Microsoft quietly erases Windows 11 TPM 2.0 bypass workaround from help page For the past three years, Microsoft documented a way to run Windows 11 on PCs that lack Trusted Platform Module 2.0 hardware – but that workaround has now disappeared from its help page. A Trusted Platform Module (TPM) is an all singing, all dancing security component that can store sensitive secrets such as encryption keys, …
>> Microsoft won’t back down on the requirement for Windows 11 <<
I won't back down from a boycott of all Microsoft shit, either. I shake my head at the lengths Microsoft will go to flog new machines and create e-waste on a scale never before seen. Sorry for you lot trapped in the never ending spiral.
...Until they decide to weaponize the processor allowlist. "Hold the phone, our records show that your processor is approved for the upgrade, meaning it does have a TPM... so just sit tight while we factory reset your BIOS settings and get you upgraded, and while we're at it, we'll replace your system login with the Microsoft Account credentials you signed into Minecraft with once, deleting all the data in your Local Account user directory in the process." *holds gun to user's head* "Now publicly thank us if you don't want to be dash-nined along with your family."
Icon because I legitimately would not be surprised if all of that (minus the lead poisoning) actually comes to pass in October ->
It's not only that that stops it. I run KVM on a linux server (rocky 8 if relevant) at home, and provide a vTPM2.0 module to a Win11 guest I have as a remote access desktop on there. The install of 24H2 still would not proceed without "fudging" it as the processor I have in there is a socket 2011-3 variant, none of which are supported by Win 11. It worked initially when I installed last year using the server hardware check workaround, however I doubt that would work with 24H2 now.
Enforcing the TPM 2 requirements will slow down the adoption of Windows 11 so why are MS doing it ?
Possibilities that come to mind
1) MS is getting a kickback from the makers of new PCs
2) MS plans to use the TPM to block other software (eg Linux, LibreOffice, Firefox, Thunderbird etc) that competes with MS software
3) MS plans to use the TPM to embed an undetectable backdoor
I can not think of any reasons for requiring a TPM 2.0 module that would actually benefit the users of Win 11 - can you ?
"They all need housing in the lunatic asylum."
Unfortunately, they ARE ... the asylum is now called ... the US of A !!!
Chief inmate is Donald Trumpf AKA Pres 47.
My deepest commiserations if you are TRAPPED/LIVE there ... although Gaza, soon to be 'as was', will be available soon as a 'USA-themed' holiday destination or protectorate, whichever suits your mindset !!!
Book early, as the competition from nearby 'settlers' will be strong !!!
Mar-a-lago (Gaza Division US Protectorate Division) will be there real soon !!!
:)
We are watching the disintegration of a nation in real time.
The USA is not a place to even visit now. With bands of ICE (warriors) roaming the country demanding 'papers or else'.
As for Gaza. If Trump has his way, it will become "Trumpland" and will be only for the 0.01% richest people in the world.
He has to be stopped.
His dictatorship is empowering more companies to become absolute bastards whereas before, they were just bastards.
Microsoft is right up there with the worst.
"The USA is not a place to even visit now. With bands of ICE (warriors) roaming the country demanding 'papers or else'."
USA had by far the most hostile immigration officers of any country I have visited* (and last visit was years ago).
.. and lets not get onto pointless requests for ID for buying alcohol there when I was obviously way above legal age.
Will be there again later this year, so will see if it is any worse.
* And that includes some relatively unstable / dangerous South American countries.
[...] although Gaza, soon to be 'as was', will be available soon as a 'USA-themed' holiday destination or protectorate, [...]
But it will not become a state. If it were, the two senators and however many Congresscritters are allocated to it would definitely not belong to the GOP...and there goes tRump's majority in the legislature!
Also why Canada will never become the "51st state" (or 51st through 60th...), nor will Greenland.
The fact that the senate is split 50:50 is not a happy accident that would be spoiled by the addition if a left-leaning 51st state. It is a natural consequence of a first-past-the-post voting system. You always end up with two main parties and they want to make as few policy compromises as possible to gain power. Therefore, both are aiming to attract 51% of the seats. Larger majorities (which certainly do happen) merely indicate that the losing side really fucked up.
Update: I forgot to add that with both sides chasing 51%, we should not be surprised that the election campaigns are basically a scrap for that 2% overlap and the other 98% are ignored.
I would suggest that they are using TPM to (attempt to) plug an otherwise intractable security hole in their shite. They can't (or can't be arsed to -- that is an inclusive OR) fix it themselves, so they rely on hardware to (maybe) do it.
This does not in any way remove the possibilities that @Duncan MacDonald posited.
Do you have any idea how one would use a TPM to accomplish either goal 2 or 3? That's not what TPMs do.
To be boring, probably the reason they put in the requirement is that they turned on Bitlocker by default, Bitlocker requires some version of TPM to have drive encryption without requesting a password at startup, and they want to be able to cut 1.2 compatibility out of their code at some later point without having annoyed users yelling about how their update is breaking drive encryption. The requirement, along with the restrictive processor requirement, is generating a lot of ewaste that I disapprove of. Again, I think this is probably less malicious than lazy, because it enables them to compile for newer instruction sets whenever they want, but machines with Skylake CPUs are not out of date. Microsoft used to be much better about allowing the user to determine when their hardware was old enough to need refreshing; Windows 7 or 10 wouldn't run well on something ancient, but it would run. Unfortunately, Apple has done similar things with their shortening Mac OS lifetimes, and just like Windows 11, a simple tweak to the installer makes the modern OS install just fine, demonstrating how unnecessary the hardware requirements are.
I agree with your points but would point out that this is just Microsoft returning to form. The hardware requirement upticks between versions always used to be fairly reasonable (think XP to Vista or 98 to 2000) however with the massive increase in computing power available in each generation of desktops people tended to go with the flow as the OSes became available - they would change OS to a later one as they upgraded their PC, and with the online world being less developed and mattering less they didn't see the issue with taking older OSes online for brief periods.
These days however windows 7 to 10 have had basically flat hardware requirements thanks to the fact that hardware has become so powerful over the past decade or so. Now that the performance curve is flattening out again older PCs can keep up with newer OSes however Microsoft doesn't make money if people aren't upgrading, and they want to cut costs and simplify development (along with forcing people to buy new OSes via buying new hardware) so they are introducing arbitrary cutoff points in hardware support, which previously would have been seen as part of a natural upgrade cycle to get a better performing PC, but these days is out of step with hardware performance and just looks arbitrary and wrong.
Think they always have. seems to me that computer companies were being charged by microsoft for any computer they sold that was microsoft compatible. that meant there was essentually a tax when you purchased a computer that was windows compatible but planned to use e.g. linux on it.
@IGotOut
Partner is non tech & Apple user - she likes it, but I get the hardware sorting out PITA.
One thing I notice as UK based is Macs always seem to screw up with (non Apple manufactured) UK keyboards & often get layout wrong.
The generic drivers (for printers where manufacturers not provided drivers - the case for partners old printer/scanner as she likes it ) are not that great.
Had to resort to plenty of browsing the web for tips & tricks to sort hardware things out on Macs (ironically more so than with Linux!)
I use both. The Apple stuff usually "just works™" (YMMV). When it doesn't, there is a decent-ish terminal with zsh. If I need anything else, Linux is the next step. Having written that, it's a large price differential between my iMac and a couple of Raspberry Pi5s. I'm retired, and could certainly do what I need with the Pi5s and an iPad; but the iMac was a somewhat indulgent present to myself.
One can't move to Apple without paying Apple. Linux is free.
Why does that matter?
He didn't say he was leaving Microsoft because he didn't want to pay for Windows 11, or to pay for a new PC able to run Windows 11. He said he's moving for less hassle, and indicated that so far Apple is living up to that for him.
No one in the first world moves to Linux because they don't have to "pay". They move because they want full control over the software running on their PC. That's a valid goal too, but wasn't the goal of the guy who switched to Apple.
"Had enough of their shite, moved to Apple. Yeah yeah Linux blah blah..."
You're right. XNU / FreeBSD is much better. (Ehm... You do know that's what MacOS is based on, right?)
"there was always something to fettle to make work, been doing that for 20+ yrs."
I've had to do that with Windows for much longer than that. Until I ditched it in favor of blah blah blah.
Incidentally, for "The Rest Of Us" who don't want to mess with more than minor configuration, there are laptops that come with Linux which is essentially what Apple does: their own OS on their own hardware, thus essentially creating a work-right-out-of-the-box appliance. Of course Linux is tons cheaper than Apple's offerings, even when you get it pre-installed on a laptop.
Exactly - I'm a Linux admin and I believe in the "right tool for the right job". I'll happily conceded that Windows still do the best commercial and business-oriented desktop OS (not to mention gaming on PC), Apple make the best design and creative machines (although there's less difference now than there used to be in that area), and Linux is the best server OS for the majority of use-cases which don't involve terminal services or active directory (since AD has many useful features built on top of LDAP).
Whenever a general person purchases a PC, a TPM module is never an issue that they are aware of, let alone think about.
Since 2016 i have run Linux as my main OS, so not sure if there is something specific that Windows must have to function securely (ha ha ha ha ha) that was required before.
Microsoft has a monopoly, and it is abusing that monopoly.
Maybe the lawmakers or media have a duty to inform people of alternatives, to show people that they don't need to purchase a new Windows PC.
As has been said before, it gives Microsoft a way to trust your computer to do certain things. The added security is less for the user (though it does improve it a bit), and a lot more for the various forms of Digital Restrictions Management we have these days.
First of all, TPM is absolutely the most pointless tech ever devised, especially as there have already been multiple successful hacks.
As far as I can tell, the sole purpose of TPM is an attempt to lock people into Microsoft's ecosystem ("He who controls the bootloader...").
Having said that, allegedly there is a way to use Linux on hardware infected with TPM (enabled).
I read the docs for this, several times over, until my brain melted. Did I mention I'm a Gentoo user (and Void Linux) for past 20 years, so not exactly a noob, but this is honestly the most perversely convoluted, overengineered and complicated shit of all time.
Frankly it would just be a whole lot easier to disable TPM, and never install Windows. Ever.
Bonus points if I can rip that shit out of its socket and smash it with a sledgehammer.
I don't know what you think a TPM does, but it sounds like you've misinterpreted it. Many Linux systems use a TPM quite intentionally for the same reasons that Windows does. If you use LUKS volumes, one of the most common configurations is to use a TPM so that the volumes are linked to the computer in which they were created. This means that, if I get a copy of your drives and start brute forcing your key, I'll almost certainly fail because I don't have the part stored in the TPM. Of course, you can use LUKS without a TPM if you want, but it's really not unusual to use it. A TPM is a relatively dumb piece of hardware/software and like any other part of the computer, you could use it for malicious purposes. Since it can be used to run only a certain set of software at boot, you could use it to make sure the computer doesn't boot anything except Windows. However, if you're concerned that they'll do that, it's worth considering that there have been TPMs since 2003 and can you point to any time when they did this?
If you use LUKS volumes, one of the most common configurations is to use a TPM so that the volumes are linked to the computer in which they were created. This means that, if I get a copy of your drives and start brute forcing your key, I'll almost certainly fail because I don't have the part stored in the TPM.
If I have LUKS volumes bound to my motherboard via a partial key stored in the TPM chip, then if my motherboard fails, how do I make those volumes work with my replacement motherboard?
It appears that using LUKS with TPM is setting nyself up for a denial-of-service situation (either "natural" or "hostile").
Those being tied together is the entire point. You respond to the motherboard being broken by restoring your backups to the next version. Maybe you don't want that, which is why you would choose not to use it (you still have backups, though, right), but the unrecoverability if the drive and motherboard are not together is considered an advantage to those who use this method because it becomes more difficult for a misplaced or stolen drive to be cracked. As usual, this is just one option, although quite a popular one.
No, no I won't.
The reason to use W11 is because it's low energy lazy option if you have a W10 machine.
If I need to spend significant time and energy to make a piece of older but perfectly functional kit use W11 I might as well put that time and energy into changing to 'nix.
I remember a company named IBM. They had good products and service. However, they failed to adapt and had their clock properly cleaned. IBM played the same idiotic games that Microshaft is playing and look where they ended up.
Both outfits look like the monkey with its hand caught in the bait jar whilst the patient hunters watch over them. They are too greedy and ignorant to let go of the bait.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
