Windows 11 TPM Module required

[rambo919]

TPM functionality is exposed in a standard way by the UEFI, and operating systems have the ability to probe the system to see if it supports advanced cryptographic functionality. This has been possible since 2011, the first release of the 1.2 standard.

This is why it's possible on most Linux distros to enable disk encryption during setup, and why Windows will automatically enable device encryption after the OOBE setup is complete.

So theoretically the only reason M$ insists upon the two as a combined requirement is to force the installer to install only as they dictate it should..... it's basically an extension of their DRM.

I have never encrypted anything..... too much of a hassle if something goes wrong.

EDIT: however what happens when an OEM mobo gets rebranded by an OEM like Mecer that almost never maintains firmware themselves...... this means that instead of OEM the machine will be picked up as DIY.

 

[mister]

Which is why I pirate before I buy.... I prefer to vote in a way that actually matters.

Yep... I always pirate to see if it's worth paying for

 

[CataclysmZA]

So theoretically the only reason M$ insists upon the two as a combined requirement is to force the installer to install only as they dictate it should..... it's basically an extension of their DRM.

You're looking at this from the wrong angle. It's not DRM.

If you buy a laptop with Windows, it comes pre-configured with the requirements to load the software - which in this case is Secure Boot (only loading an OS if the keys are digitially signed and can be verified), and with a TPM 2.0 chip (required for modern cryptographic software and services such as Bitlocker). Windows isn't the only software that either requires or works this way, but as the dominant OS, hardware vendors will ship hardware that is compatible with it. It enables better protection for both Windows and the data stored on the drive.

If you wanted to install Linux, you just turn off Secure Boot so that you can run software that doesn't necessarily have matching key signatures in BIOS. Most distros, however, will be moving towards having boot files signed by Microsoft so that they meet the same security standards. Ubuntu, Fedora, and OpenSUSE all have their bootloaders signed by Microsoft.

One pain point that people have is that Microsoft is the signee, but that was a decision by the UEFI Forum. They all agreed that Microsoft would be the issuer of the private keys that had a relationship to Intel's public keys.

EDIT: however what happens when an OEM mobo gets rebranded by an OEM like Mecer that almost never maintains firmware themselves...... this means that instead of OEM the machine will be picked up as DIY.

Motherboard rebranding typically happens in the BIOS, and will result in changes to things like the motherboard's name in BIOS and the model, both of which are picked up by msinfo32. Mecer is also a registered OEM with Microsoft, even though most of their stuff is made by an OEM like MSI, Compal, or Tongfang. If you find a copy of the Daz loader used to activate Windows, you'll see that Mecer has their own assigned OEM product key - Windows knows how to deal with this because the product key is basically a private key. Motherboard vendors load their own private key in their BIOS, and that's why Windows 8 and later pre-activates on that hardware.

 

[rambo919]

You're looking at this from the wrong angle. It's not DRM.

If you buy a laptop with Windows, it comes pre-configured with the requirements to load the software - which in this case is Secure Boot (only loading an OS if the keys are digitially signed and can be verified), and with a TPM 2.0 chip (required for modern cryptographic software and services such as Bitlocker). Windows isn't the only software that either requires or works this way, but as the dominant OS, hardware vendors will ship hardware that is compatible with it. It enables better protection for both Windows and the data stored on the drive.

If you wanted to install Linux, you just turn off Secure Boot so that you can run software that doesn't necessarily have matching key signatures in BIOS. Most distros, however, will be moving towards having boot files signed by Microsoft so that they meet the same security standards. Ubuntu, Fedora, and OpenSUSE all have their bootloaders signed by Microsoft.

One pain point that people have is that Microsoft is the signee, but that was a decision by the UEFI Forum. They all agreed that Microsoft would be the issuer of the private keys that had a relationship to Intel's public keys.

In theory that's all fine and dandy..... but on one hand the abuser controlls the keys to the castle and on the other hand dual booting UEFI is already a PITA and it's only going to get worse. I tried it once years back and gave up and now stick to legacy.

Motherboard rebranding typically happens in the BIOS, and will result in changes to things like the motherboard's name in BIOS and the model, both of which are picked up by msinfo32. Mecer is also a registered OEM with Microsoft, even though most of their stuff is made by an OEM like MSI, Compal, or Tongfang. If you find a copy of the Daz loader used to activate Windows, you'll see that Mecer has their own assigned OEM product key - Windows knows how to deal with this because the product key is basically a private key. Motherboard vendors load their own private key in their BIOS, and that's why Windows 8 and later pre-activates on that hardware.

Mecer is an extremely lazy OEM, it never supports firmware past the first rebrand and you have to force updates which I have not yet had the nerve to attempt. I can easily see all their hardware being picked up as DIY..... or their DIY sales being picked up as OEM. I checked and they don't sell TPM chips seperately that I can see.... it might just be that this thing caught them completely off guard.

 

[rambo919]

Yep... I always pirate to see if it's worth paying for

Not sure if that's a joke but unless you try software out first before you buy it..... you vote for it anyway since you have to buy it to figure out whether to "vote" for it or not.

Demo's and hour long trials are useless for proper vetting.

 

[NodeCore]

Thanks for all the replies guys - apologies for the extremely late reply, I was away on leave for a bit. Will read through everything and let everyone know if I won...