Discussion TPM with PTT

[Dave8671]

I know window 11 is release in 2025. Why does a non military computer need TPM? I am part of this is MS wants users to but new systems this is why they are requiring TPM 2.0. MS states why " TPM 2.0 is a "critical building block" for Windows Hello" which I will admit I never use.

I contacted gigabyte support cause my Z370 -D3 has a TPM header and TPM chip was compatible which they had a webpage of compatible TPM modules . this was the reply

"You will not need to purchase a physical TPM module, since your motherboard supports PTT (Platform Trusted Technology). This is a software level TPM and will work for Windows 11". I will see if this is correct in 2025 my CPU is supported its a Intel i5 8500. Maybe there will be a update for the PTT software if that is possibility?

 

[punkncat]

The planned release for Windows 11 is ~Nov of this year at this time.

Support for Windows 10 drops in Oct 14 2025, as of right now. I suspect that public backlash on the issues surrounding Windows 11 will lead to them either changing the requirements, or extending support on 10.

Not that you haven't seen it around (probably) but you can go here to see if your computer is ready for Windows 11.

Upgrade to the New Windows 11 OS | Microsoft

 

[hotaru.hino]

Why does a non military computer need TPM? I am part of this is MS wants users to but new systems this is why they are requiring TPM 2.0. MS states why " TPM 2.0 is a "critical building block" for Windows Hello" which I will admit I never use.

It supports other security features like encryption (for BitLocker) and firmware/platform integrity, which helps mitigate attacks down at that level (which the OS can't detect). Apple is ahead in the game with this, as explained in their security presentation:

Note that they use the T2 chip as their secure enclave system.

I contacted gigabyte support cause my Z370 -D3 has a TPM header and TPM chip was compatible which they had a webpage of compatible TPM modules . this was the reply

"You will not need to purchase a physical TPM module, since your motherboard supports PTT (Platform Trusted Technology). This is a software level TPM and will work for Windows 11". I will see if this is correct in 2025 my CPU is supported its a Intel i5 8500. Maybe there will be a update for the PTT software if that is possibility?

It's because all CPUs supported by that motherboard have a TPM 2.0 compatible secure enclave in the CPU itself.

 

[drea.drechsler]

I know window 11 is release in 2025. Why does a non military computer need TPM? I am part of this is MS wants users to but new systems this is why they are requiring TPM 2.0. MS states why " TPM 2.0 is a "critical building block" for Windows Hello" which I will admit I never use.

I contacted gigabyte support cause my Z370 -D3 has a TPM header and TPM chip was compatible which they had a webpage of compatible TPM modules . this was the reply

"You will not need to purchase a physical TPM module, since your motherboard supports PTT (Platform Trusted Technology). This is a software level TPM and will work for Windows 11". I will see if this is correct in 2025 my CPU is supported its a Intel i5 8500. Maybe there will be a update for the PTT software if that is possibility?

MS has pretty much admitted they screwed up with the released requirements for Windows11. They've walked it back and are looking at it, especially what CPU generation will/won't be supported.

A TPM is good for more than Windows Hello and Bitlocker, or a 'military computer'. It's an encrypted vault for storing keys and credentials and is available for (among other things) web browsers to use. I can imagine our browser would use it to store highly sensitive certificates that request it...like banking, credit card info, etc.

Why it's important is in the news: state sponsored hacking organizations are attacking everything they can in a purposeful, determined fashion that's highly organized and well financed. As with any security plan, it's layered and multi-facted. This is just one other, important, layer in digital security, one that has been missing.

That banking and other financial institutions, even for credit card transactions, don't require a client computer have TPM encrypted credentials is probably because so few people actually use the one already on their systems.

I can see Windows11 as the way MS is forcing people to get serious about security: either you lock your system down with Secure Boot and a TPM, or you get to stay on last-decade's OS. Even if they continue to support it it will be like Windows 7: no growth, no new features, bare security updates and admonishments that it's not so secure even so.

 

[CountMike]

MS has pretty much admitted they screwed up with the released requirements for Windows11. They've walked it back and are looking at it, especially what CPU generation will/won't be supported.

A TPM is good for more than Windows Hello and Bitlocker, or a 'military computer;. It's an encrypted vault for storing keys and credentials and is available for (among other things) web browsers to use. I can imagine our browser would use it to store highly sensitive certificates that request it...like banking, credit card info, etc.

Why it's important is in the news: state sponsored hacking organizations are attacking everything they can in a purposeful, determined fashion that's highly organized and well financed. As with any security plan, it's layered and multi-facted. This is just one other, important, layer in digital security, one that has been missing.

That banking and other financial institutions, even for credit card transactions, don't require a client computer have TPM encrypted credentials is probably because so few people actually use the one already on their systems.

I can see Windows11 as the way MS is forcing people to get serious about security: either you lock your system down with Secure Boot and a TPM, or you get to stay on last-decade's OS. Even if they continue to support it it will be like Windows 7: no growth, no new features, bare security updates and admonishments that it's not so secure even so.

Also keeps passwords, PINs and other credentials used (for now) just for automatic sign in. W10 does it too but only when TPM is available. In future you will see many other (mostly security ) programs use it same way.

 

[drea.drechsler]

.. W10 does it too but only when TPM is available. In future you will see many other (mostly security ) programs use it same way.

That's what I'm hoping for, and why I enabled the fTPM on my system. I'd like to stay with Win10 because I dislike the 'bold new' UI, which basically just copied Apple.

But I'd also like it more knowing that all the trust credentials for credit cards and banking on my computer(s) are encrypted and vaulted and do hope more websites require a TPM to use their services for banking or other financial transactions, to include shopping with credit cards on-line. Which has become pretty much the only way to find variety in a number of different goods.

 

[Dave8671]

I never paid much attention to TPM. I have only 2 windows computers around . The rest are Linux Mint stable and works.

 

[drea.drechsler]

I never paid much attention to TPM. I have only 2 windows computers around . The rest are Linux Mint stable and works.

Doesn't Linux support TPM?

 

[hotaru.hino]

Doesn't Linux support TPM?

As of Linux kernel 3.20.

 

[Dave8671]

Yes but I normally turn it off

 

[Dave8671]

I am thinking that the computers without TPM 2.0 may be in stalling Linux in the future. MS thanks for the added installations to freedom.

 

[drea.drechsler]

I am thinking that the computers without TPM 2.0 may be in stalling Linux in the future. MS thanks for the added installations to freedom.

I doubt that....I think the owners of a computer without a TPM will keep on running the OS they always have been whether it's Win10, Win8, WinVista, Win7 or even WinXP. They just don't really care to change OS any more than they care to upgrade their hardware.

 

[hotaru.hino]

I am thinking that the computers without TPM 2.0 may be in stalling Linux in the future. MS thanks for the added installations to freedom.

Well if history is any indication with XP and 7's support dying, I doubt there'll be a migration to Linux any time soon. And having used Linux for a while myself for development, my primary argument against Linux based OSes is at its core, it's software made for developers and other technical people. It's not software made for the average user. Yes there are more user-friendly distros, but at the end of the day average users don't care about choice or freedom, they just care they have something that works.

 

[drea.drechsler]

... average users don't care about choice or freedom, they just care they have something that works.

I would add: works well enough with the applications and hardwares that interest them and fit their purposes AND is easy to setup, use and get driver support for.

And it's really odd to me that anyone still fretting about privacy issues with Microsoft's telemetry of Windows would be so willing to give up the security enhancement that TPM's provide for. I'd have imagined them tripping over themselves to fully understand how to use one and lock down a tighter security protocol of their own, especially those with the techno-smarts to use Linux easily.

 

[Dave8671]

Average users are stuck without another operating system besides windows. I am setting up a charity install Linux as a another option for older systems. I say MS wants to support on the 8th gen intel and the AMD like to force users as I said buy new systems. Time will tell if they change the CPU requirements which in MS case will be right before the windows 11 release date. If I did not have a Windows only app for my movie collection I could ditch windows myself. The Linux applications for collections are either dead or need work.

 

[drea.drechsler]

Average users are stuck without another operating system besides windows....

What makes you think that? They can still use Windows10 until MS deprecates it. It won't have all the security of Windows 11 since, almost by definition, the host computer will lack a TPM but it will still work at least as well as what they have now.

IMO, Linux should not be installed for someone else since anyone not savvy enough to for themself is probably not savvy enough to maintain it with software and hardware/driver updates. Or especially, keep it secure against the highly dynamic threat environment we have today. While it may be true enough that Linux can be made much more secure then Windows they have to know how to do it and maintain it as it's very easy to leave security holes big enough for a middle school hacker to drive a Commodore through.

I fully expect requirements to change...opening up Ryzen 1000 CPU's as well as 7th gen Intel. Maybe even earlier. As has been stated many times before, let's just wait till it's released to pitch a fit.

 

[Dave8671]

Cause I never kept in the know about this technology. Since MS Windows 11 requires it I have been reading up on it. I found this article the other day.

Intel Platform Trust Technology (PTT): TPM For The Masses

In the last few years, Intel® Platform Trust Technology (PTT) has truly arrived. For years, the last word in securing personal computers, industrial PCs, and servers has been the Trusted Platform Module (TPM) specification. TPM established a set of standards and interfaces that enable system...

www.onlogic.com

 

[USAFRet]

Average users are stuck without another operating system besides windows. I am setting up a charity install Linux as a another option for older systems. I say MS wants to support on the 8th gen intel and the AMD like to force users as I said buy new systems. Time will tell if they change the CPU requirements which in MS case will be right before the windows 11 release date. If I did not have a Windows only app for my movie collection I could ditch windows myself. The Linux applications for collections are either dead or need work.

Win 10 runs on decade old hardware.
Win 10 is under direct updates from MS until 2025.

Problem?

 

[Dave8671]

I do not think I will try 10 year hardware for windows 10. My Thinkpad t520 is one such laptop which is very happy with Linux. And for the future this laptop has TPM 1.2. In case have this model and would want to install windows 11.

 

[USAFRet]

I do not think I will try 10 year hardware for windows 10. My Thinkpad t520 is one such laptop which is very happy with Linux. And for the future this laptop has TPM 1.2. In case have this model and would want to install windows 11.

The change from Win 7/8 to Win 10 spoiled us.
Win 10 will indeed run on old hardware.

Discussion - What's the oldest and/or cheesiest system you have Win 10 installed on?

Mine is a 2009 era Toshiba Satellite L305-S5955 Celeron 900, 2.2GHz, 2GB RAM, 250GB HDD. The only upgrade from stock was a warranty replacement of the original 160GB HDD to the current 250GB. Currently v1903, Build 18362.295 https://www.cnet.com/products/toshiba-satellite-l305-s5955/specs/...

forums.tomshardware.com

My current main system is i7-4790k based. A 7 year old platform. Runs Win 10 Pro just fine.

Win 11, maybe not so much.

Except for the minuscule sales of Surface devices, MS doesn't sell PCs/laptops.
They gain little revenue from forcing people to buy new systems.

 

[drea.drechsler]

I do not think I will try 10 year hardware for windows 10. My Thinkpad t520 is one such laptop which is very happy with Linux. And for the future this laptop has TPM 1.2. In case have this model and would want to install windows 11.

IMO there's no compelling reason to run Win11 except for improved security it offers, just as there was no compelling reason to move from XP to Win7 and then to Win10 (aside from MS not providing native support for newer hardware). Each OS update was built to be far less vulnerable than predecessors.

You're content with Linux so Win11 isn't an issue for you anyway. But I have to wonder about what failings are in TPM 1.2 vs. TPM 2.0 and whether that makes it significantly more difficult to secure a system or credentials against compromise. Perhaps you're a Linux wiz and have secured your private data against any and all security threats whether or not it's using a TPM, to include someone gaining physical access to the fixed storage devices within it. But most of us aren't so Win11 and a TPM 2.0 is probably the best for us.