DON’T buy a new PC for Windows 11!

[E.Beadle]

2 minutes ago, Hygel said:

Every time I try to enable secure boot windows decides that it doesn't want to start up. My BIOS mode is in UEFI and I've tried almost every combination of related settings to get it working but I think that I may be missing something. I have my (built in) TPM enabled and that works fine but secure boot just stops it from working every time. I know it's not required for anything but it seems like something that would be nice to have. Anyone have any ideas about why it wouldn't be working?

Did you follow the reboot so system info shows it is in UEFI?  I had the same issues, BIOS showed it was installed as UEFI, Windows system info showed legacy. 

Once I did the master boot record GPR command prompt in the video it worked. The only thing I need is the tpm part. If you can get that going it should work for you! 

[Helpful Tech Witch]

2 hours ago, King of Memes said:

you can't, they are restricting windows 11 to intels 8th gen or higher

Did you watch the video first?

[E.Beadle]

12 minutes ago, HelpfulTechWizard said:

Did you watch the video first?

Yes I did, I've got it to where I just need the TPM Header now. All I need is a TPM 20-1 pin module. 
TPM-L R2.0｜Motherboards｜ASUS Global

Amazon.com: Asus Accessory TPM-L R2.0 TPM Module Connector For ASUS Motherboard: Computers & Accessories
Sadly its unavailable. 

this here

Everything else checks out fine, UEFI is set to go, Secure boot is set to go. And the video specifically says they go as far back as what generation again? 

 

[acuteaura]

Just FYI, Secure Boot and Linux play pretty well these days, thanks to shim.

 

Even if you need custom kernel mods like nvidia, signing them is pretty trivial, and soon to be automated.

[Helpful Tech Witch]

19 minutes ago, E.Beadle said:

Yes I did, I've got it to where I just need the TPM Header now. All I need is a TPM 20-1 pin module. 
TPM-L R2.0｜Motherboards｜ASUS Global

Amazon.com: Asus Accessory TPM-L R2.0 TPM Module Connector For ASUS Motherboard: Computers & Accessories
Sadly its unavailable. 

this here

Everything else checks out fine, UEFI is set to go, Secure boot is set to go. And the video specifically says they go as far back as what generation again? 

 

I didnt ask you that, I asked the person i quoted

[Hygel]

46 minutes ago, E.Beadle said:

Did you follow the reboot so system info shows it is in UEFI?  I had the same issues, BIOS showed it was installed as UEFI, Windows system info showed legacy. 

Both BIOS and System Info say that it's in UEFI so I'm not sure if it's the same problem but I'll try the command prompt thing. Thanks for your help!

[Thaldor]

28 minutes ago, StDragon said:

That said, if you have a laptop, it would be foolish to not use BitLocker. Nothing is worse than having both a laptop stolen and the data falling into the wrong hands. At least with BitLocker, you only have to worry about loss of the monetary value of the HW.

If only I had that important data that someone was to steal my laptop for it and go through all the trouble to either dig out the SSD or bypass the password and not just pawn it to the closest no-questions-asked pawnshop. And if I had that kind of data that someone was determined enough to go through all that trouble, I probably would have something more trustworthy than "just trust us, bro"-security, most likely something that is proven to be 3 letter organization proof and constantly being audited and proven that there isn't backdoors and just so happens to be free to the level that I can completely lock even the whole Windows 11 behind it.

Now how many people do have that kind of data on their laptops and how many of their laptops will be stolen for that data?

 

Quote

To my knowledge, BitLocker isn't a requirement. The TPM is, and BitLocker requires it. But the TPM is also used for other things too.

If they are going to go ball to the walls, then they should go fully balls to the walls. Not some half-way-there with still ability to support devices that are bigger security risks than your hungry dog securing your bowl of cookies on the floor. Like encryption isn't that big of a deal and even that is VERY questionable with Microsoft (if it's closed source it's directly to the trash bin of "not to be trusted", always, because you cannot be sure, no one can) and at least what I have read other parts are just as well defined. Seriously, if MS isn't going to open up and they are going like "you need at least THIS HW so we can secure you with ways we are not telling you", most likely the biggest joke of this decade will be "Windows 11, The most secure Windows".

 

Spoiler

To make the point clearer. Digital security starts with openness, you tell what you are going to do and how you are going to do it so I can be sure you are not fucking with me and your stuff actually works. And the best part, I don't even need to take your word for it, I can take any number of professionals, tinkerers, even non-techies word for it because they can take a look at your code and make sure there isn't backdoors and it does what it's supposed to do and nothing more. "Someone could find weaknesses", someone will find weaknesses and someone will use them, the question is what are you going to do about it. "Someone could steal our code", again someone will steal your code, someone will reverse-engineer your code and then steal it, even you probably stole someones code for it so there's that. You either show to everyone that you aren't crooked, you aren't hiding anything and everything works, even let everyone help you to make your stuff work better, or everyone (at least should) presume you crooked, that you are hiding a lot of stuff, everything even and you really couldn't be trusted to even code "hello world".

 

[StDragon]

35 minutes ago, Thaldor said:

And if I had that kind of data that someone was determined enough to go through all that trouble, I probably would have something more trustworthy than "just trust us, bro"-security, most likely something that is proven to be 3 letter organization proof and constantly being audited and proven that there isn't backdoors and just so happens to be free to the level that I can completely lock even the whole Windows 11 behind it.

Never discount the might of a $5 wrench. That said, BitLocker is robust; so much that it's FIPS 140-2 certified

 

35 minutes ago, Thaldor said:

Now how many people do have that kind of data on their laptops and how many of their laptops will be stolen for that data?

A LOT, and often! Think someone in Accounting, HR, or a Medical doctor that just had their laptop stolen in a smash-and-grab (because they're too dumb and left it on the front seat of a car) or swiped at the airport. These things happen far more than you probably realize!

 

35 minutes ago, Thaldor said:

Like encryption isn't that big of a deal and even that is VERY questionable with Microsoft (if it's closed source it's directly to the trash bin of "not to be trusted", always, because you cannot be sure, no one can) and at least what I have read other parts are just as well defined. Seriously, if MS isn't going to open up and they are going like "you need at least THIS HW so we can secure you with ways we are not telling you", most likely the biggest joke of this decade will be "Windows 11, The most secure Windows".

 

With Windows 10, you had to have Pro or Enterprise edition to be eligible for the BitLocker feature. Meaning, Home editions don't apply. However that might change with Windows 11; specifically because an online account is required. This could aid in having the BitLocker key stored online in something of an Apple keychain like scheme. And yes, by default all Apple Macbooks now enable FileVault be default; their equivalent of BitLocker.

[Tieox]

@GabenJrI want to see Windows 11 running on an Intel Atom.

[Da_90s_KiD]

I cannot convert my bios mode from legacy to EUFI. Every time I try "mbr2gpt /convert" it's telling me, cannot find room for the EFI system partition.

[StDragon]

17 minutes ago, Da_90s_KiD said:

I cannot convert my bios mode from legacy to EUFI. Every time I try "mbr2gpt /convert" it's telling me, cannot find room for the EFI system partition.

Pretty good writeup over at this link, including failure codes.
https://www.windowscentral.com/how-convert-mbr-disk-gpt-move-bios-uefi-windows-10

But basically you might have to convert in "offline" mode with a bootable USB flashdrive containing Windows 10 boot media to get to the command prompt. That, or you have multiple partitions or disk errors in the way (hint, check with chkdsk command).

Beyond that, probably going to have to proceed with further help in another new thread.

[Ashley MLP Fangirl]

I just run it on a virtual machine on a Sandy bridge MacBook Pro …

[StormForce]

When I try to run the script I get this message. Pressing a key just closes the window, any suggestions?

 

"Current directory contains spaces in its path. Please move or rename the directory to one not containing spaces.

 

Press any key to continue . . ."

 

I feel like this is a simple fix, however I have little experience with command prompt and none with running scripts, any help is appreciated 

[scootley]

So is the ISO method (and its variants) described in the latter part of the video (for getting the final release [in theory] of Windows 11 on unsupported hardware) something that requires a clean install or can it be used to do an upgrade of Windows 10?

[hishnash]

8 hours ago, StDragon said:

That said, BitLocker is robust;

It is but many of the TPM solutions have been found to have issues. Simple task to extract keys from the TPM tend to evolve exploiting PCIe to inject code into the UEFI. Boot sequence on x86 systems means PCIe devices are powered on before DMA VTD protections are enabled that means `evil` PCIe devices can (and have been shown to) modify executable UEFI code in memory bypassing all secure boot protection and thus capturing the TMP key directly from the TMP.  There is a good reason apple made the T2 chip boot before the x86 and activate the VTD DMA protections before the PCIe devices power on, regular TMPS however do not have this level of integration, and also make it so the T2 never gives out its key but rather it does the encryption/decryption on die so even a x86 CPU exploit would not expose the key. 

 

 

[RejZoR]

Then why do they make so much fuss about minimum requirements now when no one gave two F about it ever before? Has anyone ever cared what hardware they have when Windows Vista was a thing? Or Windows 7 was a thing? Or 8 and 10? No, you just grabbed a copy and installed it. So, why do they make all these cockblocks and talk about all sorts of things suddenly if they are not important? It's just so bizarre.

[LAwLz]

Since I was tagged in this thread I decided to watch the video and spotted a minor error.

At 3:10 in the video Anthony says:

Quote

These days, TPM is mostly important for features like Windows Hello and BitLocker drive encryption.

I just want to note Windows Hello does NOT use the TPM.

 

It doesn't really matter and it's a nitpick, but I've seen several people on this forum say Windows Hello uses the TPM and it is simply not true. Windows Hello for Business does use the TPM, but Windows Hello (without "for business") does not.

 

 

  

18 minutes ago, RejZoR said:

Then why do they make so much fuss about minimum requirements now when no one gave two F about it ever before? Has anyone ever cared what hardware they have when Windows Vista was a thing? Or Windows 7 was a thing? Or 8 and 10? No, you just grabbed a copy and installed it. So, why do they make all these cockblocks and talk about all sorts of things suddenly if they are not important? It's just so bizarre.

It's a big fuss now because the minimum requirements didn't really matter before, but they do now.

Windows 10 minimum requirements: 1GHz or faster processor. 1GB of RAM and 16GB of HDD space. 

In other words, basically all computers could run it unless it was over 15 years old. Besides, Microsoft even allowed you to install it even if you did not meet the system requirements.

 

 

Windows 11 minimum requirements: An 8th gen Intel or Zen+ processor. 4GB of RAM. 64GB of storage. TPM 2.0.

Basically, all computers that are older than 4 years will not work. Microsoft has indicated that you will not even be able to install it on anything older than 4 years. Even if your computer is newer than 4 years, you will have to change BIOS settings to hopefully make it work.

 

Minimum specifications did not matter before because it was "let's install it and see how it works". Now the minimum requirements are not only VERY strict (again, anything older than 4 years will not work) and they are actually enforced.

[RejZoR]

What's the point of all the security mesures when you suddenly exclude 80% of computers LMAO. It's idiocy of highest degree. Shit is secure when you're as up to date as possible, whether you support latest features or not. Windows 10 being on life support from now on and being terminated after 2025 is pretty much the opposite of that.

[throttlemeister]

Has anyone tried using the hybrid W10 iso with W11 install.esd to do an in place upgrade?

[Alphapredator]

Now what do i do ? Should i need to install aria2, and if yes what to do with the zip file ? 

[Necroxys]

Hey guys, so I followed the video and was able to upgrade my laptop to Win11 without any trouble.

 

The real problem comes from my main machine. It has a Asus Strix X570-e Gaming with a Ryzen 5 3600X.

 

Tpm is enabled in the BIOS, converted from Legacy to UEFI mode, Secure Boot on, CSM disabled. And YET, I "do not meet the minimum requirements"

 

In System Info there's this message regarding the Tpm: "TPM is not usable, PCR7 binding is not supported, Hardware Security Test Interface failed and device is not Modern Standby, Un-allowed DMA capable bus/device(s) detected"

 

I'm running Windows 10 Pro N (don't ask why), do you think it might be related? 

 

Thanks

 

Nevermind, I had just to switch to Firmware TPM for it to work 

Edited July 13, 2021 by Necroxys
problem solved

[Vishera]

40 minutes ago, Necroxys said:

Un-allowed DMA capable bus/device(s) detected"

It means that you have hardware that is blacklisted.

 

Try following the advises on this web page:

https://superuser.com/questions/1345848/un-allowed-dma-capable-bus-devices-detected

[dst786]

I have an amd a4 9120 cpu (2c + 2g) manufactured in late 2017

it has both secureboot and tpm enabled on UEFI, can anyone please explain why the heck i am not eligible for windows 11

i bought the laptop in 2018

the processor speed 2.3 ghz

[dst786]

Just now, dst786 said:

I have an amd a4 9120 cpu (2c + 2g) manufactured in late 2017

it has both secureboot and tpm enabled on UEFI, can anyone please explain why the heck i am not eligible for windows 11

i bought the laptop in 2018

 

[dst786]

32 minutes ago, dst786 said:

I have an amd a4 9120 cpu (2c + 2g) manufactured in late 2017

it has both secureboot and tpm enabled on UEFI, can anyone please explain why the heck i am not eligible for windows 11

i bought the laptop in 2018

the processor speed 2.3 ghz

any help is appreciable pls