I had an HP Zbook Workstation. With TPM1.x Initially said get ready for W11, then months later meeage: this model fails TPM 2.0 requirement, CPU OK. I used HP firmware tool to upgrade from TPM 1.x to TPM2.0. A recheck with W11 a few months later: TPM OK, CPU no good. Last month the message about the system not being upgradeable to W11 disappeared and replaced with a link: to learn more about W11.
Wtf. Do they even know what system requirements they need?
Rumour is it’s literally only there as an olive branch to hardware manufacturers to force people to buy new hardware. There’s literally no technical reasons for it.
What I heard (on here, and I hope it’s a vicious rumor) is that TPM 2.0 comes with backdoors accessible to Microsoft via the OS so that a significant chunk of the computer belongs to Big MS and not to the end user, and it will squeal and cause problems if the end user tries to take it back.
The whole point of TPM 1.0 hypothetically was to allow a larger secondary encryption key of a device to be accessible only by a small user-provided key (say a four-digit PIN), and requiring use of the key-query software to run to get the secondary key. A limited number of chances with longer delays with each wrong answer heightens security.
But this pissed off government law enforcement across the world, who want backdoors for when they want to crack the phone of a very important criminal.
It would be nice if Apple, Google and Microsoft had more respect for their end users than they do national and corporate institutions, but we know this isn’t really the case, so it’s at least plausible that TPMs 1.0 or 2.0 come pre-backdoored. It doesn’t hurt that this is exactly what FBI and NSA want even though (Pre-9/11 and Pre-PATRIOT) NSA is supposed to be assuring that no-one, not even police can crack our secure communication protocols.
Despite efforts to look into it, I’ve yet to get an answer I can fully trust whether or not they are backdoored. But since Microsoft is notorious for exactly this kind of bullshit since the 1980s, I assume it’s true that TPMs are backdoored until I find convincing information otherwise.
it’s one of those things where it does legitimately improve security, but for them to require it the way they did when almost no hardware at the time has it is pretty transparent.
there are plenty of other hardware requirements that could improve security if they arbitrarily decided to require them. they did this for the rain you describe, but have the plausible deniability of saying that it’s for security.
basically, the same bullshit line that’s used to justify half of the bullshit unpopular changes that anyone pushes anywhere.
“it’s for security” - no it’s not, as a for profit company chances are pretty good we can prove you don’t actually give a shit about customer date if we look close enough at your practices. it’s for profit.
“it’s for the environment” - admirable thought, too bad that’s not profitable. I don’t believe you mr. for profit company.
“for the kids”- it you have ever tried to talk to a parent after the subject of their kids safety comes up you’ll see why they always do for this in. it’s the deepest, most primal, and least logical part of our brain. most parents become slovering fucking cavemen the second you disagree with whatever they’ve been programmed to believe will protect their kids. it’s just too easy to manipulate people with. if you say you’re great to protect kids I’m instantly skeptical and need a lot of proof.
it’s one of those things where it does legitimately improve security, but for them to require it the way they did when almost no hardware at the time has it is pretty transparent.
Windows has been requiring hardware manufactures to include TPM 2.0 support since July 2016 , and Windows 11 was released in October 2021. The truth is Microsoft did everything they could to wait for people to get their hands on new hardware (5 years). Data shows that 83% of businesses were victims of firmware attacks, which is exactly what TPM helps with. Like it or not Microsoft’s primary customer are businesses, since they are the one who buy hundreds of licenses and pay for technical support. TPM requirement was not a surprise to anyone:
In fact, in the 55 pages of minumum specifications for Windows 10 hardware TPM is mentioned 60 times.
A quote from the link above.
there are plenty of other hardware requirements that could improve security if they arbitrarily decided to require them. they did this for the rain you describe, but have the plausible deniability of saying that it’s for security.
What other hardware could they require to prevent firmware attacks?
“it’s for security” - no it’s not, as a for profit company chances are pretty good we can prove you don’t actually give a shit about customer date if we look close enough at your practices. it’s for profit.
As shown in the link above, it is for security. The profit comes when businesses keep buying Windows instead of moving to MacOS for lack of security in Windows machines.
“it’s for the environment” - admirable thought, too bad that’s not profitable. I don’t believe you mr. for profit company.
Apple has shown you can have products made of recycled material while still being high quality and highly profitable. If you want environmentally friendly products you need to pay more, because like you said, it is not profitable to sell those products at the same price as before. So you either complain about price or about the environment, can’t have both.
“for the kids”- it you have ever tried to talk to a parent after the subject of their kids safety comes up you’ll see why they always do for this in. it’s the deepest, most primal, and least logical part of our brain. most parents become slovering fucking cavemen the second you disagree with whatever they’ve been programmed to believe will protect their kids. it’s just too easy to manipulate people with. if you say you’re great to protect kids I’m instantly skeptical and need a lot of proof.
The truth is most surveillance technologies will help protect the kids. This is a fact. If you gave the police access to everyone’s phone all the time kids would objectively be safer on the internet. Yes, this is used as an excuse to attack our privacy, but it does work, and there’s no reason to be skeptical. Anyways, this is not on topic to windows TPM.
I don’t know what it means to require it since 2016, because I built my PC in late 2017, and I built it overspecced for my needs because I didn’t want to need to build another or upgrade it in just 5 years. My processor, I’ve been told by Microsoft’s tooling, doesn’t support Windows 11.
What I wrote there is too generalized. OEMs are the ones required to ship TPM 2.0 enabled devices since 2016, you could still build your own PCs without TPM 2.0. Remember main Microsoft customer is companies who don’t build their own PCs but buy them from manufacturers.
The thing is, my mobo was, as far as I can tell (based on the release date of the 1.0 version of its firmware), released in 2017. I didn’t go out of my way to avoid TPM 2.0, I just bought recent hardware made by reputable manufacturers, and built a computer out of them. The fact that Microsoft arbitrarily decided a less than 4 year-old computer couldn’t run on their new operating system is pretty galling.
Remember Microsoft support is in terms of businesses. A business will not buy parts from AMD or MSI and then proceed to build the computer, they buy prebuilt computers from manufacturers, and these are in fact forced to pick parts that support TPM 2.0 since Windows 10. Microsoft could not care less if you and I get hacked, because the fact is we don’t make Microsoft any money.
Also, chances are your motherboard does support TPM 2.0. Remember most manufacturers are lazy and don’t have a dedicated TPM module and instead use firmware TPM which depends on CPU. So even if your motherboard supports TPM 2.0, you need a compatible CPU.
Apple will happily throw away a good machine to sell you a new one, their eco friendlyness and repairability scores are self scored bullshit.
That’s beside the point. They make their machines with recycled materials, and it’s a fact. There are people using 10 year old MacBooks and iPads, so I don’t think anybody is being forced to “throw away” a good machine.
Having police access to everyone’s phone would not make people safer. You would not have enough police to monitor and it is a backdoor for hacking.
That was an example. What they would do is have computer scan your data for illegal content (like they planned to do with iCloud), and any flagged data would get checked by an actual person. If you think this wouldn’t help protect people, you are lying to yourself. Whether this is a privacy issue or not is not the point, the point is that “it’s for the children” is a valid concern for implementing this kind of stuff and not just something to be skeptical about.
Just like Intel Management Engine that gave hackers passwordless entry into machines. Having control like that is not safety.
You are still evading the issue at hand. I never claimed backdoors are not a security issue, I said they would definitely help protect the children, as I repeated above.
Plus anyone with physical access is going to defeat security anyway.
Obviously. The point of things like TPM is to prevent remote hacking. Who claimed otherwise? You cannot guarantee the safety of any system if the attacker has physical access. I assume your computer doesn’t have a log in password since anyone with physical access can defeat it, right?
My linuxOS has a MOC signed by microsoft, an OS can work on TPM with a signature…hackers will find a way to spoof into it
Yes, nothing is foolproof. Should we stop advancing security just because it’s not perfect? Should we stop using SSL/TLS because BREACH and POODLE exploits exist? Should we stop using passwords because someone can brute force them? Maybe we should also throw away memory and thread safe languages because there are some corner cases where they can be used in an unsafe manner? Listen to yourself.
You sir are deluded. And maybe that is by ignorance, Please go watch any of countless Louis Rossman videos about how apple claims a device irrepairable and he fixes it for 5 dollars. Etc. Soldered RAM, faulty switches , bad display cable, all easy fixes that the geniuses will suggest you buy new because it will cost as much to fix. Apple is an e waste producing company.
As for scanning peoples data, it already proved that it did more harm than good. CSAm people just change behaviors ur, and you have legit people having their accounts frozen and police called when their doctor during covid asked for photos of skin rashes. It is hard for an innocent guy to live down arrest for false child porn. Don’t drink all the koolaid.
Please go watch any of countless Louis Rossman videos about how apple claims a device irrepairable and he fixes it for 5 dollars.
Louis Rossman complains about Apple not supplying 3rd party repairmen with the parts needed to do the repairs. He has acknowledged multiple times that you cannot expect Genius bar employees to know how to do board-level repair.
Etc. Soldered RAM
Soldered RAM is not an Apple only thing. It is for manufacturers who don’t want to support people with unstable systems due to installing unsupported RAM. Remember Apple devices are mostly one SOC with everything soldered to reduce possible points of failure.
faulty switches , bad display cable, all easy fixes that the geniuses will suggest you buy new because it will cost as much to fix. Apple is an e waste producing company.
These are design defects, every company ran by humans is allowed to make them. These are easy fixes if you know what the issue is, it is not cost effective for Apple to have a Genius Bar employee open every device and check all components with an oscilloscope to find out if it’s a faulty display cable or a missing capacitor. It is more efficient for Apple to just replace the entire mainboard, and this is expensive for the consumer because you are essentially getting a brand new computer. Yes, this is bad practice, but don’t confuse this with creating e-waste. When you hand in your computer, all recyclable parts are salvaged and used for future Apple devices, and newer devices are more recyclable than older ones.
As for scanning peoples data, it already proved that it did more harm than good. CSAm people just change behaviors ur,
Like I said before nothing is foolproof, and I don’t advocate for these measures. However, the point of these is to force CSAM people to use other services, and if all cloud services implement this, all of a sudden CSAM people have to go around sharing thumb drives or magnet links, which lowers their ability to share the files.
and you have legit people having their accounts frozen and police called when their doctor during covid asked for photos of skin rashes. It is hard for an innocent guy to live down arrest for false child porn.
Yes it is not possible to differentiate between CSAM and pictures for a doctor, and that Google incident is why Apple didn’t proceed with the iCloud scanning. Again I don’t advocate for these measures, as I’m completely against espionage, but people like to pretend like these technologies are made with the sole purpose of spying on you and that “for the kids” is just an excuse. People like that are deeply unserious because they seem to forget that if the company wants to look at your data, they will and don’t even have to tell you about it.
Sadly, Microsoft doesn’t need to do anything to have you to upgrade to Windows 11: you just need to buy a new device in the mainstream market. Aside from building your rig from scratch, of course.
SteamDeck is a good example: Microsoft didn’t do nothing to promote the handheld PC gaming industry, even if Valve shown that their free and licenseless OS proved to be the best one… most OEM deliver Window’s only PC handheld, because they are afraid to lose the market segment of those who pirate PC games.
install as normal, install on the c: drive (only thing to note is if the game is using stuff like .net or vc runtimes then don’t install them and just remember which ones you will need)
If runtimes are needed: run “winetricks” to add those, if you want to install patches: use “run exe inside wine prefix” (both are in the menu next to the Windows-logo Button)
Play Game
Heroic Launcher’s installation is a bit more streamlined, but i found Lutris can do more stuff - i don’t know if i would have managed to mod my (owned) Battletech installation (BTA3062) so easily with Heroic. (involved setting a bunch of Envvars and dll overrides)
Hey Microsoft, if you want me to upgrade to Windows 11, you could start by removing the completely arbitrary requirement to have TPM 2.0.
That’s become quite the handy “don’t upgrade this to Windows 11” switch to have.
I had an HP Zbook Workstation. With TPM1.x Initially said get ready for W11, then months later meeage: this model fails TPM 2.0 requirement, CPU OK. I used HP firmware tool to upgrade from TPM 1.x to TPM2.0. A recheck with W11 a few months later: TPM OK, CPU no good. Last month the message about the system not being upgradeable to W11 disappeared and replaced with a link: to learn more about W11. Wtf. Do they even know what system requirements they need?
Why do we even need a toilet paper machine 2.0 to use windows 11?
Joke aside, yeah what’s up with that? People been able to bypass it and have no problem.
It’s for OS level DRM. And I would bet some spying too.
Rumour is it’s literally only there as an olive branch to hardware manufacturers to force people to buy new hardware. There’s literally no technical reasons for it.
What I heard (on here, and I hope it’s a vicious rumor) is that TPM 2.0 comes with backdoors accessible to Microsoft via the OS so that a significant chunk of the computer belongs to Big MS and not to the end user, and it will squeal and cause problems if the end user tries to take it back.
The whole point of TPM 1.0 hypothetically was to allow a larger secondary encryption key of a device to be accessible only by a small user-provided key (say a four-digit PIN), and requiring use of the key-query software to run to get the secondary key. A limited number of chances with longer delays with each wrong answer heightens security.
But this pissed off government law enforcement across the world, who want backdoors for when they want to crack the phone of a very important criminal.
It would be nice if Apple, Google and Microsoft had more respect for their end users than they do national and corporate institutions, but we know this isn’t really the case, so it’s at least plausible that TPMs 1.0 or 2.0 come pre-backdoored. It doesn’t hurt that this is exactly what FBI and NSA want even though (Pre-9/11 and Pre-PATRIOT) NSA is supposed to be assuring that no-one, not even police can crack our secure communication protocols.
Despite efforts to look into it, I’ve yet to get an answer I can fully trust whether or not they are backdoored. But since Microsoft is notorious for exactly this kind of bullshit since the 1980s, I assume it’s true that TPMs are backdoored until I find convincing information otherwise.
it’s one of those things where it does legitimately improve security, but for them to require it the way they did when almost no hardware at the time has it is pretty transparent.
there are plenty of other hardware requirements that could improve security if they arbitrarily decided to require them. they did this for the rain you describe, but have the plausible deniability of saying that it’s for security.
basically, the same bullshit line that’s used to justify half of the bullshit unpopular changes that anyone pushes anywhere.
“it’s for security” - no it’s not, as a for profit company chances are pretty good we can prove you don’t actually give a shit about customer date if we look close enough at your practices. it’s for profit.
“it’s for the environment” - admirable thought, too bad that’s not profitable. I don’t believe you mr. for profit company.
“for the kids”- it you have ever tried to talk to a parent after the subject of their kids safety comes up you’ll see why they always do for this in. it’s the deepest, most primal, and least logical part of our brain. most parents become slovering fucking cavemen the second you disagree with whatever they’ve been programmed to believe will protect their kids. it’s just too easy to manipulate people with. if you say you’re great to protect kids I’m instantly skeptical and need a lot of proof.
Windows has been requiring hardware manufactures to include TPM 2.0 support since July 2016 , and Windows 11 was released in October 2021. The truth is Microsoft did everything they could to wait for people to get their hands on new hardware (5 years). Data shows that 83% of businesses were victims of firmware attacks, which is exactly what TPM helps with. Like it or not Microsoft’s primary customer are businesses, since they are the one who buy hundreds of licenses and pay for technical support. TPM requirement was not a surprise to anyone:
A quote from the link above.
What other hardware could they require to prevent firmware attacks?
As shown in the link above, it is for security. The profit comes when businesses keep buying Windows instead of moving to MacOS for lack of security in Windows machines.
Apple has shown you can have products made of recycled material while still being high quality and highly profitable. If you want environmentally friendly products you need to pay more, because like you said, it is not profitable to sell those products at the same price as before. So you either complain about price or about the environment, can’t have both.
The truth is most surveillance technologies will help protect the kids. This is a fact. If you gave the police access to everyone’s phone all the time kids would objectively be safer on the internet. Yes, this is used as an excuse to attack our privacy, but it does work, and there’s no reason to be skeptical. Anyways, this is not on topic to windows TPM.
I don’t know what it means to require it since 2016, because I built my PC in late 2017, and I built it overspecced for my needs because I didn’t want to need to build another or upgrade it in just 5 years. My processor, I’ve been told by Microsoft’s tooling, doesn’t support Windows 11.
What I wrote there is too generalized. OEMs are the ones required to ship TPM 2.0 enabled devices since 2016, you could still build your own PCs without TPM 2.0. Remember main Microsoft customer is companies who don’t build their own PCs but buy them from manufacturers.
The thing is, my mobo was, as far as I can tell (based on the release date of the 1.0 version of its firmware), released in 2017. I didn’t go out of my way to avoid TPM 2.0, I just bought recent hardware made by reputable manufacturers, and built a computer out of them. The fact that Microsoft arbitrarily decided a less than 4 year-old computer couldn’t run on their new operating system is pretty galling.
Remember Microsoft support is in terms of businesses. A business will not buy parts from AMD or MSI and then proceed to build the computer, they buy prebuilt computers from manufacturers, and these are in fact forced to pick parts that support TPM 2.0 since Windows 10. Microsoft could not care less if you and I get hacked, because the fact is we don’t make Microsoft any money.
Also, chances are your motherboard does support TPM 2.0. Remember most manufacturers are lazy and don’t have a dedicated TPM module and instead use firmware TPM which depends on CPU. So even if your motherboard supports TPM 2.0, you need a compatible CPU.
Apple will happily throw away a good machine to sell you a new one, their eco friendlyness and repairability scores are self scored bullshit.
Having police access to everyone’s phone would not make people safer. You would not have enough police to monitor and it is a backdoor for hacking.
Just like Intel Management Engine that gave hackers passwordless entry into machines. Having control like that is not safety.
Plus anyone with physical access is going to defeat security anyway.
My linuxOS has a MOC signed by microsoft, an OS can work on TPM with a signature…hackers will find a way to spoof into it
That’s beside the point. They make their machines with recycled materials, and it’s a fact. There are people using 10 year old MacBooks and iPads, so I don’t think anybody is being forced to “throw away” a good machine.
That was an example. What they would do is have computer scan your data for illegal content (like they planned to do with iCloud), and any flagged data would get checked by an actual person. If you think this wouldn’t help protect people, you are lying to yourself. Whether this is a privacy issue or not is not the point, the point is that “it’s for the children” is a valid concern for implementing this kind of stuff and not just something to be skeptical about.
You are still evading the issue at hand. I never claimed backdoors are not a security issue, I said they would definitely help protect the children, as I repeated above.
Obviously. The point of things like TPM is to prevent remote hacking. Who claimed otherwise? You cannot guarantee the safety of any system if the attacker has physical access. I assume your computer doesn’t have a log in password since anyone with physical access can defeat it, right?
Yes, nothing is foolproof. Should we stop advancing security just because it’s not perfect? Should we stop using SSL/TLS because BREACH and POODLE exploits exist? Should we stop using passwords because someone can brute force them? Maybe we should also throw away memory and thread safe languages because there are some corner cases where they can be used in an unsafe manner? Listen to yourself.
You sir are deluded. And maybe that is by ignorance, Please go watch any of countless Louis Rossman videos about how apple claims a device irrepairable and he fixes it for 5 dollars. Etc. Soldered RAM, faulty switches , bad display cable, all easy fixes that the geniuses will suggest you buy new because it will cost as much to fix. Apple is an e waste producing company.
As for scanning peoples data, it already proved that it did more harm than good. CSAm people just change behaviors ur, and you have legit people having their accounts frozen and police called when their doctor during covid asked for photos of skin rashes. It is hard for an innocent guy to live down arrest for false child porn. Don’t drink all the koolaid.
Louis Rossman complains about Apple not supplying 3rd party repairmen with the parts needed to do the repairs. He has acknowledged multiple times that you cannot expect Genius bar employees to know how to do board-level repair.
Soldered RAM is not an Apple only thing. It is for manufacturers who don’t want to support people with unstable systems due to installing unsupported RAM. Remember Apple devices are mostly one SOC with everything soldered to reduce possible points of failure.
These are design defects, every company ran by humans is allowed to make them. These are easy fixes if you know what the issue is, it is not cost effective for Apple to have a Genius Bar employee open every device and check all components with an oscilloscope to find out if it’s a faulty display cable or a missing capacitor. It is more efficient for Apple to just replace the entire mainboard, and this is expensive for the consumer because you are essentially getting a brand new computer. Yes, this is bad practice, but don’t confuse this with creating e-waste. When you hand in your computer, all recyclable parts are salvaged and used for future Apple devices, and newer devices are more recyclable than older ones.
Like I said before nothing is foolproof, and I don’t advocate for these measures. However, the point of these is to force CSAM people to use other services, and if all cloud services implement this, all of a sudden CSAM people have to go around sharing thumb drives or magnet links, which lowers their ability to share the files.
Yes it is not possible to differentiate between CSAM and pictures for a doctor, and that Google incident is why Apple didn’t proceed with the iCloud scanning. Again I don’t advocate for these measures, as I’m completely against espionage, but people like to pretend like these technologies are made with the sole purpose of spying on you and that “for the kids” is just an excuse. People like that are deeply unserious because they seem to forget that if the company wants to look at your data, they will and don’t even have to tell you about it.
HP has a tool to upgrade TPM firmware from 1.x to 2.0.
The toilet paper machine is to mop up all the shit they keep dropping on us.
Sadly, Microsoft doesn’t need to do anything to have you to upgrade to Windows 11: you just need to buy a new device in the mainstream market. Aside from building your rig from scratch, of course.
SteamDeck is a good example: Microsoft didn’t do nothing to promote the handheld PC gaming industry, even if Valve shown that their free and licenseless OS proved to be the best one… most OEM deliver Window’s only PC handheld, because they are afraid to lose the market segment of those who pirate PC games.
If any of those who pirate PC games are reading here: for now all my pillaged goods are working fine on Steam Deck and on Desktop Linux.
So you have to do anything different? Install wine, or special install requirements?
I’m running Nobara, so the basics like wine, Nvidia drivers … are already set up OOTB. There are multiple ways, but i like the way Lutris does it:
Heroic Launcher’s installation is a bit more streamlined, but i found Lutris can do more stuff - i don’t know if i would have managed to mod my (owned) Battletech installation (BTA3062) so easily with Heroic. (involved setting a bunch of Envvars and dll overrides)
I think when the time comes I’ll give Windows 11 ltsc a look which has tpm be optional. Less bloatware too.