TPM to apps that can use it, when the hardware is available.

 

Why must it be a requirement when there is no benefit beyond making it an option?

Because it's a catch-22 situation of where you can't improve security as long as old devices don't support it, and making old devices "broken" under certain conditions will just infuriate the user.

 

Look no further than the lack-of-adoption of chip+pin in the US. All this old POS (both literately and that's the actual name) equipment out there that only takes magstripes, meanwhile pretty much everywhere else moved to chip+pin and NFC payments. The US is the only place that has people both on the Left and Right insist on paying cash because they think there is a government or corporate bogeyman that will use that one purchase to label them a crook or pervert.

 

Or if you want to get even more deeper into the "The US is backwards from the rest of civilization" trope, the lack of adoption of Metric in consumer goods (meanwhile having it in science and engineering fields) is this same kind of "if it ain't broke, don't fix"

 

Since Microsoft is a US company, it will run head first into this backwards thinking, both by employees and by consumer groups and political forces. If you want to change something by calling it "secure" you have to pretty much prove that the cost of obsolescence is worth it, and in the US, this has only ever been possible in the mobile phone market because mobile phones were cheap and disposable and "next gen" drum beats came out every 2-3 years. Ever since phones moved from being $0 free phones to $2000 expensive toys, the phones themselves have replaced over $20,000 in equipment that a journalist might have to carry around (and last longer.) But that's it.

 

In less than 5 years, we will hit a wall where we can't make chips on any smaller process nodes, and thus the only way to encourage users to upgrade will be to start solving problems that haven't yet been solved. One of those is security and privacy. 

 

Let's say for example, you're a journalist, the TPM is valuable for contacting sources for stories, and keeping both criminals and government's from snooping, and the journalist can keep plausible deniability while keeping their sources safe. Those keys are only in the contacts devices and are only unlocked by MFA devices that don't hold keys in the system memory.

 

So my theory is, Microsoft, sees the writing on the wall, it sees Apple eating it's lunch, with it's tough stance on privacy. So if devices from 2022 forward have all these security devices available by default, Microsoft can start offering secure OneDrive, or third parties like backblaze, or cloud drives like Dropbox can be protected. No more 'resetting the password' and getting into cloud services by only knowing someone's email/phone number.

 

But less ye forget.

 

Like, ultimately the TPM is something Intel has been wanting ever since the Pentium III. (Remember the "Pentium III serial number" fiasco?

https://www.anandtech.com/show/254/4

Quote

Because of the general distrust of Intel's intentions with the processor serial number, Intel immediately announced that all processors would ship with the means of enabling/disabling the processor serial number via a software utility. In contrast, many publications are questioning the reality of the status of the processor serial number, until there is a sure fire way of determining whether the feature is enabled or disabled (outside of Intel's software "utility") we'll just have to rely on Intel's official statements.

Didn't last long, the processor serial number was gone with the Pentium IV. Though it came back in Ivy Bridge in a different form.

 

Only today's environment really has started to change the stance on privacy (see all those obnoxious "we use cookies" popups on every damn website that won't go away. )So it's only a matter of time for TPM's to also be used as perpetual cookies if the browser is allowed to touch it.

 

[blvckmaze]

There's already a way to install W11 with bypassing both TPM and Secure Boot.
I'm running W11 without both with ease in the moment, so there's that.

[Mling]

Go back in time and there was a bit of fear mongering about TPM. That it would cause systems to be locked into M$. Seem the opposite. You may be locked out

1 hour ago, Kisai said:

"we use cookies"

I think its a euro regulation. Maybe it scares boomers off the internet?

 

 

 

 

[Helpful Tech Witch]

5 hours ago, huilun02 said:

Isn't TPM only needed on a per-app basis? Just avail TPM to apps that can use it, when the hardware is available.

 

Why must it be a requirement when there is no benefit beyond making it an option?

It's used for things like bitlocker and windows hello at the os level, I’m sure theres more as well.

[da na]

You know, if they could just decide on what was needed that'd be great

[Doobeedoo]

I'll be fine before I get a new PC in a year or so anyway.

[sounds]

You can also install Win11 on a Raspberry Pi:

 

https://miyagadget.tokyo/archives/274 (Use Google Translate)

 

 

[Kisai]

7 hours ago, Mling said:

Go back in time and there was a bit of fear mongering about TPM. That it would cause systems to be locked into M$. Seem the opposite. You may be locked out

 

Yes, that was one theory. DIY builds just never came stock with them because of cost and nobody was demanding it. So the only way TPM's end up in DIY machines is via fTPM. Processor Serial Number fiasco all over again.

 

 

Quote

I think its a euro regulation. Maybe it scares boomers off the internet?

 

Yes, but because of that, it annoys absolutely everyone on the planet who uses the internet and not "the app", "App"'s have free reign to track you. Essentially these nag messages show up entirely because of advertisements on the site, and not because the site itself stores, or even needs, cookies.

 

 

Anyway, the approach that needs to be taken here, is what Apple already did with app tracking, start asking permission to use the TPM, make sure TPM access is justified (eg only banking apps, no web browsers, no games (other than Online Multiplayer games)), start calling it something meaningful like "personal information wallet", so people make the connection between what it does, and what third parties will use it for.

 

https://apnews.com/article/government-and-politics-technology-business-ed50baf4ffb09ca50cda9b8a262c54ad

Quote

WASHINGTON (AP) — Federal law enforcement agencies secretly seek the data of Microsoft customers thousands of times a year, according to congressional testimony Wednesday by a senior executive at the technology company.

 

Tom Burt, Microsoft’s corporate vice president for customer security and trust, told members of the House Judiciary Committee that federal law enforcement in recent years has been presenting the company with between 2,400 to 3,500 secrecy orders a year, or about seven to 10 a day.

Imagine how much more secure (and less cost for microsoft) if law enforcement can't get your cloud data because the keys are only on your PC.

[Mark Kaine]

On 6/29/2021 at 8:56 PM, Kisai said:

They just run one program

Same! Monster Hunter all day!

 

Spoiler

i get what you're saying though. But i would definitely like a no nonsense gaming only windows version …

 

 

7 hours ago, Kisai said:

make sure TPM access is justified (eg only banking apps, no web browsers, no games (other than Online Multiplayer games)

And thats exactly how it starts ….

[Kisai]

1 hour ago, Mark Kaine said:

Same! Monster Hunter all day!

 

You jest, but that is what kiosk-mode's are. However that's not how that is handled since the game would need updates from time to time.

 

MMORPG's are one of the single worst examples of where a TPM is necessary, because of the utter extent of account fraud that goes on. Can't have your account stolen by your own incompetence/willingness to violate the TOS when the game's account keys are in the TPM.