• Zagorath@aussie.zone
    link
    fedilink
    English
    arrow-up
    108
    ·
    3 days ago

    Hey Microsoft, if you want me to upgrade to Windows 11, you could start by removing the completely arbitrary requirement to have TPM 2.0.

    • BCsven@lemmy.ca
      link
      fedilink
      English
      arrow-up
      28
      ·
      3 days ago

      I had an HP Zbook Workstation. With TPM1.x Initially said get ready for W11, then months later meeage: this model fails TPM 2.0 requirement, CPU OK. I used HP firmware tool to upgrade from TPM 1.x to TPM2.0. A recheck with W11 a few months later: TPM OK, CPU no good. Last month the message about the system not being upgradeable to W11 disappeared and replaced with a link: to learn more about W11. Wtf. Do they even know what system requirements they need?

    • Annoyed_🦀 @monyet.cc
      link
      fedilink
      English
      arrow-up
      40
      arrow-down
      1
      ·
      3 days ago

      Why do we even need a toilet paper machine 2.0 to use windows 11?

      Joke aside, yeah what’s up with that? People been able to bypass it and have no problem.

      • Scary le Poo@beehaw.org
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 day ago

        In lieu of the bullshit replies you have gotten, I will answer.

        TPM is a security measure. By default your hard drive on Windows 11 will be protected with bit locker. Bit locker is hard drive encryption. It does more stuff but that’s the broad strokes. This means that if your laptops get stolen or your computer gets stolen or whatever it is no longer in danger of all of your information and files being taken.

        There are other advantages as well. For example a TPM could make it much easier for anti-cheat to detect cheating. However, no games use it yet because not every system has a TPM, blah blah blah.

        TPM is actually a really good thing. The problem is that the vast majority of systems do not have a TPM header and therefore cannot add a TPM. This means that those systems have to be replaced.

        I work for a managed service provider so I deal with a lot of companies that refuse to upgrade their systems. Thanks to Windows 11 they are being forced to upgrade systems that are up to 15 years old and basically unusable. This is actually kind of a godsend. There are downsides to this yes, but it is not just some ill thought out idea.

        • Annoyed_🦀 @monyet.cc
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 day ago

          Huh, neat. Thanks for the informative reply. My system is actually ancient at this point(gen4 intel cpu), i only use it to play games and youtube/movie, while i still able to run some game, it does feel aged. I guess it’s really time to get it changed.

      • Zagorath@aussie.zone
        link
        fedilink
        English
        arrow-up
        35
        arrow-down
        2
        ·
        3 days ago

        Rumour is it’s literally only there as an olive branch to hardware manufacturers to force people to buy new hardware. There’s literally no technical reasons for it.

        • Uriel238 [all pronouns]@lemmy.blahaj.zone
          link
          fedilink
          English
          arrow-up
          7
          arrow-down
          1
          ·
          2 days ago

          What I heard (on here, and I hope it’s a vicious rumor) is that TPM 2.0 comes with backdoors accessible to Microsoft via the OS so that a significant chunk of the computer belongs to Big MS and not to the end user, and it will squeal and cause problems if the end user tries to take it back.

          The whole point of TPM 1.0 hypothetically was to allow a larger secondary encryption key of a device to be accessible only by a small user-provided key (say a four-digit PIN), and requiring use of the key-query software to run to get the secondary key. A limited number of chances with longer delays with each wrong answer heightens security.

          But this pissed off government law enforcement across the world, who want backdoors for when they want to crack the phone of a very important criminal.

          It would be nice if Apple, Google and Microsoft had more respect for their end users than they do national and corporate institutions, but we know this isn’t really the case, so it’s at least plausible that TPMs 1.0 or 2.0 come pre-backdoored. It doesn’t hurt that this is exactly what FBI and NSA want even though (Pre-9/11 and Pre-PATRIOT) NSA is supposed to be assuring that no-one, not even police can crack our secure communication protocols.

          Despite efforts to look into it, I’ve yet to get an answer I can fully trust whether or not they are backdoored. But since Microsoft is notorious for exactly this kind of bullshit since the 1980s, I assume it’s true that TPMs are backdoored until I find convincing information otherwise.

              • Scary le Poo@beehaw.org
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 day ago

                You are making the claims, the onus is on you to cite your sources.

                Do you have any trustworthy sources to back up these bullshit claims? I didn’t think so. Now, fuck off.

                • Uriel238 [all pronouns]@lemmy.blahaj.zone
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  edit-2
                  16 hours ago

                  Yeah, I claimed it was a plausible rumor, and given Win10 and Win11 are already spyware and resistant to end-user full control, I already have strong cause to distrust Microsoft, which is what I said.

                  So chill your reactor before it melts down. Unless you want a block, because this is how you get a block.

                  • Scary le Poo@beehaw.org
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    ·
                    12 hours ago

                    It’s also plausible that you are the zodiac killer. I heard that you’re an asshole on the road and that you’re an inconsiderate prick who doesn’t return his shopping cart to the corral.

                    See how that works? Don’t spread bullshit and FUD.

                    You can block as much as you want, you’re still gonna get called out on your shit, the difference is that you’ll be the only one who doesn’t see it.

        • thedirtyknapkin@lemmy.world
          link
          fedilink
          English
          arrow-up
          12
          arrow-down
          1
          ·
          3 days ago

          it’s one of those things where it does legitimately improve security, but for them to require it the way they did when almost no hardware at the time has it is pretty transparent.

          there are plenty of other hardware requirements that could improve security if they arbitrarily decided to require them. they did this for the rain you describe, but have the plausible deniability of saying that it’s for security.

          basically, the same bullshit line that’s used to justify half of the bullshit unpopular changes that anyone pushes anywhere.

          “it’s for security” - no it’s not, as a for profit company chances are pretty good we can prove you don’t actually give a shit about customer date if we look close enough at your practices. it’s for profit.

          “it’s for the environment” - admirable thought, too bad that’s not profitable. I don’t believe you mr. for profit company.

          “for the kids”- it you have ever tried to talk to a parent after the subject of their kids safety comes up you’ll see why they always do for this in. it’s the deepest, most primal, and least logical part of our brain. most parents become slovering fucking cavemen the second you disagree with whatever they’ve been programmed to believe will protect their kids. it’s just too easy to manipulate people with. if you say you’re great to protect kids I’m instantly skeptical and need a lot of proof.

          • tekato@lemmy.world
            link
            fedilink
            English
            arrow-up
            4
            arrow-down
            13
            ·
            3 days ago

            it’s one of those things where it does legitimately improve security, but for them to require it the way they did when almost no hardware at the time has it is pretty transparent.

            Windows has been requiring hardware manufactures to include TPM 2.0 support since July 2016 , and Windows 11 was released in October 2021. The truth is Microsoft did everything they could to wait for people to get their hands on new hardware (5 years). Data shows that 83% of businesses were victims of firmware attacks, which is exactly what TPM helps with. Like it or not Microsoft’s primary customer are businesses, since they are the one who buy hundreds of licenses and pay for technical support. TPM requirement was not a surprise to anyone:

            In fact, in the 55 pages of minumum specifications for Windows 10 hardware TPM is mentioned 60 times.

            A quote from the link above.

            there are plenty of other hardware requirements that could improve security if they arbitrarily decided to require them. they did this for the rain you describe, but have the plausible deniability of saying that it’s for security.

            What other hardware could they require to prevent firmware attacks?

            “it’s for security” - no it’s not, as a for profit company chances are pretty good we can prove you don’t actually give a shit about customer date if we look close enough at your practices. it’s for profit.

            As shown in the link above, it is for security. The profit comes when businesses keep buying Windows instead of moving to MacOS for lack of security in Windows machines.

            “it’s for the environment” - admirable thought, too bad that’s not profitable. I don’t believe you mr. for profit company.

            Apple has shown you can have products made of recycled material while still being high quality and highly profitable. If you want environmentally friendly products you need to pay more, because like you said, it is not profitable to sell those products at the same price as before. So you either complain about price or about the environment, can’t have both.

            “for the kids”- it you have ever tried to talk to a parent after the subject of their kids safety comes up you’ll see why they always do for this in. it’s the deepest, most primal, and least logical part of our brain. most parents become slovering fucking cavemen the second you disagree with whatever they’ve been programmed to believe will protect their kids. it’s just too easy to manipulate people with. if you say you’re great to protect kids I’m instantly skeptical and need a lot of proof.

            The truth is most surveillance technologies will help protect the kids. This is a fact. If you gave the police access to everyone’s phone all the time kids would objectively be safer on the internet. Yes, this is used as an excuse to attack our privacy, but it does work, and there’s no reason to be skeptical. Anyways, this is not on topic to windows TPM.

            • BCsven@lemmy.ca
              link
              fedilink
              English
              arrow-up
              8
              ·
              edit-2
              3 days ago

              Apple will happily throw away a good machine to sell you a new one, their eco friendlyness and repairability scores are self scored bullshit.

              Having police access to everyone’s phone would not make people safer. You would not have enough police to monitor and it is a backdoor for hacking.

              Just like Intel Management Engine that gave hackers passwordless entry into machines. Having control like that is not safety.

              Plus anyone with physical access is going to defeat security anyway.

              My linuxOS has a MOC signed by microsoft, an OS can work on TPM with a signature…hackers will find a way to spoof into it

              • tekato@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                1
                ·
                3 days ago

                Apple will happily throw away a good machine to sell you a new one, their eco friendlyness and repairability scores are self scored bullshit.

                That’s beside the point. They make their machines with recycled materials, and it’s a fact. There are people using 10 year old MacBooks and iPads, so I don’t think anybody is being forced to “throw away” a good machine.

                Having police access to everyone’s phone would not make people safer. You would not have enough police to monitor and it is a backdoor for hacking.

                That was an example. What they would do is have computer scan your data for illegal content (like they planned to do with iCloud), and any flagged data would get checked by an actual person. If you think this wouldn’t help protect people, you are lying to yourself. Whether this is a privacy issue or not is not the point, the point is that “it’s for the children” is a valid concern for implementing this kind of stuff and not just something to be skeptical about.

                Just like Intel Management Engine that gave hackers passwordless entry into machines. Having control like that is not safety.

                You are still evading the issue at hand. I never claimed backdoors are not a security issue, I said they would definitely help protect the children, as I repeated above.

                Plus anyone with physical access is going to defeat security anyway.

                Obviously. The point of things like TPM is to prevent remote hacking. Who claimed otherwise? You cannot guarantee the safety of any system if the attacker has physical access. I assume your computer doesn’t have a log in password since anyone with physical access can defeat it, right?

                My linuxOS has a MOC signed by microsoft, an OS can work on TPM with a signature…hackers will find a way to spoof into it

                Yes, nothing is foolproof. Should we stop advancing security just because it’s not perfect? Should we stop using SSL/TLS because BREACH and POODLE exploits exist? Should we stop using passwords because someone can brute force them? Maybe we should also throw away memory and thread safe languages because there are some corner cases where they can be used in an unsafe manner? Listen to yourself.

                • BCsven@lemmy.ca
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  edit-2
                  3 days ago

                  You sir are deluded. And maybe that is by ignorance, Please go watch any of countless Louis Rossman videos about how apple claims a device irrepairable and he fixes it for 5 dollars. Etc. Soldered RAM, faulty switches , bad display cable, all easy fixes that the geniuses will suggest you buy new because it will cost as much to fix. Apple is an e waste producing company.

                  As for scanning peoples data, it already proved that it did more harm than good. CSAm people just change behaviors ur, and you have legit people having their accounts frozen and police called when their doctor during covid asked for photos of skin rashes. It is hard for an innocent guy to live down arrest for false child porn. Don’t drink all the koolaid.

                  • tekato@lemmy.world
                    link
                    fedilink
                    English
                    arrow-up
                    2
                    arrow-down
                    1
                    ·
                    2 days ago

                    Please go watch any of countless Louis Rossman videos about how apple claims a device irrepairable and he fixes it for 5 dollars.

                    Louis Rossman complains about Apple not supplying 3rd party repairmen with the parts needed to do the repairs. He has acknowledged multiple times that you cannot expect Genius bar employees to know how to do board-level repair.

                    Etc. Soldered RAM

                    Soldered RAM is not an Apple only thing. It is for manufacturers who don’t want to support people with unstable systems due to installing unsupported RAM. Remember Apple devices are mostly one SOC with everything soldered to reduce possible points of failure.

                    faulty switches , bad display cable, all easy fixes that the geniuses will suggest you buy new because it will cost as much to fix. Apple is an e waste producing company.

                    These are design defects, every company ran by humans is allowed to make them. These are easy fixes if you know what the issue is, it is not cost effective for Apple to have a Genius Bar employee open every device and check all components with an oscilloscope to find out if it’s a faulty display cable or a missing capacitor. It is more efficient for Apple to just replace the entire mainboard, and this is expensive for the consumer because you are essentially getting a brand new computer. Yes, this is bad practice, but don’t confuse this with creating e-waste. When you hand in your computer, all recyclable parts are salvaged and used for future Apple devices, and newer devices are more recyclable than older ones.

                    As for scanning peoples data, it already proved that it did more harm than good. CSAm people just change behaviors ur,

                    Like I said before nothing is foolproof, and I don’t advocate for these measures. However, the point of these is to force CSAM people to use other services, and if all cloud services implement this, all of a sudden CSAM people have to go around sharing thumb drives or magnet links, which lowers their ability to share the files.

                    and you have legit people having their accounts frozen and police called when their doctor during covid asked for photos of skin rashes. It is hard for an innocent guy to live down arrest for false child porn.

                    Yes it is not possible to differentiate between CSAM and pictures for a doctor, and that Google incident is why Apple didn’t proceed with the iCloud scanning. Again I don’t advocate for these measures, as I’m completely against espionage, but people like to pretend like these technologies are made with the sole purpose of spying on you and that “for the kids” is just an excuse. People like that are deeply unserious because they seem to forget that if the company wants to look at your data, they will and don’t even have to tell you about it.

            • Zagorath@aussie.zone
              link
              fedilink
              English
              arrow-up
              2
              ·
              3 days ago

              I don’t know what it means to require it since 2016, because I built my PC in late 2017, and I built it overspecced for my needs because I didn’t want to need to build another or upgrade it in just 5 years. My processor, I’ve been told by Microsoft’s tooling, doesn’t support Windows 11.

              • tekato@lemmy.world
                link
                fedilink
                English
                arrow-up
                2
                ·
                2 days ago

                What I wrote there is too generalized. OEMs are the ones required to ship TPM 2.0 enabled devices since 2016, you could still build your own PCs without TPM 2.0. Remember main Microsoft customer is companies who don’t build their own PCs but buy them from manufacturers.

                • Zagorath@aussie.zone
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  ·
                  2 days ago

                  The thing is, my mobo was, as far as I can tell (based on the release date of the 1.0 version of its firmware), released in 2017. I didn’t go out of my way to avoid TPM 2.0, I just bought recent hardware made by reputable manufacturers, and built a computer out of them. The fact that Microsoft arbitrarily decided a less than 4 year-old computer couldn’t run on their new operating system is pretty galling.

                  • tekato@lemmy.world
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    ·
                    2 days ago

                    Remember Microsoft support is in terms of businesses. A business will not buy parts from AMD or MSI and then proceed to build the computer, they buy prebuilt computers from manufacturers, and these are in fact forced to pick parts that support TPM 2.0 since Windows 10. Microsoft could not care less if you and I get hacked, because the fact is we don’t make Microsoft any money.

                    Also, chances are your motherboard does support TPM 2.0. Remember most manufacturers are lazy and don’t have a dedicated TPM module and instead use firmware TPM which depends on CPU. So even if your motherboard supports TPM 2.0, you need a compatible CPU.

    • jas0n@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      3 days ago

      That’s become quite the handy “don’t upgrade this to Windows 11” switch to have.

    • alessandro@lemmy.caOP
      link
      fedilink
      English
      arrow-up
      9
      ·
      3 days ago

      Sadly, Microsoft doesn’t need to do anything to have you to upgrade to Windows 11: you just need to buy a new device in the mainstream market. Aside from building your rig from scratch, of course.

      SteamDeck is a good example: Microsoft didn’t do nothing to promote the handheld PC gaming industry, even if Valve shown that their free and licenseless OS proved to be the best one… most OEM deliver Window’s only PC handheld, because they are afraid to lose the market segment of those who pirate PC games.

      • AWildMimicAppears@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        1
        ·
        3 days ago

        If any of those who pirate PC games are reading here: for now all my pillaged goods are working fine on Steam Deck and on Desktop Linux.

        • Cort@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          3 days ago

          So you have to do anything different? Install wine, or special install requirements?

          • AWildMimicAppears@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            3 days ago

            I’m running Nobara, so the basics like wine, Nvidia drivers … are already set up OOTB. There are multiple ways, but i like the way Lutris does it:

            • Click on “Add a game”
            • Select “Install Windows Game from an executable”
            • give it a name, if you use the name identifier as it is used on lutris.net you get the box art automatically
            • click through, select install/prefix directory, select setup.exe file
            • install as normal, install on the c: drive (only thing to note is if the game is using stuff like .net or vc runtimes then don’t install them and just remember which ones you will need)
            • If runtimes are needed: run “winetricks” to add those, if you want to install patches: use “run exe inside wine prefix” (both are in the menu next to the Windows-logo Button)
            • Play Game

            Heroic Launcher’s installation is a bit more streamlined, but i found Lutris can do more stuff - i don’t know if i would have managed to mod my (owned) Battletech installation (BTA3062) so easily with Heroic. (involved setting a bunch of Envvars and dll overrides)

    • stardust@lemmy.ca
      link
      fedilink
      English
      arrow-up
      4
      ·
      3 days ago

      I think when the time comes I’ll give Windows 11 ltsc a look which has tpm be optional. Less bloatware too.

      • Mr_Blott@feddit.uk
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        2 days ago

        Use Rufus to install it, you don’t need tpm. It also debloats it

        It’s a good OS, despite what the Linux teenagers on Lemmy would have you believe

        • Scary le Poo@beehaw.org
          link
          fedilink
          English
          arrow-up
          1
          ·
          12 hours ago

          It’s important to note that if you do this, chances are that feature updates will not install without a TPM.