What do REAL security and IT professionals think about the TPM 2.0 requirement?

[Thready]

Please only answer if you're credentialed. I've tried asking real professionals but I always get non-professionals answering. So what do actual professionals think about this? I have not seen many actual EXPERT opinions regarding this unless they were in a tech article. I would like to ask you all directly, because the whole internet seems up in arms and I never listen to the internet, I listen to the people who actually know things.

 

I've been thinking about switching to IT from psychology. I would like to know how professionals think. I would like to understand the professional IT mindset.

[Electronics Wizardy]

This might not be the best forum for IT security people... I do work in IT and do a good amount of security stuff though.

 

For IT, this isn't a big issue, TPMs have been included on almost all buiness grade PCs for a long time. Every system I have that I would consider upgrading to Windows 11 has a tpm installed already.

 

 

[merco]

23 minutes ago, Thready said:

I never listen to the internet

But you are literally asking the internet right now.  

[Touch My Hamm]

I wont go into my actual work but I work in IT in this area. 

 

most machines I have run into for business have TPM as its common for enterprise machines. I wouldn't be updating to windows 11 anytime soon as its rare that bigger companies stay on the latest updates as it usually breaks software that ranges from new to database software from the early 90's. 

 

The issue most have is for personal user machines as some hardware may not have the chips. 

[igormp]

5 minutes ago, Zanthed said:

TPM is an awful and outdated piece of technology. TPM 1.2 and 2.0 both communicate over a legacy serial bus that can be intercepted. For example, if you use only your TPM chip to store and process your Bitlocker encryption key, it can be sniffed with hardware access in seconds. It's completely plain unencrypted bus to bus. The legacy serial bus cannot handle encryption or hashing it during transport. It's why you should use multiple keys for Bitlocker, being Secure Boot + TPM + user PIN entry.

And that's why TPM should be built into the SoC. Its only reason of existence (protecting your device against physical attacks) becomes moot exactly due to the possibility to sniff the bus without any issues.

Just slap a raspberry pi (or even an arduino) on the data lines and you're golden.

[Thready]

1 hour ago, merco said:

But you are literally asking the internet right now.  

Dangit! I guess! But I don't consider LTT "the internet"

I consider people here more trustworthy. 

[Whispre]

Been a SR. Systems Admin for over 20 years... I can say from an IT perspective... who gives a shit. Won't impact us one way or the other. Every system we've implemented for at least 8-10 years has had TPM+Bitlocker.

 

 

As a hobbyist sigh, my poor 7700k.

[8tg]

19 minutes ago, Thready said:

Dangit! I guess! But I don't consider LTT "the internet"

I consider people here more trustworthy. 

This is a tech forum based around the viewers of a channel that almost exclusively talks about consumer computer technology.

Half of the users here don’t have any idea what they’re talking about and just repeat what tech YouTube channels say.

Ive seen someone on this forum genuinely advocate against Installing gpu drivers because “my games work fine without them”.

Ive see another whole discussion about how it should be illegal to use any computer made before 2010 because they’re all useless e-waste.

A majority of users here actually have windows defender turned on and think using windows 7 is a safety hazard.

LTT forums, no offense at any one specific user, is mostly populated with people who just like to talk about consumer products and pretend that they know more than do. LTT forums are not superior in the knowledge prevalent in the community.

[adarw]

14 minutes ago, 8tg said:

This is a tech forum based around the viewers of a channel that almost exclusively talks about consumer computer technology.

Half of the users here don’t have any idea what they’re talking about and just repeat what tech YouTube channels say.

Ive seen someone on this forum genuinely advocate against Installing gpu drivers because “my games work fine without them”.

Ive see another whole discussion about how it should be illegal to use any computer made before 2010 because they’re all useless e-waste.

A majority of users here actually have windows defender turned on and think using windows 7 is a safety hazard.

LTT forums, no offense at any one specific user, is mostly populated with people who just like to talk about consumer products and pretend that they know more than do. LTT forums are not superior in the knowledge prevalent in the community.

im geting a few flashbacks where i said stupid stuff.....

[whm1974]

38 minutes ago, adarw said:

im geting a few flashbacks where i said stupid stuff.....

Same here...

[Freakwise]

2 hours ago, adarw said:

im geting a few flashbacks where i said stupid stuff.....

Same

Edited August 26, 2021 by Freakwise

[Touch My Hamm]

21 hours ago, Thready said:

I've tried asking real professionals but I always get non-professionals answering

Depending on your use case I think this answer is different. If your looking at a enterprise level this answer is different than a home user as you can see with a few answers. I would say TPM is something Microsoft is counting on for a few things and this has people generating opinions on it. Regardless of someone's opinion Windows 11 right now will almost require a TPM chip on the motherboard. 

 

If Im looking at a home user Windows 11 requiring a TPM chip creates alot more headaches then its worth as ALOT of people have older machines for 10 years back (years ago I worked for a repair shop and I would see pc's that originally ran W98 running windows 7 and they wanted windows 10 lol). This creates alot of weird issues for these people who dont understand computers.
If you look at the enterprise level this isnt as big of a deal as most will not upgrade to windows 11 for a long time as most software wont be compatible off the start. Most enterprise level machines have TPM chips and run bitlocker so this doesn't really affect this userbase that much as the end user isnt dealing with the issue and its up to the IT team to figure it out.

 

I think this thread kinda went into a spiral about people knowing or not knowing and credibility of a forum user. I wont say I 100% know about the issue and can only give my experience and if people believe me or not is up to them, I wont lose sleep over forum or users on the internet

[Whispre]

51 minutes ago, GodSeph said:

 most will not upgrade to windows 11 for a long time as most software wont be compatible off the start.

Agree with most of what you said except this. We for example are already testing Win11, and have found no compatibility issues thus far (and we have some older than crap legacy oracle shit too). The current plan is to have all devices (approximately 3800 desktop/laptop) updated by end of 2022, with the first wave of rollouts happening Q1.

[Touch My Hamm]

40 minutes ago, Whispre said:

Agree with most of what you said except this. We for example are already testing Win11, and have found no compatibility issues thus far (and we have some older than crap legacy oracle shit too). The current plan is to have all devices (approximately 3800 desktop/laptop) updated by end of 2022, with the first wave of rollouts happening Q1.

This depends greatly company to company I give you that. Alot of companies have software in departments that may not run well on newer OS. I have clients that run database software that uses CLI and was created in the early 90's. There was even a big push to get people onto Windows 10 and this was around 2 years after it was initially released and it was a giant project making sure EVERYTHING worked properly as any software slowdown or crashing can cost someone hours of work and this would stack up.

 

49 minutes ago, Whispre said:

have found no compatibility issues thus far

This is like my example your experience with a small sample size. I have clients running extremely old software that we had months to get some software to become compatible and usable with Windows 10 back in 2015-16. We have some clients that are very much up to date and some that run old Database CLI that is just a nightmare. It differs greatly depending on the company and the scale.
 

[Whispre]

9 minutes ago, GodSeph said:

This depends greatly company to company I give you that. Alot of companies have software in departments that may not run well on newer OS. I have clients that run database software that uses CLI and was created in the early 90's. There was even a big push to get people onto Windows 10 and this was around 2 years after it was initially released and it was a giant project making sure EVERYTHING worked properly as any software slowdown or crashing can cost someone hours of work and this would stack up.

 

This is like my example your experience with a small sample size. I have clients running extremely old software that we had months to get some software to become compatible and usable with Windows 10 back in 2015-16. We have some clients that are very much up to date and some that run old Database CLI that is just a nightmare. It differs greatly depending on the company and the scale.
 

 

Yeah, like I said we also have old software from the 90's (the oracle crap)... but years ago we moved to running those legacy applications on terminal servers (RDS) so we don't have to deal with compatibility issues on client devices. It's a very small price to pay to greatly simplify the process of keeping client systems up to date and personally I put that onus on the company + IT, not on the OS provider (Microsoft).