New Windows 11 Install Script Bypasses TPM, System Requirements (bleepingcomputer.com) 161
An anonymous reader quotes a report from BleepingComputer: A new script allows you to install Windows 11 on devices with incompatible hardware, such as missing TPM 2.0, incompatible CPUs, or the lack of Secure Boot. Even better, the script also works on virtual machines, allowing you to upgrade to the latest Windows Insider build. This new script was released as part of the extremely useful Universal MediaCreationTool wrapper, a batch file that allows you to create an ISO for any version of Windows 10, with Windows 11 support added last week. While the main script of this open-source project is the 'MediaCreationTool.bat' used to create Windows ISOs, it also includes a script named 'Skip_TPM_Check_on_Dynamic_Update.cmd,' which configures the device to bypass compatible hardware checks.
When Windows 11 was first announced, Microsoft released the operating system's new system requirements, which included a TPM 2.0 security processor, Secure Boot, newer CPUs, and at least 64 GB of hard drive space. As Microsoft realized that many people, especially those in the enterprise, would be testing Windows 11 preview builds on virtual machines, they exempted them from the system requirements (PDF). However, Microsoft is now requiring compatible hardware even on virtual machines and taking a firm stance on its system requirement, going as far as to say that people who install Windows 11 on incompatible hardware may not get security updates.
When Windows 11 was first announced, Microsoft released the operating system's new system requirements, which included a TPM 2.0 security processor, Secure Boot, newer CPUs, and at least 64 GB of hard drive space. As Microsoft realized that many people, especially those in the enterprise, would be testing Windows 11 preview builds on virtual machines, they exempted them from the system requirements (PDF). However, Microsoft is now requiring compatible hardware even on virtual machines and taking a firm stance on its system requirement, going as far as to say that people who install Windows 11 on incompatible hardware may not get security updates.
cryptographic entitlement (Score:4, Interesting)
No updates because you don't have a TPM? They must be storing your entitlement/license in the TPM.
Re: (Score:2)
Re:cryptographic entitlement (Score:5, Insightful)
Since 1990, there has never been less of a reason to have Windows than today. Move on.
Re: (Score:2)
Re:cryptographic entitlement (Score:5, Insightful)
In response to Canberra1's comment:
Crippleware, Bloatware, golden screwdriver, extortion enforcement has no place in any OS.
luther349 opined:
dam straght now that steam has cracked anti cheat for linux. now even gamers wont have a excuse to keep windows.
Sigh.
Unfortunately, it is still the case that, if you need to use a professional-quality DAW for audio production, you're pretty much forced to do it on either a Mac or a Windows machine, because Linux really doesn't offer support for VSTx, etc. plug-ins. Yes, Reaper is available on Linux, but the user base is small, and it doesn't support the effects, workflow, or virtual instrument plug-ins that the other two OSes do.
I won't let Tim Cook imprison me in his unnecessarily-expensive walled garden, so I'm stuck with Windows, whether I like it or not ...
Re: (Score:2)
For a lot of purposes Linux software runs better under Windows than Windows software runs under Linux.
I guess it's the open source nature of Linux makes it easier to implement the APIs and compatibility. The end result is that for a lot of people the path of least resistance is Windows 10 with WSL, rather than Linux with WINE or some derivative.
Re: (Score:3)
Hear, hear. That's the reason I'm stuck with Windows too. Simply to run Reaper, Sound Forge, huge numbers of VST (paid & free) etc.
Sadly I'm currently on Windows 10 LTSC as that's the best I could get when I did a recent hardware upgrade. If I could I'd have stuck on 7 but a couple of newer programs wouldn't run on less than 10.
With all the recent bullshit UI changes, buggering up of things like Explorer, retarded useless search, forced upgrades, attempts to force MS software, and treating the OS lik
Re: (Score:3)
Unfortunately, it is still the case that, if you need to use a professional-quality DAW for audio production, you're pretty much forced to do it on either a Mac or a Windows machine, because Linux really doesn't offer support for VSTx, etc. plug-ins. Yes, Reaper is available on Linux, but the user base is small,
The number of people using any of those is small.
Re:cryptographic entitlement (Score:4, Interesting)
It's because they want to use TPM to validate updates before installing them, and to maintain the Secure Boot chain of trust. It makes sense, Windows Update is an obvious target for malware. Some malware tries to screw with it to prevent being removed by updates to the Malicious Software Removal Tool or Windows Defender, and it's thought that some nation states have tried to attack it to deliver malware.
They could maintain a version of Windows Update that doesn't need a TPM, but that would require effort (money) and they seem keen to reduce the number of configurations that they have to test.
Re: (Score:2)
There's TPM for Raspberry Pi. [youtu.be]
Re: (Score:2)
Re: (Score:2)
I don't know for sure what Microsoft if thinking but if I were designing a secure system I wouldn't have any way to disable TPM checks. If there is a legit way to do it then it's a potential weakness and chances are someone will figure out how to turn on the TPM bypass.
Re: (Score:2)
I don't know for sure what Microsoft if thinking but if I were designing a secure system I wouldn't have any way to disable TPM checks. If there is a legit way to do it then it's a potential weakness and chances are someone will figure out how to turn on the TPM bypass.
TPM != secure boot. TPM performs operations based on stored local secrets not public knowledge.
If I were designing a secure system I would ban all persistently field upgradable firmware and trip a write only breaker on storage area for my OS prior to switching to user mode.
Simple common sense works way better than flawed unnecessarily complex crypto designed to work against the best interests of the user.
Re: (Score:2)
It's because they want to use TPM to validate updates before installing them, and to maintain the Secure Boot chain of trust. It makes sense, Windows Update is an obvious target for malware.
This does not make sense. The OS validates updates via its trust anchor. It's code and anchors are validated by secure boot not TPM. Secure boot has no dependency on TPM.
Re: (Score:2)
TPM is needed to check that the UEFI firmware has not been modified. Secure Boot relies on the keys in the UEFI being beyond the reach of malware.
Re: (Score:2)
No, it doesn't
The payloads carry only the signatures and the validation is only done by public keys, not in the TPM. Each segment of code validates the next before execution in SecureBoot. The TPM is not the root of trust in SecureBoot and it isn't even vaguely useful for SecureBoot (which is a sign that SecureBoot has significant limitations by itself).
The TPM carries keying material unique to that specific system, and doesn't really help in validating signatures of well-known packages.
What TPM can do is
Re: (Score:2)
TPM is needed to check that the UEFI firmware has not been modified.
This is the job of platform key installed by equipment vendor.
Re: (Score:3)
I don't think Windows Update has ever been used to distribute malware, but it has been abused to gain local system privileges without a UAC prompt. There was an issue a while back where executing a command as a normal user would cause it to run code in an arbitrary DLL.
In any case it makes sense to have anything which runs with system level privileges protected by code signing and the Secure Boot chain of trust.
Re: (Score:2)
I don't think Windows Update has ever been used to distribute malware
Only by Microsoft, which used it to distribute patches which added telemetry to Windows 7 through 8.1. Spyware you cannot disable is malware by definition.
Because that was the goal since Vista! (Score:4, Insightful)
This is the whole point of Windows ever since Vista (NT 6.0). They literally redesigned the kernel to please the Content Mafia. Remember how the original plan was to disable your graphics card unless it provided Digital Restrictions Management right to the screen? That created a huge backlash, and they brought it in through the backdoor, by just not displaying "streams" with DRM if the hardware didn't support siding against its owner
.
Everything after that, like Windows 7 (NT 6.1) etc, was just well-made lipstick on that pig.
And with Windows 11, apparently they decided to finish it, or at least take it up a notch.
Maybe one of their suits banged one of the media industry lobbyists again... who knows.
Let's see if they'll partially back down this time too, only to sneak in as much as possible later, and then rinse and repeat the procedure some versions later.
To me, Windows is already dead though. It just doesn't know it yet.
Or do you know a kid today who'd care or even know why he should use Windows? Employers could put whatever OS in front of them. And for employers, Linux is not just cheaper much less of a hassle anyway, because you got complete control. Especially now that re-training is not an issue anymore because everybody already knows more than one OS and they behave so similarly anyway. In many jobs, a simple Android tablet already has become the normal tool. E.g. technicians on the go.
P.S.: (Rest of the argument) (Score:4, Insightful)
Oh, if forgot to add my original conclusion: That the goal is to turn Windows PCs into locked-down consoles that obey only Microsoft, and are hostile to the user if he doesn't please MS, and by proxy, the Content Mafia.
Like Apple does too. Like smartphones and tablets too.
It's simply the attempt to kill the personal computer.
Because lock-in is a form of monopolism and thereby allows much tighter squeezing of your victims. And even though it improves the world in no way, profit maximization is the end goal to all, for some reason.
Re:P.S.: (Rest of the argument) (Score:5, Insightful)
Re: (Score:2)
Oh, if forgot to add my original conclusion: That the goal is to turn Windows PCs into locked-down consoles that obey only Microsoft, and are hostile to the user if he doesn't please MS, and by proxy, the Content Mafia.
I'm not saying that this isn't Microsoft's goal (they sure as hell haven't been moving in the direction of increased user independence recently), but I'm not quite sure the content mafia cares about Windows all that much?
Steam/Origin/Uplay/Epic have the DRM systems in place for games. Sony, Microsoft, and Nintendo sell locked down hardware.
Netflix/Hulu/Peacock/Paramount+/Disney+ have the DRM for video. Amazon, Google, and Roku sell locked down hardware.
Spotify/Pandora have DRM for music, though the RIAA see
Re: (Score:2)
This 100%. Remember they originally wanted you to buy chips and put them inside your computer. Palladium they called it then.
Then it was medical outrage over scanning software blurring the screen and they backpedaled.
That failed so they went around instead with the SecureBoot thing which was mainly to make it harder to install linux. Us old nerds remember literally *any* computer you walked up to would boot a linux install CD/Floppy by just putting it in the system and rebooting.
No magic key presses, no bio
Re:cryptographic entitlement (Score:4)
No updates because you don't have a TPM? They must be storing your entitlement/license in the TPM.
No. No updates because you're running unsupported hardware.
Entitlement is a great word for expecting a vendor to support something they don't want to support.
Re: (Score:2)
Note the difference between unsupported hardware and missing hardware. Some older hardware has TPM, pretty much anything aimed at the enterprise has had a TPM for years. The part that is interesting to me is the TPM requirement, indicating they are using it to store your access to updates. No TPM and you are not entitled because they could not store your ID.
It has nothing whatsoever to do with human feelings of entitlement. Nice strawman there.
Re: (Score:2)
Also this has nothing to do with storing an ID. It's to do with pushing a minimum hardware platform which MS has been trying to push for years. Welcome to 2021. You can chose to run modern hardware or chose for things to be broken. MS is using the only power they have to force stupid manufacturers to actually adopt hardware security features which were standardised a decade ago.
Also it's not a strawman. You're running unsupported hardware, you're not entitled to updates, it's not missing hardware, it's unsu
Re: (Score:2)
Those who are tardy do not get fruit cup.
Re: cryptographic entitlement (Score:4, Informative)
Re: (Score:2)
Re: (Score:2)
Frequently the TPM 1.2 is merely a transient setting. Until very recently a lot of manufacturers were defaulting to TPM 1.2 just in case a customer has an ancient software stack that needs it. However changing it to TPM 2.0 is usually just a trip to the firmware setup menu.
Just like for most people a TPM not being present at all is simply the current value in firmware setup. It's hard to *not* have a TPM 2 if you have hardware newer than 5 years ago.
Of course, the biggest headache is moving your drive fr
Re: (Score:2)
Let's talk about this configuration:
Motherboard: ASUS X99 A II
CPU: Intel Core i7 6800K
RAM: 32 GB DDR4
GPU: 2x 1080 Ti in SLI
Storage: 6 TB of various nVME and SATA SSDs.
Motherboard, CPU and GPUs are all watercooled.
The CPU is upgradeable to a 6950X for about $250.
Now, please tell me how is this a "crappy old computer" by any metrics.
Re: cryptographic entitlement (Score:4, Funny)
It got an Intel CPU. ;)
*ducks*
Re: (Score:2)
Being that it is the 6th gen of the CPU, and we are now on the 10th or 11th gen by now.
I think one thing we kinda gotten use to, is how Windows XP-Windows 10 (Nearly 20 years) Roughly had the same minimum specs. That is actually a really long time with such a trend, Where it has been historical for a computer to be out of date with the Modern OS within 4 - 6 Years.
Also I think it is probably also due to marketing pressures, where getting Windows 10 on the lowest specs PC, is extremely slow, and you are actu
Re: (Score:2)
I expected better from /.
Doesn't matter if it is 12th gen - it is still the same core design from Skylake, and 14nm++++
Re: (Score:2)
The 5950x is a 16core part, and it's over 3x as capable as the 6800k. The fact that userbenchmark doesn't understand this and publishes a "22%" difference is a testament to how ridiculous their rating system is. Some other notable bad comparisons from their top list: the 5900x is better than the 5950x, the 11600k is better than a 10900k, the 5950x is worse than a 9900k, the 7700k is better than a 6900k.
These statements all are laughable, but in case you want some more laughs sort the "avg. bench %" on the
Re: (Score:2)
I wouldn't say Running Windows is unprofessional. It is still the most used Desktop OS, in businesses, mostly due to MS Office, legacy software compatibility, and hardware support.
For the Desktop PC market (not mobile, or cloud based systems Like chromebooks) the only major alternatives to Windows in a professional environment are the following.
Mac OS X - As an OS it is good, however you have to buy Apple hardware, which can be expensive as you may be needing to get hardware that you don't need, and havin
Re: (Score:2)
Running Windows is basically unprofessional at this time
Bull. Almost all mundane offices run Windows for good reason: there's a ton of niche software out where there essentially are nearly no competitors and its only available on Windows. You want to use any other platform and your stuck coding your own programs which obviously not every entity has the staff to do (and even for those that do, its not always the right choice to reinvent the wheel every time).
Remember that for a lot of places computers are just a mundane tool to get a task done: mail out these b
Re: (Score:2)
VMs may not provide TPMs as a matter of course, but you can have an emulated TPM device and I am willing to bet that VM software will all update soon to default to providing at least emulated TPM 2.0. A TPM is not a difficult thing to emulate, it just means having some keying material out there.
Of course there will be solutions touting direct access or how they designed their software to seal the emulated TPM secrets to real hardware TPMs, but broadly speaking this is merely a software/configuration update
Can telemetry be removed now? (Score:5, Interesting)
Re:Can telemetry be removed now? (Score:5, Funny)
Re: (Score:2)
Stop wearing plastic on your feet, and let some air on them, if they smell.
No, it's not normal. Most shoes are just plain unhygienic as fuck. Can't even freaking wash them.
Re: (Score:2)
Is that what RMS was trying to teach us with his toejam? The only feet we should lick clean are our own.
Re: Can telemetry be removed now? (Score:2)
Hopefully, the day won't come when Linux is banned entirely from the net because it's not on the whitelist of "Trusted" OSes. Trusted meaning locked down against the owner, telemetery on at all times and unabled to be disabled (because of isms, iracys, ilias, ists, and wrongthink), and also because humans exist only to make some rich bastards even richer.
Re: Can telemetry be removed now? (Score:2)
locked down against the COMPUTER owner^Wleaser.
Re: (Score:2)
M$ said that all the BS telemetry in Windows 10 was for research and development to make Windows more secure. Well, that was crap wasn't it. Now, Windows 11 with all it's new requirements such as TPM is supposed to make Windows more secure. So, telemetry (spying) didn't help M$ one bit as Windows 10 is just as insecure (probably more so) as it was when launched. So, M$, can telemetry finally be removed or was it really for spying all along?
Telemetry is a way to find out where security problems lie. It is not a tool to create more security directly.
Secure boot and TPM are tools that can be used to improve security.
Re: (Score:2)
Maybe the telemetry told them that TPM and Secure Boot makes a huge difference to Windows security.
In fact that's almost certainly what happened, they probably noticed that machines with Secure Boot enabled got infected at much lower rates. Since back in the XP days the primary way that malware hid itself on Windows was to install itself early in the boot process so that it could prevent the filesystem from showing its own executables, by screwing with the NTFS kernel module. The only way to get rid of it w
Re: (Score:2)
Well, that was crap wasn't it.
Was it? Care to provide data showing that Windows is less secure or that its security hasn't advanced?
Now, Windows 11 with all it's new requirements such as TPM is supposed to make Windows more secure.
Are you suggesting that a hardware security cryptoprocessor doesn't make cryptography more secure? Are you suggesting you can magically do that in software?
So, telemetry (spying) didn't help M$ one bit as Windows 10 is just as insecure (probably more so) as it was when launched. So, M$, can telemetry finally be removed or was it really for spying all along?
Non-sequitur to the TPM topic, but again show your working. And while you're showing your working show us where MS said that telemetry was only for security. I mean you can go into the telemetry settings in windows and straight away see they flat out say
Re: (Score:2)
So, M$, can telemetry finally be removed or was it really for spying all along?
We already know the answer to that, since Microsoft implemented it in the next Windows version after the USDoJ had them over a barrel for anticompetitive practices and let them go with an apparent handslap.
Re: (Score:2)
Nobody sane ever had any doubt that a) telemetry was for spying only and b) MS would not be able to fix its persistently crappy security.
Re: (Score:3)
And this is a nice example of why profit is literally highway robbery. *Literally*.
(If you could, realistically, go around and take another road, you wouldn't be standing at the toll booth.) (The unrealistic "choice" is literally only there to argue this shit is acceptable *while* still doing this exact shit.)
Re: (Score:2)
I keep hearing this and after working pretty thoroughly with TPMs, I still have yet to see how this is the case.
TPMs are not pre-loaded with well-known keys. So it's not like WideVine can just ask the TPM to decrypt without first staging it, which means at some point it passes through the OS anyway.
TPMs have very limited ability to ascertain the state of things when it is asked to do a decryption. You have PCRs that largely measure boot state but has no idea about nuanced application state. The nuanced a
virtual machines may need to skip some rules (Score:2)
virtual machines may need to skip some rules
Re:virtual machines may need to skip some rules (Score:4, Informative)
virtual machines may need to skip some rules
Not necessarily, Hyper-V and VMWare can both pass through TPM, SecureBoot, and meet all the advertised Win11 requirements. You're out of luck for the moment with VirtualBox IIRC, but supposedly they're actively working on that right now.
Re: (Score:2)
Shouldn't it in theory be possible to make TPM software module?
Re:virtual machines may need to skip some rules (Score:5, Informative)
Shouldn't it in theory be possible to make TPM software module?
No. TCG-Compliant hardware TPM contains an Endorsment Key (EK) embedded that is digitally signed by the hardware manufacturer it exists for the specific purpose to Attest/Prove that the TPM is actually a Legitimate TPM hardware chip and not some sort of Software program pretending to be a TPM.
The trust part is essential for many uses of the TPM such as Software Licensing and Digital Rights Management, probably the main ideas MS truly has in mind here.
Sure someone can in theory write a software module if they can get ahold of the standards, but you're not going to be able to get the signed certificates required to Attest the key, so it will never be a valid TPM -- you would have a sort of PM without the Trust part.
Re: (Score:2)
Uuum, no. Unless the video is literally encrypted with one's own EK, there's a step of code in-between that decrypts the video with its own given key, but is only allowed to run by the TPM if it itself is encrypted with the EK. Which does not stop anyone from running other software to just decrypt the video with that given key.
And its not like it's that hard to get your own EK.
Or, even easier: Just grab it from the buffer right after decryption, and upload it for everyone else.
It's still DRM snake oil . .
Re: (Score:2)
Nope, that's not at all how it works. The TPM has nothing to do with decoding the 'video'. The TPM contains an append-only 'log' area. This is cleared on boot. The TPM then 'measures' (forms a hash) of the UEFI and records that in the log. It also records whether secure boot is enabled. UEFI then measures the kernel as it is loaded, and records that. The kernel then measures every piece of code it loads.
Then, your media player can ask the TPM for a copy of that log, which the TPM signs with the endors
Re: (Score:2)
Nope, that is one of the uses of a TPM, but a TPM can also be used to store RSA certificates [microsoft.com], with a public key and a private key. Public key can be sent to the media or software provider, and part or all can be encrypted in a way that only your device can decrypt, as it is the only device with that private key.
In use, the keys on a TPM are used to sign and encrypt other more useful keys that are stored on disk, in ways to reduce the need to continuously bang away at the TPM, but in essence that's how it c
Re: (Score:2)
RSA? Hold on, I've gotta look up that NSA RSA RNG backdoor real quick! XD
Re: (Score:2)
At some point the PCRs stop getting extended. PCRs are incapable of modeling a system as open ended as a desktop OS state. So many executables running that any attempt to seal to PCRs would be fruitless, as the ordering and quantity, or even running the same trusted application twice in such a scenario would extend the pcr away from the sealed state.
Trying to use PCRs to do such a thing would be impossibly fragile. It can help the OS know that the underlying platform hasn't been tampered with since last
Re: (Score:2)
Uuum, I didn't say what you implied. Why don't you actually read the comment?
How does your comment even relate to my argument? ... OK, sounds about equal to all other DRM schemesI have seen. Snake oil all th
According to your explanation, you could just use a different player to play back the encrypted "media" [plural of "medium"].
Where would the key come from, if it isn't secured by the EK? Just plain text (aka cyphertext + decryptor) in the player's program code, for another (libre) player to grab and use?
Re: (Score:2)
But on the other hand, yes you can:
https://www.smoothnet.org/qemu... [smoothnet.org]
You can have an endorsement key, though you may not be able to get a cert from AMD, Intel, Infineon, et all. It sounds like Windows might not require any particular manufacturer signature on the EK to meet its requirements.
Re: (Score:2)
It sounds like Windows might not require any particular manufacturer signature on the EK to meet its requirements.
It's possible, and people trying that approach might be in luck, at least for a little while; However, Windows 11 has not been released yet - There is plenty of time not only for MS to tighten down the restrictions or more likely for MS or 3rd party vendors to add/introduce new features that are going to require PKI-trusted keys, and probably also for MS to recognize that during the early bui
Re: (Score:2)
The question is whether it's required for their use case.
It doesn't help that MS hasn't been crystal clear about precisely how they view TPM2 as absolutely mandatory now. However there are a wide variety of reasons why they may need a TPM2, but not need a well-known authority trusting it. For example, if they decide BitLocker on all the time but didn't want to require passwords for every boot, then TPM2 would be a pretty logical requirement for how to seal the bitlocker key for normal boot process. Same
Re: (Score:2)
Shouldn't it in theory be possible to make TPM software module?
Of course. But somebody would need to get a respective key. It is quite possible that Win11 will piss of enough people that somebody will reverse engineer a TPM. It is not that hard, hardware at this price-point cannot really be secure against a competent attack.
Re: (Score:2)
>It is not that hard, hardware at this price-point cannot really be secure against a competent attack.
It is, I had to conduct a security audit of a TPM in a former life. Also, you would have heard of attacks. Don't think no one has been trying.
Security compromises will just occur at a different point in the chain
Re: (Score:2)
>It is not that hard, hardware at this price-point cannot really be secure against a competent attack.
It is, I had to conduct a security audit of a TPM in a former life. Also, you would have heard of attacks. Don't think no one has been trying.
Security compromises will just occur at a different point in the chain
Ah, so you are one of those that will call something "tamper proof"? You know there is a reason any competent security person will only use the term "tamper resistant" and it is a good reason. Because no hardware ever has withstood a competent and determined attack so far and no hardware claimed to be "secure" ever was. For TPMs, there was just no good reason for a competent and determined attack so far or if somebody has done it, they kept it secret.
Re: (Score:2)
It is, I had to conduct a security audit of a TPM in a former life.
Did you try using an electron microscope?
Re: (Score:2)
Or just generate a randomly new EK. swtpm can do that and be used by a QEMU guest to meet the requirement, as far as I've read.
Re: (Score:2)
Here's using a software TPM to install Windows 11 under qemu:
https://www.tecklyfe.com/how-t... [tecklyfe.com]
So yes, it's possible and yes it's been done. Technically your soft tpm won't be signed by Intel or AMD or Infineon, etc, but it appears that Windows doesn't in and of itself care.
Re: (Score:2)
For the past 15 years I've been using Linux 99% of the time, and for the remaining 1% I just start a VM and run Windows inside. And yes, I even paid for a license. But if they remove this possibility, hell no I'm not putting Windows back as my main OS. So what is their point here ?
Re: (Score:2)
Your Linux computer needs to support the Windows 11 hardware requirements so that your VM can pass through access to TPM 2.0, secureboot, etc.
Re: (Score:2)
Your Linux computer needs to support the Windows 11 hardware requirements so that your VM can pass through access to TPM 2.0, secureboot, etc.
I doubt that very much. MS would lose a lot of business if they make that a hard requirement.
Re: (Score:2)
I mean that is actually the entire point of the article, they are enforcing it and no one is happy. How did you read it differently?
Re: (Score:2)
I mean that is actually the entire point of the article, they are enforcing it and no one is happy. How did you read it differently?
Win11 is not released at this time. And they may well reduce or remove requirements even after release. Have you missed those little details somehow?
Also, why would I take my information from a single article?
Re: (Score:2)
Re: (Score:2)
Or not:
https://www.tecklyfe.com/how-t... [tecklyfe.com]
Re: (Score:2)
Re: (Score:2)
Am I reading this right, as in "you are not allowed to run Windows in a VM anymore" ?
For the past 15 years I've been using Linux 99% of the time, and for the remaining 1% I just start a VM and run Windows inside. And yes, I even paid for a license. But if they remove this possibility, hell no I'm not putting Windows back as my main OS. So what is their point here ?
They are not going to remove that possibility. There are too many use-cases for fully virtualized Windows (i.e. no access to the base-hardware like a TPM or "secure" boot of the base system) for them to lose all that business. They may require the "pro" version, but that is basically it.
"microsoft deemed extremely useful" (Score:2)
First microsoft fucks over all the users six ways from sunday, then they throw some breadcrumbs at "professionals" that are pretty much unusable to everyone else. And this gets hailed as "extremely useful" in the fawning press.
It's no coincidence that these editors tend to copy rather than summarise, nor is it a coincidence that these editors tend to focus on this sort of reality distortion. They really don't know any better. That's both the slashdot editors and their favourite "news" sources, of course.
Re: "microsoft deemed extremely useful" (Score:2)
Apple, Android..pick the king you want to be abused by.
That was quicker than anticipated (Score:4, Interesting)
I would've thought they'd only cave in much later when it becomes obvious that not even people who can upgrade according to their ridiculous members-only-club rules don't want that POS.
However, Microsoft is now requiring compatible hardware even on virtual machines and taking a firm stance on its system requirement, going as far as to say that people who install Windows 11 on incompatible hardware may not get security updates.
Yes. Yes. Absolutely. Let's talk about that in, say, 2 months.
And if not, well, it's just Win11. Not something anyone would want, not even for free. Sweeten the deal, MS. Pay me.
Re: (Score:2)
They haven't caved. It's completely unsupported.
Plus you're going to come up to a new non-Microsoft problem. Specifically third parties now get to assume Windows 11 users have TPM. One game already has a TPM chip requirement if you run it under Windows 11 since it provides a secure way of identifying an account for banning purposes.
Interestingly I'm curious as to what this means for the future of TPM attacks. The lack of widespread TPM adoption has left this largely off the hackers radar compared to say Sec
Re: (Score:2)
Interestingly I'm curious as to what this means for the future of TPM attacks. The lack of widespread TPM adoption has left this largely off the hackers radar compared to say Secure Enclave. But I expect a future full of TPM bypass and attacks.
There will be attacks and there will be successes. Hardware at the price-point of a TPM cannot really be secure. A TPM requirement my MS is also a nice way to brick hardware when you can kill the TPM so there will not be one in the end.
Re: (Score:2)
There will be attacks and there will be successes. Hardware at the price-point of a TPM cannot really be secure.
Then Linux will never be secure since it's "price-point" is zero.
Re: (Score:2)
There will be attacks and there will be successes. Hardware at the price-point of a TPM cannot really be secure.
Then Linux will never be secure since it's "price-point" is zero.
Wrong. Linux is already the most expensive software-project ever. It is just not sold for profit, or at least there are versions you can get without paying for them. Also, comparing hardware and software? Seriously? Ever noticed that hardware needs to be _manufactured_, and the more complex it gets, the more expensive that manufacturing gets? Incidentally that is why I wrote "hardware", because, you know, software does not have "manufacturing" cost. But apparently such simple facts are too complex for some
Re: (Score:2)
Hardware at the price-point of a TPM cannot really be secure. A TPM requirement my MS is also a nice way to brick hardware when you can kill the TPM so there will not be one in the end.
Bricking the TPM doesn't kill your hardware, it just makes you unable to use the TPM. Having a machine here with an actually bricked TPM I can tell you the end result was a bluescreen at boot which caused secure boot to fail. Disabling TPM resolved the issue. In the future you may need to combine that with installing Linux.
As for price-point, I'm not sure what you're talking about. Hardware TPM devices aren't complex which makes them cheap. Complexity doesn't create security. These things aren't doing compl
Re: (Score:2)
Just my take as well. They are testing the waters, but that is it. In the end, they may require the "pro" version, but neither TPM nor "secure" boot will be required and virtualization will work with all the usual VM packages.
Misunderstood (Score:2)
It was the installed the required it, not the actual OS.
Why would you though. (Score:2)
If you to through that much of a hassle, including all the other insanities of installing Windows... like de-bloating, removing telemetry, installing anti-virus and whatever, installing all the software manually when you can just give the package manager a list of your usuals is any sane OS... I think it's easier to just install Linux and be done with it.
Re: (Score:2)
But they don't. They download an ISO from Piratebay that already has what's needed. Just like they've been doing for years. There's no more work than there was before. That's been the chanting mantra for piracy for years.
Taskbar and File Explorer (Score:3, Interesting)
Re: (Score:3)
Re: Taskbar and File Explorer (Score:2)
Fake requirments (Score:5, Insightful)
So, in other words these requirements are now proven to be 100% artificial.
The only reason Windows 11 even exists is to force idiots to throw away perfectly good hardware and buy all new stuff.
Re: (Score:2)
The question to ask (Score:3)
This is the same question I pose to the Hackintosh clans.
You have a substantial investment in computer hardware, why would want place your working environment under the Sword of Damocles by installing some operating system that the vendor specifically does not support using some hack on your system where that vendor has an active interest in breaking it?
I'd bet they would never pull it on the Enterprise editions, but I would not put it past Microsoft at all to lock out the consumer editions on 'unapproved hardware' with an update at any time. Even if they don't do anything that nasty they will probably be a critical security patch or driver update, or directx update etc you'd be able to get on the Windows 10 side but you won't get on hacked Windows 11. Sooner or later you are going find yourself in situation where you are locked out in one way or anything with no good options until someone figures out the next hack/patch/bodge, and then you'll be installing sketchy shit forum into the most privileged parts of your operating system...
Seriously what the heck is so compelling about Windows 11 vs Windows 10, you'd want to put up with that?
not worth it (Score:2)
sure, you can install, but no updates.
wake me up when they figure a way to get windows update to send you updates on unsupported hardware. ms has no obligation to let you use their os on unsupported hardware. if you don't like it, you have tons of choices:
1) upgrade hardware
2) keep using win 10 until it stops sending updates. your games and apps will continue to work past this even.
3) move to linux/mac
Can all built-for-Windows-10 computers upgrade? (Score:3)
New thought about the old topic, but can't find any coverage in the discussion.
I'm wondering what percentage of the built-for-Windows-10 computers can upgrade to 11. Obviously Windows 10 can run on many older machines, but I'm pretty sure the makers didn't deliberately build any "old style" machines for Windows 10 just because they could. (Though they might have done it if the cost advantages were strong enough.)
So there seems to be a fuzzy region here. Offering an upgrade path certainly implies that some Windows 10 machines must be upgradable...
(However, I have yet to read about any feature of 11 that I want, so... Back to the position of upgrading only because I get forced to by black hat hackers doing Microsoft's REAL marketing.)