News Windows 11 to Ship Without TPM Requirement for 'Special Purpose' Systems

[hotaru.hino]

Thanks for that.

So Windows is trying to control our PCs by making this mandatory further implying we will no longer even be able to run software we want to run.

Great, just what we all needed: more nanny companies.

Regards.

You never really had complete control of your PC anyway since the mid-late 2000s, what with modern systems adding layers and layers of "security enclaves." That is to say, that Intel Core or AMD Ryzen processor in your computer? That doesn't have absolute control of the system. There's another processor somewhere that has a higher security privilege level.

Like it or not, the vast majority of Windows users aren't security experts and a non-trivial amount will gladly click on suspicious links, submit information because "someone important sounding" told them to, and run whatever random apps from the interwebs, resulting in broken systems. If you really want a semblance of control over your computer (which again, is a pipe dream due to the above), you should switch to an alternative, because Windows is not for you. And trying to voice your concern is going to be an exercise in frustration because you're the minority in this situation.

Or unless you happen to own a multi-billion dollar company and spend a lot of money on Microsoft's products and services.

 

[pixelpusher220]

Torque off half your users?
Seems like folly added on top of the Windows10-Updates-breaking-stuff debacles. Something is wrong in Redmond. No mention of privacy in rollout? Multiple unforced errors -- keep coming.

Half? you probably should look at the numbers. They entire paying base is foreign and business. US personal users are a minority

 

[PsyaNyde]

I'm not worried, non TPM versions will be freely available almost everywhere, whether M$ wants it or not.

 

[RealBeast]

I can only imagine what will happend tomorrow at work when we (the IT deparment) may be asked to tell the big boss if our PC ecosystem is compatible or not with Windows 11, and that will mean checking how many PC and notebooks are not.
God, I shouldnt think about this stuff on sunday...... sniff

Just think of it as job security!

 

[USAFRet]

I can only imagine what will happend tomorrow at work when we (the IT deparment) may be asked to tell the big boss if our PC ecosystem is compatible or not with Windows 11, and that will mean checking how many PC and notebooks are not.
God, I shouldnt think about this stuff on sunday...... sniff

And that is when you inform the Boss that you're working on a 12 month preliminary plan to upgrade.

 

[brandonjclark]

What is Microsofts BS reason to require TPM in the first place? All I've read is they require it, but nowhere I've found a proper explained reasoning as to why they do. Anyone care to ellaborate, please?

Regards.

The globalist governments are requiring this, not Microsoft.

With TPM, every device can be tracked.

I'm not even kidding, this is why.

And if you don't think the TPM grants the Feds the ability to connect to your machine, you're wrong.

Introducing TPM (the day after 9/11, hehe)

Additionally, the TPM can attest to the configuration of the computer to external third parties, be it the owner of a device wishing to remotely manage it, or a device manufacturer leaving a device in the hands of an untrusted third party

 

[sonofjesse]

In my understanding their trying to make it more secure when you boot from the CPU getting "hacked". Your phone uses TPM each time you boot, so their just trying to ole computers to the same base level of security.

Remember security is about improving your posture, yes you plug one hole and another one is now attack vector (whack a mole), but its better than having all the holes on the ship open spraying in water.

That's my best guess so far on the initial information.

 

[Deleted member 2783327]

I clearly don't understand the need for this (I read Colif's post). I don't and will never use Windows Hello, Azure, Intune, Bitlocker and never voluntarily store any of my personal data in the cloud. I use email encryption now where I can. I guess the only cloud data for me is online banking. I try to avoid buying online. If I can't buy it in store I won't buy it. I don't use paypal, eBay or have a cell phone.

So obviously I'm missing something. Won't be upgrading to Windows 11 any time soon anyway. I have 10 PCs to upgrade - and potentially now have a couple of laptops that are no longer saleable. More landfill 🙁

I have a 7900X skylake-X CPU I wanted to sell. Cost me A$2000. It's now worthless.

 

[dwd999]

Relax, 2 workarounds have already been published. Right now they're kind of difficult involving a regedit during install or an edit of the install ISO. But I'm sure they'll get simpler tomorrow. They'll probably be patched install ISO's readily available in a few days and/or .reg patch files posted all over the web.

 

[USAFRet]

Relax, 2 workarounds have already been published. Right now they're kind of difficult involving a regedit during install or an edit of the install ISO. But I'm sure they'll get simpler tomorrow. They'll probably be patched install ISO's readily available in a few days and/or .reg patch files posted all over the web.

None of that is a "solution".
A regular user should not have to jump through regedit or ISO hoops to install this.

It is not even close to being officially released.
At best, we'll see a Preview install in a few days.
Official release, towards the end of the year.

 

[KaihatsuJai]

Interesting that won't affect OEM Windows.
So that could mean anyone who bought "illegal" OEM Windows keys at a discount site won't have any problems with this.
Oh, that's funny! Loving the irony.

 

[Pc6777]

well, there will probably be a "master copy" and when it gets leaked or created, I can just install the oem version on my "oem" gaming pc. andf not worry about that tmp nonsense.

 

[Loadedaxe]

I am all in for you guys on this, but sadly MS is not backing down. They have stated that. Maybe that changes, but maybe not. Luckily for me, all my systems are compatible, if they werent, I would either keep that machine on Windows 10 until upgrade time or do it now...and no I wouldn't waste my money on a TPM module.
Remember, you have until 2025 to start using Windows 11 if your PC does not support TPM 2.0, hopefully by then you have a newer system.

This is where we are heading, Android and iOS started it on the phones, Apple went to it already and now MS. Its not going to make the world come to a halt.

 

[Aeacus]

Having TMP requirement is peanuts compared to the other "mandatory requirement" Win 11 has, namely this one:

The updated Windows 11 minimum requirements document doesn't outline any expansion of the current list of supported Intel and AMD CPUs. That means Windows 11 will not install on all CPUs before second-gen AMD Ryzen and eighth-gen Intel models. Curiously, many unsupported CPUs, like Skylake-X, support TPM functionality but aren't on the supported CPU list.

I have the TMP header on my MoBo and i can buy the damn thing if needed. But since i'm running 6th gen Skylake CPU, i can't get Win 11 regardless.

 

[Loadedaxe]

Having TMP requirement is peanuts compared to the other "mandatory requirement" Win 11 has, namely this one:



I have the TMP header on my MoBo and i can buy the damn thing if needed. But since i'm running 6th gen Skylake CPU, i can't get Win 11 regardless.

I have a feeling that is going to change before release. They should at least support Ryzen 1xxx and Skylake as well as SL HEDT.

 

[dwd999]

None of that is a "solution".
A regular user should not have to jump through regedit or ISO hoops to install this.

It is not even close to being officially released.
At best, we'll see a Preview install in a few days.
Official release, towards the end of the year.

Doesn't matter since I couldn't get either of the proposed workarounds to work. Its just minimally frustrating for me because the Z590 build that W11 works on is the one I use the most and don't want to mess it up. Normally I would detach the SSD and load W11 on a backup SSD, using bios boot override to switch between the 2. But since the new SSD is M.2 hard mounted, I don't want to unmount it while I load W11 on the backup. I already went through disk imaging it so I could try W11 for an hour the first time and its not worth the effort to image and restore again.

 

[Pc6777]

Having TMP requirement is peanuts compared to the other "mandatory requirement" Win 11 has, namely this one:



I have the TMP header on my MoBo and i can buy the damn thing if needed. But since i'm running 6th gen Skylake CPU, i can't get Win 11 regardless.

I thought you could use older cpus if your mobo had tmp

 

[spongiemaster]

I can only imagine what will happend tomorrow at work when we (the IT deparment) may be asked to tell the big boss if our PC ecosystem is compatible or not with Windows 11, and that will mean checking how many PC and notebooks are not.
God, I shouldnt think about this stuff on sunday...... sniff

I'm in the same position in my company, and I have zero concern over this. By the end of this year the major OEM's will be selling Win11 systems. By the time Win10 EOL's at the end of 2025, all our remaining Win10 systems will be in their 5 year replacement window and would need to be replaced anyway.

Realistically, any major OEM system built within the last few years should be Win11 compliant (MS has required OEM systems support TPM since 2016) so unless you're homebrewing all your company PC's, this is a non-issue even for upgrading.

 

[spongiemaster]

I clearly don't understand the need for this (I read Colif's post). I don't and will never use Windows Hello, Azure, Intune, Bitlocker and never voluntarily store any of my personal data in the cloud. I use email encryption now where I can. I guess the only cloud data for me is online banking. I try to avoid buying online. If I can't buy it in store I won't buy it. I don't use paypal, eBay or have a cell phone.

So obviously I'm missing something. Won't be upgrading to Windows 11 any time soon anyway. I have 10 PCs to upgrade - and potentially now have a couple of laptops that are no longer saleable. More landfill 🙁

I have a 7900X skylake-X CPU I wanted to sell. Cost me A$2000. It's now worthless.

Skylake-X should work fine. I have an X299 system that supports TPM 2.0. The hard floor to be able to upgrade to Windows 11 is TPM 1.2 support which Skylake-X has. It won't be officially supported by MS meaning they won't guarantee compatibility so the upgrade checker will tell you it's not supported. But you won't be blocked from installing it. If your system doesn't at least support TPM 1.2, you won't be able to even attempt to install it.

 

[Xajel]

Tried turning on fTPM and SecureBoot on my B450 board and I am still getting a no go on Win11 compatibility. Funny on a two year old PC. Might resort to this special ISO. Or just buy a TPM module for 11 Euro.

One of the trick's is to install it in a VM, create an image then use the image on your actual system, it will start with discovering devices and so on for the first boot as usual but it works, thought I don't know about how reliable it will be compared to a native install. Last time I tried a similar trick (not with a VM but another machine) was at the time of Windows 98. In modern days people have been using this trick to install Windows 7 on Ryzen system as it's not supported as well.

 

[vincero]

A concern I've got with all this which nobody seems to have addressed where there are limitations with regards to the use of TPM and dual-booting. Through my work I find it invaluable to be able to a) either switch between a couple of different instances of Windows by choosing to boot a different VHD file, and b) roll back those instances by just rebooting and replacing that VHD file with a 'gold' image or previous snapshot. Most of the benefits of Virtual Machines but all of the speed and hardware support.
As I understand it, the OS sort of manages the TPM key store - any OS can reclaim control, but if you were to say use a dual/triple/etc boot configuration with multiple Win11 installs, the likelihood is they will forever be fighting over control of the system TPM - I can't see default disk encryption working well like that.

Add to this that if we consider dual-booting outside of a Windows environment, the UEFI Secure Boot feature requirement (which shouldn't need to be a requirement for all of the other security features to function) could also be a major headache as depending on which bootloader your attempting to use to control it, or how your system BIOS manages the different potential EFI bootloaders, it may suddenly become a lot more difficult for some to achieve such functionality. Depending on your scenario, the system BIOS/UEFI environment may:

• present to you the multiple OS's available and they actually work
• present a list of multiple OS's available and only some of them work
• present a list of multiple OS's where some entries are just garbage and maybe just one primary bootloader works
• present just one OS bootloader (usually listed as the Microsoft Windows option - even if Windows isn't installed)

I've seen all of the above scenarios from different systems all from major OEMs, and not necessarily the newer ones handling it better. Adding secure boot on top of UEFI boot to the mix in a couple of cases has introduced problems so I generally only use UEFI without secure boot.

I could almost see it being successfully argued that these requirements actually could be seen as anti-competitive behaviour - especially if systems ship with these features enabled but disabling them comes with the caveat of loosing access to boot the supplied OS as, to be honest MS's Windows EFI bootloader is great for multi-booting multiple versions of Windows but, Windows bootloader is crap at doing anything else.
BIOS programmers need to start getting their UEFI booting code up to scratch and MS better start working on making their bootloader easier to manager and chain other OS's bootloaders to it to show that they aren't trying to restrict general usage of hardware otherwise expect some states to actually push-back - the EU are always happy to spend their taxpayers hard-earned money in court.

EDIT: There's a feature for Tom's or other tech review site to look in to - dual-booting with UEFI secure boot and TPM where the OS's require it... Maybe there's a workaround where the security state of all the different Windows OS's at least can be duplicated to each boot instance - don't see that being the case for others though,

 

[vincero]

I have a feeling that is going to change before release. They should at least support Ryzen 1xxx and Skylake as well as SL HEDT.

I don't see how specific CPUs are excluded unless there is a change in the CPU instruction sets required but AMD haven't made any ISA changes from Zen to the current Zen 3 so that's unlikely the be the reason - Zen first release should work fine... so long as you have everything else available.

I think the CPU support list is essentially MS saying "this is what we are building for and are prepared to provide support to users with issues using these components", similar to the DX12 GPU hardware requirement - I'm sure DX11 hardware may well work but MS aren't going to troubleshoot a problem with it.
I've seen Windows 10 running on Core2 and AMD Phenom systems quite happily and they aren't on the Windows 10 support list so I know that if there is an issue I'd be wasting my time raising a problem with MS.

It would help if MS actually publish a technical list of ISA requirements as they have done previously, but that would seem to go against their current vague, wishy-washy, half-narrative methodology.
Windows 10 I think needed SSE2 support as a minimum so technically a Pentium 4 or Athlon 64 should be able to run it (and even then it probably wasn't required for core OS functionality and probably helped with media processing, etc.). It wouldn't surprise me if MS raised the requirement to SSE4.2 in Windows 11 as that includes some potentially useful features for parsing data - that would impose a restriction to Core 'ix' based systems and AMD FX / Ax-xxxx systems outside of TPM/EFI issues - some may even say AVX but I wonder if they would stay away from that due to supposed performance penalties on some systems when using those instructions (and also because I doubt normal OS functions require working on numbers that big).

 

[LuxZg]

The 16-page PDF is still meant for system builders, not for general public. Sure they don't want to certify a ix 4xxx Core system for Win 11. Question we still don't have is - will it install/run on existing PCs!

 

[RodroX]

I'm in the same position in my company, and I have zero concern over this. By the end of this year the major OEM's will be selling Win11 systems. By the time Win10 EOL's at the end of 2025, all our remaining Win10 systems will be in their 5 year replacement window and would need to be replaced anyway.

Realistically, any major OEM system built within the last few years should be Win11 compliant (MS has required OEM systems support TPM since 2016) so unless you're homebrewing all your company PC's, this is a non-issue even for upgrading.

Yeah, the main problem with this is that since we live in a really poor country, we don't often get to follow and implement our system replacement plans. Most times economy dictates to use the same PCs for over 8 years...... Oh well, theres no point in worrying just yet.

 

[aymen11512]

I'll bet it'll be as easy as editing setup.ini in the windows iso and setting tpm flag to 0.

it was already ...all you have to do is download windows 11 iso and windows 10 iso and swap install.esd on win10 with install.wim or something like that from win11 iso and use the win 10 iso to install windows 11 in not time they didnt even have to edit anything