System Admin Stuff

Useful Posts Related to Windows,Unix,VMware,Veritas,Networking,Cluster etc.

Saturday, 26 June 2021

TPM, Windows 11, and what it means for getting that upgrade this fall

Why is TPM a thing, and what does it mean for getting that Windows 11 upgrade later this year? Let's find out.

As we remarked a week ago, Windows 11 turned out to be much more than just a new Start menu. The new store, Android apps, Direct Storage, Auto HDR, new touch UX, and new forthcoming features, such as haptic pens, make Windows 11 a significant overhaul of the six-year-old Windows 10.

But one item we did not anticipate when it came to major Windows 11-related changes was the apparent cutoff for which PCs can get the free Windows 11 upgrade. That topic is causing a lot of confusion. Here is what we know and what we don't know about it.

Why have TPM requirements at all?

It is clear Microsoft is positioning Windows 11 as its next major OS for the upcoming decade. While it is not a clean break from Windows 10, some older PCs will not make the cut.

The big motivator here seems to be security, as Microsoft explained recently in a blog post.

TPM (Trust Platform Module) is nothing new for PCs. It goes back to the mid-2000s as an international standard for a secure cryptoprocessor. Although there are software versions, too, like fTPM, TPM is a physical hardware chip used to store encrypted information while also ensuring a secured boot environment.

In the real world, TPM allows for things like:

  • BitLocker Drive Encryption
  • Windows Hello PINs and biometrics
  • Windows Defender System Guard
  • Tamper detection of the PCs hardware
  • Virtual Smart card
  • Credential Guard
  • Secure Boot

With TPM, BitLocker gets to store the encryption key and your Windows Hello biometrics securely. This ability is why Windows Hello is so protected. Your biometrics, like fingerprints or facial recognition data, do not go to the cloud; instead, they get hardware encrypted on your PC so that info cannot be retrieved nor reversed engineered to bypass your PC's login process.

Secure boot is becoming increasingly important, too. From Microsoft's documentation:

Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM). When the PC starts, the firmware checks the signature of each piece of boot software, including UEFI firmware drivers (also known as Option ROMs), EFI applications, and the operating system. If the signatures are valid, the PC boots, and the firmware gives control to the operating system.

TPM's role in Windows Hello and Microsoft Passport security.

Microsoft is drawing a line on security and saying that to use Windows 11 PCs going forward, you need to have this feature enabled.

The good news is TPM 1.2 (more on that below) goes back to 2005. TPM 2.0 goes back to 2015, and most PCs are supposed to ship with it, although that does not always seem to be the case, especially if you build your own.

I realize that this is all just techno mumbo jumbo for many consumers, but Windows PCs have had a long history of security issues. Microsoft has gone to great lengths since Windows 10 to secure its OS as much as possible, and Windows 11 takes a more rigid stance.

What is required for Windows 11?

Win + R and typing in 'tpm.msc' tells you about TPM on your PC.

Even the requirements for Windows 11 are a bit confusing as there are both "hard" and "soft" floors of cutoffs for the update. Many PC makers are also now giving guidance on which PCs will get it.

The hard floor is what most people who have older PCs should be looking at. If your PC does not meet these standards, you cannot get Windows 11. In addition, the hard floor requires "greater or equal" to TPM 1.2, Secure Boot capable, 4GB of RAM, 64GB of storage, and at least a dual-core processor that is faster than 1GHz.

Those are hardly strict requirements for a forward-looking OS in 2021.

The soft floor requires TPM 2.0 (which started shipping in all PCs around 2016/2017) and needs specific processors. These are devices that are free to update with no caveats.

The soft floor seems to be what Microsoft's PC Health Check app is looking at and where a lot of confusion is happening.

Indeed, the more significant issue here may not be TPM requirements, but the fact that any Intel CPU older than 8th Gen does not make the cut for Windows 11. Unfortunately, that includes a lot of Surface devices, including Surface Studio 2 and Surface Pro 5. That caveat does not mean those computers can't run Windows 11; it just means Microsoft does not support them running Windows 11. It is an important distinction.

Gaming PCs and TPM: present (but not enabled)

One issue that will be hard to navigate for the entire upgrade process is that many gaming PCs have TPM on the motherboard (it is a physical chip, after all), but it is not enabled. For example, this was the case on my CLX gaming PC, which initially failed Microsoft's check for Windows 11 compatibility.

Enabling Secure Boot on a 2021 gaming PC.

The solution was to go into the BIOS and enable secure boot and Intel Platform Trust Technology (PTT). It took 30 seconds, and my PC is now Windows 11 compliant, which is reasonable considering it is a brand new 2021, $7,500 computer!

As you can see, the problem is some PCs have the hardware, but it is not enabled. Microsoft's Health Check app does not qualify why your PC does not meet the requirements, although we have heard Microsoft will update the app soon to address that. It is also not clear that you can do a software check to see if your PC has TPM 2.0 in the event the module is present but disabled.

Here's the more significant issue: Does Microsoft want to send thousands (millions?) of people into their PC BIOS to start fiddling with security features? Again, you can see how that leaves room for a lot of problems.

At least for new PCs that sell Windows 11 pre-installed, this won't be a concern.

What happens if your PC does not have TPM 2.0 or a modern processor?

Sorry, your CPU is no good. But, is it really?

We don't know. Microsoft says:

Devices that do not meet the hard floor cannot be upgraded to Windows 11, and devices that meet the soft floor will receive a notification that upgrade is not advised.

It sounds like if your computer has TPM 1.2 (which is incredibly old) and at least a 1GHz processor, you can still get Windows 11; it is just "not advised."

Gigabyte GC-TPM Trusted Platform Module.

But what that process looks like is not known at this time. We expect Windows 11 to start rolling out in October through early 2022, like previous Windows updates. So my hunch is users can still take the Windows 11 upgrade, but there may be some warnings about it not being recommended.

To be clear, Windows 11 runs well on older hardware. It is not like older Intel 6th Gen processors cannot handle the OS — far from it. This discussion is all about security.

For those who build their gaming PCs, if your motherboard does not have TPM 2.0 you can buy the module ($30) and install it yourself. Just make sure your motherboard does not already have it since many modern motherboards do, even if it's not enabled.

Will Microsoft stick with Windows 11 requirements?

If I had to guess, Microsoft might modify some of these requirements and even the wording around Windows 11 as we advance. Right now, the scope of the "TPM problem" is not known, when it comes to how many PCs are out there with TPM in a disabled state.

Microsoft has four months to figure out how to address the issue. It could either relax requirements or let affected users take Windows 11 even after advising them against it.

In some ways, this debacle is unfortunate but not uncommon. Apple and Google routinely cut off hardware for new operating systems. My late 2017 Google Pixel 2 will not get Android 12 even though it can absolutely run it. Microsoft doing the same in the name of security is necessary to push standards forward, especially in an age of ransomware, where TPM plays one part in an increasingly growing security infrastructure.

How to check if your PC has a trusted platform module (TPM)

I think the bigger looming issue is not even TPM, but processor compatibility. Microsoft has done this in the past, but these are known as "soft blocks." For example, Windows 10 21H1 does not officially support Intel 4th Gen "Haswell" chips, but you can still run Windows 10 on those processors without issue. Microsoft appears to be doing the same here. There will be soft blocks for non-compatible CPUs, but you can still install Windows 11 on a Surface Pro 5; it just won't be "supported."

Regardless, I think it is evident that Microsoft needs to get clearer messaging around this update as there will be a lot of confusion in the future.



0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

ShortNewsWeb

Loading...

Blog Archive

Categories

'The Woks of Life' Reminded Me to Cook With All the Flavors I Love (1) 10 Scary Podcasts to Listen to in the Dark (1) 13 of the Best Spooky Episodes From (Mostly) Un-Spooky Shows (1) 13 Spooky Movies Set on Halloween Night (1) 1Password Now Generates QR Codes to Share Wifi Passwords (1) 2024 (15) 21 Thanksgiving Movies About Families As Screwed-Up As Yours (1) 30 Movies and TV Shows That Are Basically 'Competence Porn' (1) 30 of the Most Obscenely Patriotic Movies Ever (1) 31 Spooky Movies to Watch Throughout October (1) 40 Netflix Original Series You Should Watch (1) 55 Box Office Bombs Totally Worth Watching (1) Active Directory (1) Adobe's AI Video Generator Might Be as Good as OpenAI's (1) AIX (1) and I'd Do It Again (1) and Max Bundle Isn't a Terrible Deal (1) Apache (2) Apple Intelligence Is Running Late (1) Apple Intelligence's Instructions Reveal How Apple Is Directing Its New AI (1) August 18 (1) August 4 (1) August 5 (1) Avoid an Allergic Reaction by Testing Your Halloween Makeup Now (1) Backup & Restore (2) best practices (1) bleepingcomputer (64) Blink Security Cameras Are up to 68% Off Ahead of Prime Day (1) CentOS (1) Configure PowerPath on Solaris (1) Documents (2) Don't Fall for This 'New' Google AI Scam (1) Don't Rely on a 'Monte Carlo' Retirement Analysis (1) Eight Cleaning Products TikTok Absolutely Loves (1) Eight of the Best Methods for Studying so You Actually Retain the Information (1) Eight Unexpected Ways a Restaurant Can Mislead You (1) Elevate Your Boring Store-Bought Pretzels With This Simple Seasoning Technique (1) Everything Announced at Apple's iPhone 16 Event (1) file system (6) Find (1) Find a Nearby ‘Gleaning Market’ to Save Money on Groceries (1) Five Red Flags to Look for in Any Restaurant (1) Five Ways You Can Lose Your Social Security Benefits (1) Flappy Bird's Creator Has Nothing to Do With Its 'Remake' (1) Four Reasons to Walk Out of a Job Interview (1) Four Signs Thieves Are Casing Your House (1) gaming (1) Goldfish Crackers Have a New Name (for a Little While) (1) Hackers Now Have Access to 10 Billion Stolen Passwords (1) How I Finally Organized My Closet With a Digital Inventory System (1) How I Pack Up a Hotel Room So I Don’t Forget Anything (1) How to Cancel Your Amazon Prime Membership After Prime Day Is Over (1) How to Choose the Best Weightlifting Straps for Your Workout (1) How to Enable (and Turn Off) Apple Intelligence on an iPhone (1) How to Get Started With Bluesky (1) How to Keep Squirrels Off Your Bird Feeders (1) How to Remotely Control Another iPhone or Mac Using FaceTime (1) How to Set Up Your Bedroom Like a Hotel Room (and Why You Should) (1) How to Speak With a Real Person at Target Customer Service (1) How to Take a Screenshot on a Mac (1) How to Take Full Control of Your Notifications on a Chromebook (1) Hulu (1) I Chose the Beats Fit Pro Over the AirPods Pro (1) If You Got a Package You Didn't Order (1) If You Hate Running (1) Important Questions (17) Install and Configure PowerPath (1) interview questions for linux (2) Is ‘Ultra-Processed’ Food Really That Bad for You? (1) Is Amazon Prime Really Worth It? (1) It Might Be a Scam (1) July 14 (1) July 21 (1) July 28 (1) July 7 (1) June 30 (1) LifeHacker (136) Linux (36) Make and Freeze Some Roux Now for Easy Turkey Gravy (1) Meta Releases Largest Open-Source AI Model Yet (1) Monitoring (3) music (688) My Favorite 14TB Hard Drive Is 25% Off Right Now (1) My Favorite Amazon Deal of the Day: Apple AirPods Max (2) My Favorite Amazon Deal of the Day: Apple Pencil Pro (1) My Favorite Amazon Deal of the Day: Google Nest Mesh WiFi Router (1) My Favorite Amazon Deal of the Day: Google Pixel 8 (1) My Favorite Amazon Deal of the Day: PlayStation 5 (1) My Favorite Amazon Deal of the Day: Samsung Odyssey G9 Gaming Monitor (1) My Favorite Amazon Deal of the Day: SHOKZ OpenMove Bone Conduction Headphones (1) My Favorite Amazon Deal of the Day: The 13-Inch M3 Apple MacBook Air (1) My Favorite Amazon Deal of the Day: These Bose QuietComfort Headphones (1) My Favorite Tools for Managing Cords and Cables (1) Nagios (2) Newtorking (1) NFS (1) OMG! Ubuntu! (688) Oracle Linux (1) oracleasm (3) osnews (28) Password less communication (1) Patching (2) Poaching Is the Secret to Perfect Corn on the Cob (1) powerpath (1) Prioritize Your To-Do List By Imagining Rocks in a Jar (1) Red Hat Exam (1) register (73) Rsync (1) Safari’s ‘Distraction Control’ Will Help You Banish (Some) Pop Ups (1) Samba (1) Scrcpy (1) September 1 (1) September 15 (1) September 2 (1) September 22 (1) September 23 (1) September 30 (1) September 8 (1) Seven Home 'Upgrades' That Aren’t Worth the Money (1) Seven Things Your Credit Card’s Trip Protection Won’t Actually Cover (1) ssh (1) Swift Shift Is the Window Management Tool Apple Should Have Built (1) System hardening (1) Tailor Your iPhone's Fitness Summary to Your Workouts (1) Target’s ‘Circle Week’ Sale Is Still Going After October Prime Day (1) Target’s Answer to Prime Day Starts July 7 (1) Tech (9544) Tech CENTRAL (24) Technical stories (127) technpina (7) The 30 Best Movies of the 2020s so Far (and Where to Watch Them) (1) The 30 Best Sports Movies You Can Stream Right Now (1) The Best Deals on Robot Vacuums for Amazon’s Early Prime Day Sale (2) The Best Deals on Ryobi Tools During Home Depot's Labor Day Sale (1) The Best Early Prime Day Sales on Power Tools (1) The Best Movies and TV Shows to Watch on Netflix This Month (1) The Best October Prime Day Deals If You Are Experiencing Overwhelming Existential Dread (1) The Best Places to Go When You Don't Want to Be Around Kids (1) The Best Places to Order Thanksgiving Dinner to Go (1) The Best Strategies for Lowering Your Credit Card Interest Rate (1) The Best Ways to Store All Your Bags and Purses (1) The Latest watchOS Beta Is Breaking Apple Watches (1) The New Disney+ (1) The Two Best Times of Year to Look for a New Job (1) the X Rival Everyone's Flocking To (1) These Meatball Shots Are My Favorite Football Season Snack (1) These Milwaukee Tools Are up to 69% off Right Now (1) This 2024 Sony Bravia Mini-LED TV Is $400 Off Right Now (1) This 75-Inch Hisense ULED 4K TV Is $500 Off Right Now (1) This Google Nest Pro Is 30% Off for Prime Day (1) This Peanut Butter Latte Isn’t As Weird As It Sounds (1) This Tech Brand Will Get the Biggest Discounts During Prime Day (1) Three Quick Ways to Shorten a Necklace (1) Three Services People Don't Know They Can Get From Their Bank for Free (1) Today’s Wordle Hints (and Answer) for Monday (4) Today’s Wordle Hints (and Answer) for Sunday (11) Try 'Pile Cleaning' When Your Mess Is Overwhelming (1) Try 'Pomodoro 2.0' to Focus on Deep Work (1) Try 'Rucking' (1) Ubuntu News (347) Ubuntu! (1) Unix (1) Use This App to Sync Apple Reminders With Your iPhone Calendar (1) Use This Extension to Find All Your X Followers on Bluesky (1) veritas (2) Videos (1) Was ChatGPT Really Starting Conversations With Users? (1) Watch Out for These Red Flags in a Realtor Contract (1) Wayfair Is Having a '72-Hour Closeout' Sale to Compete With Prime Day (1) We Now Know When Google Will Roll Out Android 15 (1) What Is the 'Die With Zero' Movement (and Is It Right for You)? (1) What Not to Do When Training for a Marathon (1) What to Do When Your Employer Shifts Your Pay From Salary to Hourly (1) What to Look for (and Avoid) When Selecting a Pumpkin (1) What to Wear to Run in the Cold (1) What's New on Prime Video and Freevee in September 2024 (1) Why You Can't Subscribe to Disney+ and Hulu Through Apple Anymore (1) Why Your Home Gym Needs Adjustable Kettlebells (1) Windows (5) You Can Easily Add Words to Your Mac's Dictionary (1) You Can Get 'World War Z' on Sale for $19 Right Now (1) You Can Get a Membership to BJ's for Practically Free Right Now (1) You Can Get Beats Studio Buds+ on Sale for $100 Right Now (1) You Can Get Microsoft Visio 2021 Pro on Sale for $20 Right Now (1) You Can Get This 12-Port USB-C Hub on Sale for $90 Right Now (1) You Can Get This Roomba E5 Robot Vacuum on Sale for $170 Right Now (1) You Can Hire Your Own Personal HR Department (1) You Can Search Through Your ChatGPT Conversation History Now (1) You Can Set Different Scrolling Directions for Your Mac’s Mouse and Trackpad (1)

Recent Comments

Popular Posts

Translate

My Blog List

Popular

System Admin Share

Loading...

Total Pageviews

Copyright © System Admin Stuff | Powered by Blogger
Published By Blogger Template | Design By ThemePix.com | Blogger Theme By Premium Blogger Templates