Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Windows Microsoft Open Source Operating Systems

New Windows 11 Install Script Bypasses TPM, System Requirements (bleepingcomputer.com) 161

An anonymous reader quotes a report from BleepingComputer: A new script allows you to install Windows 11 on devices with incompatible hardware, such as missing TPM 2.0, incompatible CPUs, or the lack of Secure Boot. Even better, the script also works on virtual machines, allowing you to upgrade to the latest Windows Insider build. This new script was released as part of the extremely useful Universal MediaCreationTool wrapper, a batch file that allows you to create an ISO for any version of Windows 10, with Windows 11 support added last week. While the main script of this open-source project is the 'MediaCreationTool.bat' used to create Windows ISOs, it also includes a script named 'Skip_TPM_Check_on_Dynamic_Update.cmd,' which configures the device to bypass compatible hardware checks.

When Windows 11 was first announced, Microsoft released the operating system's new system requirements, which included a TPM 2.0 security processor, Secure Boot, newer CPUs, and at least 64 GB of hard drive space. As Microsoft realized that many people, especially those in the enterprise, would be testing Windows 11 preview builds on virtual machines, they exempted them from the system requirements (PDF). However, Microsoft is now requiring compatible hardware even on virtual machines and taking a firm stance on its system requirement, going as far as to say that people who install Windows 11 on incompatible hardware may not get security updates.

This discussion has been archived. No new comments can be posted.

New Windows 11 Install Script Bypasses TPM, System Requirements

Comments Filter:
  • by awwshit ( 6214476 ) on Tuesday September 28, 2021 @10:36PM (#61843197)

    No updates because you don't have a TPM? They must be storing your entitlement/license in the TPM.

    • Crippleware, Bloatware, golden screwdriver, extortion enforcement has no place in any OS. The mod is also green, preventing global warming by totally unnecessary invasive checks. Just as creepy as doctors doing totally unnecessary breast examinations. Getting hold of your hardware ID's allows site tracking, and may be useful when Apple and Google/Android close the gates on cross site 3rd party referrals. Rather than just a bypass, one eagerly awaits sending poisoned acks, that screws up their advertising d
    • by phantomfive ( 622387 ) on Wednesday September 29, 2021 @12:02AM (#61843289) Journal

      Since 1990, there has never been less of a reason to have Windows than today. Move on.

      • dam straght now that steam has cracked anti cheat for linux. now even gamers wont have a excuse to keep windows.
        • by thomst ( 1640045 ) on Wednesday September 29, 2021 @06:17AM (#61843713) Homepage

          In response to Canberra1's comment:

          Crippleware, Bloatware, golden screwdriver, extortion enforcement has no place in any OS.

          luther349 opined:

          dam straght now that steam has cracked anti cheat for linux. now even gamers wont have a excuse to keep windows.

          Sigh.

          Unfortunately, it is still the case that, if you need to use a professional-quality DAW for audio production, you're pretty much forced to do it on either a Mac or a Windows machine, because Linux really doesn't offer support for VSTx, etc. plug-ins. Yes, Reaper is available on Linux, but the user base is small, and it doesn't support the effects, workflow, or virtual instrument plug-ins that the other two OSes do.

          I won't let Tim Cook imprison me in his unnecessarily-expensive walled garden, so I'm stuck with Windows, whether I like it or not ...

          • by AmiMoJo ( 196126 )

            For a lot of purposes Linux software runs better under Windows than Windows software runs under Linux.

            I guess it's the open source nature of Linux makes it easier to implement the APIs and compatibility. The end result is that for a lot of people the path of least resistance is Windows 10 with WSL, rather than Linux with WINE or some derivative.

          • Hear, hear. That's the reason I'm stuck with Windows too. Simply to run Reaper, Sound Forge, huge numbers of VST (paid & free) etc.

            Sadly I'm currently on Windows 10 LTSC as that's the best I could get when I did a recent hardware upgrade. If I could I'd have stuck on 7 but a couple of newer programs wouldn't run on less than 10.

            With all the recent bullshit UI changes, buggering up of things like Explorer, retarded useless search, forced upgrades, attempts to force MS software, and treating the OS lik

          • Unfortunately, it is still the case that, if you need to use a professional-quality DAW for audio production, you're pretty much forced to do it on either a Mac or a Windows machine, because Linux really doesn't offer support for VSTx, etc. plug-ins. Yes, Reaper is available on Linux, but the user base is small,

            The number of people using any of those is small.

    • by AmiMoJo ( 196126 ) on Wednesday September 29, 2021 @03:55AM (#61843525) Homepage Journal

      It's because they want to use TPM to validate updates before installing them, and to maintain the Secure Boot chain of trust. It makes sense, Windows Update is an obvious target for malware. Some malware tries to screw with it to prevent being removed by updates to the Malicious Software Removal Tool or Windows Defender, and it's thought that some nation states have tried to attack it to deliver malware.

      They could maintain a version of Windows Update that doesn't need a TPM, but that would require effort (money) and they seem keen to reduce the number of configurations that they have to test.

      • There's TPM for Raspberry Pi. [youtu.be]

      • Comment removed based on user account deletion
        • by AmiMoJo ( 196126 )

          I don't know for sure what Microsoft if thinking but if I were designing a secure system I wouldn't have any way to disable TPM checks. If there is a legit way to do it then it's a potential weakness and chances are someone will figure out how to turn on the TPM bypass.

          • I don't know for sure what Microsoft if thinking but if I were designing a secure system I wouldn't have any way to disable TPM checks. If there is a legit way to do it then it's a potential weakness and chances are someone will figure out how to turn on the TPM bypass.

            TPM != secure boot. TPM performs operations based on stored local secrets not public knowledge.

            If I were designing a secure system I would ban all persistently field upgradable firmware and trip a write only breaker on storage area for my OS prior to switching to user mode.

            Simple common sense works way better than flawed unnecessarily complex crypto designed to work against the best interests of the user.

      • It's because they want to use TPM to validate updates before installing them, and to maintain the Secure Boot chain of trust. It makes sense, Windows Update is an obvious target for malware.

        This does not make sense. The OS validates updates via its trust anchor. It's code and anchors are validated by secure boot not TPM. Secure boot has no dependency on TPM.

        • by AmiMoJo ( 196126 )

          TPM is needed to check that the UEFI firmware has not been modified. Secure Boot relies on the keys in the UEFI being beyond the reach of malware.

          • by Junta ( 36770 )

            No, it doesn't

            The payloads carry only the signatures and the validation is only done by public keys, not in the TPM. Each segment of code validates the next before execution in SecureBoot. The TPM is not the root of trust in SecureBoot and it isn't even vaguely useful for SecureBoot (which is a sign that SecureBoot has significant limitations by itself).

            The TPM carries keying material unique to that specific system, and doesn't really help in validating signatures of well-known packages.

            What TPM can do is

          • TPM is needed to check that the UEFI firmware has not been modified.

            This is the job of platform key installed by equipment vendor.

    • by BAReFO0t ( 6240524 ) on Wednesday September 29, 2021 @04:26AM (#61843573)

      This is the whole point of Windows ever since Vista (NT 6.0). They literally redesigned the kernel to please the Content Mafia. Remember how the original plan was to disable your graphics card unless it provided Digital Restrictions Management right to the screen? That created a huge backlash, and they brought it in through the backdoor, by just not displaying "streams" with DRM if the hardware didn't support siding against its owner
      .
      Everything after that, like Windows 7 (NT 6.1) etc, was just well-made lipstick on that pig.

      And with Windows 11, apparently they decided to finish it, or at least take it up a notch.
      Maybe one of their suits banged one of the media industry lobbyists again... who knows.
      Let's see if they'll partially back down this time too, only to sneak in as much as possible later, and then rinse and repeat the procedure some versions later.

      To me, Windows is already dead though. It just doesn't know it yet.
      Or do you know a kid today who'd care or even know why he should use Windows? Employers could put whatever OS in front of them. And for employers, Linux is not just cheaper much less of a hassle anyway, because you got complete control. Especially now that re-training is not an issue anymore because everybody already knows more than one OS and they behave so similarly anyway. In many jobs, a simple Android tablet already has become the normal tool. E.g. technicians on the go.

      • by BAReFO0t ( 6240524 ) on Wednesday September 29, 2021 @04:31AM (#61843579)

        Oh, if forgot to add my original conclusion: That the goal is to turn Windows PCs into locked-down consoles that obey only Microsoft, and are hostile to the user if he doesn't please MS, and by proxy, the Content Mafia.
        Like Apple does too. Like smartphones and tablets too.

        It's simply the attempt to kill the personal computer.

        Because lock-in is a form of monopolism and thereby allows much tighter squeezing of your victims. And even though it improves the world in no way, profit maximization is the end goal to all, for some reason.

        • by jawtheshark ( 198669 ) * <slashdot.jawtheshark@com> on Wednesday September 29, 2021 @04:42AM (#61843597) Homepage Journal
          So, in other words: Stallman was right.... again.
        • Oh, if forgot to add my original conclusion: That the goal is to turn Windows PCs into locked-down consoles that obey only Microsoft, and are hostile to the user if he doesn't please MS, and by proxy, the Content Mafia.

          I'm not saying that this isn't Microsoft's goal (they sure as hell haven't been moving in the direction of increased user independence recently), but I'm not quite sure the content mafia cares about Windows all that much?

          Steam/Origin/Uplay/Epic have the DRM systems in place for games. Sony, Microsoft, and Nintendo sell locked down hardware.
          Netflix/Hulu/Peacock/Paramount+/Disney+ have the DRM for video. Amazon, Google, and Roku sell locked down hardware.
          Spotify/Pandora have DRM for music, though the RIAA see

      • This 100%. Remember they originally wanted you to buy chips and put them inside your computer. Palladium they called it then.

        Then it was medical outrage over scanning software blurring the screen and they backpedaled.

        That failed so they went around instead with the SecureBoot thing which was mainly to make it harder to install linux. Us old nerds remember literally *any* computer you walked up to would boot a linux install CD/Floppy by just putting it in the system and rebooting.

        No magic key presses, no bio

    • by thegarbz ( 1787294 ) on Wednesday September 29, 2021 @05:08AM (#61843633)

      No updates because you don't have a TPM? They must be storing your entitlement/license in the TPM.

      No. No updates because you're running unsupported hardware.

      Entitlement is a great word for expecting a vendor to support something they don't want to support.

      • Note the difference between unsupported hardware and missing hardware. Some older hardware has TPM, pretty much anything aimed at the enterprise has had a TPM for years. The part that is interesting to me is the TPM requirement, indicating they are using it to store your access to updates. No TPM and you are not entitled because they could not store your ID.

        It has nothing whatsoever to do with human feelings of entitlement. Nice strawman there.

        • Also this has nothing to do with storing an ID. It's to do with pushing a minimum hardware platform which MS has been trying to push for years. Welcome to 2021. You can chose to run modern hardware or chose for things to be broken. MS is using the only power they have to force stupid manufacturers to actually adopt hardware security features which were standardised a decade ago.

          Also it's not a strawman. You're running unsupported hardware, you're not entitled to updates, it's not missing hardware, it's unsu

    • by sjames ( 1099 )

      Those who are tardy do not get fruit cup.

  • by RitchCraft ( 6454710 ) on Tuesday September 28, 2021 @10:37PM (#61843201)
    M$ said that all the BS telemetry in Windows 10 was for research and development to make Windows more secure. Well, that was crap wasn't it. Now, Windows 11 with all it's new requirements such as TPM is supposed to make Windows more secure. So, telemetry (spying) didn't help M$ one bit as Windows 10 is just as insecure (probably more so) as it was when launched. So, M$, can telemetry finally be removed or was it really for spying all along?
    • by Pierre Pants ( 6554598 ) on Tuesday September 28, 2021 @11:05PM (#61843233)
      Thank you for contacting Microsoft support! Based on our experience with Windows 10 development, we feel that our telemetry data collection will continue to benefit our customers with Windows 11 as well, as it allows us to better tailor the user experience for a significantly decreased number of officially supported devices, which will keep decreasing, thus removing our liability from unsupported Windows 11 installations. Have a nice day!
    • M$ said that all the BS telemetry in Windows 10 was for research and development to make Windows more secure. Well, that was crap wasn't it. Now, Windows 11 with all it's new requirements such as TPM is supposed to make Windows more secure. So, telemetry (spying) didn't help M$ one bit as Windows 10 is just as insecure (probably more so) as it was when launched. So, M$, can telemetry finally be removed or was it really for spying all along?

      Telemetry is a way to find out where security problems lie. It is not a tool to create more security directly.
      Secure boot and TPM are tools that can be used to improve security.

    • by AmiMoJo ( 196126 )

      Maybe the telemetry told them that TPM and Secure Boot makes a huge difference to Windows security.

      In fact that's almost certainly what happened, they probably noticed that machines with Secure Boot enabled got infected at much lower rates. Since back in the XP days the primary way that malware hid itself on Windows was to install itself early in the boot process so that it could prevent the filesystem from showing its own executables, by screwing with the NTFS kernel module. The only way to get rid of it w

    • Well, that was crap wasn't it.

      Was it? Care to provide data showing that Windows is less secure or that its security hasn't advanced?

      Now, Windows 11 with all it's new requirements such as TPM is supposed to make Windows more secure.

      Are you suggesting that a hardware security cryptoprocessor doesn't make cryptography more secure? Are you suggesting you can magically do that in software?

      So, telemetry (spying) didn't help M$ one bit as Windows 10 is just as insecure (probably more so) as it was when launched. So, M$, can telemetry finally be removed or was it really for spying all along?

      Non-sequitur to the TPM topic, but again show your working. And while you're showing your working show us where MS said that telemetry was only for security. I mean you can go into the telemetry settings in windows and straight away see they flat out say

    • So, M$, can telemetry finally be removed or was it really for spying all along?

      We already know the answer to that, since Microsoft implemented it in the next Windows version after the USDoJ had them over a barrel for anticompetitive practices and let them go with an apparent handslap.

    • by gweihir ( 88907 )

      Nobody sane ever had any doubt that a) telemetry was for spying only and b) MS would not be able to fix its persistently crappy security.

  • virtual machines may need to skip some rules

    • by xlsior ( 524145 ) on Tuesday September 28, 2021 @11:58PM (#61843283)

      virtual machines may need to skip some rules

      Not necessarily, Hyper-V and VMWare can both pass through TPM, SecureBoot, and meet all the advertised Win11 requirements. You're out of luck for the moment with VirtualBox IIRC, but supposedly they're actively working on that right now.

      • Shouldn't it in theory be possible to make TPM software module?

        • by mysidia ( 191772 ) on Wednesday September 29, 2021 @03:08AM (#61843481)

          Shouldn't it in theory be possible to make TPM software module?

          No. TCG-Compliant hardware TPM contains an Endorsment Key (EK) embedded that is digitally signed by the hardware manufacturer it exists for the specific purpose to Attest/Prove that the TPM is actually a Legitimate TPM hardware chip and not some sort of Software program pretending to be a TPM.

          The trust part is essential for many uses of the TPM such as Software Licensing and Digital Rights Management, probably the main ideas MS truly has in mind here.

          Sure someone can in theory write a software module if they can get ahold of the standards, but you're not going to be able to get the signed certificates required to Attest the key, so it will never be a valid TPM -- you would have a sort of PM without the Trust part.

          • Uuum, no. Unless the video is literally encrypted with one's own EK, there's a step of code in-between that decrypts the video with its own given key, but is only allowed to run by the TPM if it itself is encrypted with the EK. Which does not stop anyone from running other software to just decrypt the video with that given key.

            And its not like it's that hard to get your own EK.

            Or, even easier: Just grab it from the buffer right after decryption, and upload it for everyone else.

            It's still DRM snake oil . .

            • by bws111 ( 1216812 )

              Nope, that's not at all how it works. The TPM has nothing to do with decoding the 'video'. The TPM contains an append-only 'log' area. This is cleared on boot. The TPM then 'measures' (forms a hash) of the UEFI and records that in the log. It also records whether secure boot is enabled. UEFI then measures the kernel as it is loaded, and records that. The kernel then measures every piece of code it loads.

              Then, your media player can ask the TPM for a copy of that log, which the TPM signs with the endors

              • Nope, that is one of the uses of a TPM, but a TPM can also be used to store RSA certificates [microsoft.com], with a public key and a private key. Public key can be sent to the media or software provider, and part or all can be encrypted in a way that only your device can decrypt, as it is the only device with that private key.

                In use, the keys on a TPM are used to sign and encrypt other more useful keys that are stored on disk, in ways to reduce the need to continuously bang away at the TPM, but in essence that's how it c

              • by Junta ( 36770 )

                At some point the PCRs stop getting extended. PCRs are incapable of modeling a system as open ended as a desktop OS state. So many executables running that any attempt to seal to PCRs would be fruitless, as the ordering and quantity, or even running the same trusted application twice in such a scenario would extend the pcr away from the sealed state.

                Trying to use PCRs to do such a thing would be impossibly fragile. It can help the OS know that the underlying platform hasn't been tampered with since last

              • Uuum, I didn't say what you implied. Why don't you actually read the comment?

                How does your comment even relate to my argument?
                According to your explanation, you could just use a different player to play back the encrypted "media" [plural of "medium"].
                Where would the key come from, if it isn't secured by the EK? Just plain text (aka cyphertext + decryptor) in the player's program code, for another (libre) player to grab and use? ... OK, sounds about equal to all other DRM schemesI have seen. Snake oil all th

          • by Junta ( 36770 )

            But on the other hand, yes you can:
            https://www.smoothnet.org/qemu... [smoothnet.org]

            You can have an endorsement key, though you may not be able to get a cert from AMD, Intel, Infineon, et all. It sounds like Windows might not require any particular manufacturer signature on the EK to meet its requirements.

            • by mysidia ( 191772 )

              It sounds like Windows might not require any particular manufacturer signature on the EK to meet its requirements.

              It's possible, and people trying that approach might be in luck, at least for a little while; However, Windows 11 has not been released yet - There is plenty of time not only for MS to tighten down the restrictions or more likely for MS or 3rd party vendors to add/introduce new features that are going to require PKI-trusted keys, and probably also for MS to recognize that during the early bui

              • by Junta ( 36770 )

                The question is whether it's required for their use case.

                It doesn't help that MS hasn't been crystal clear about precisely how they view TPM2 as absolutely mandatory now. However there are a wide variety of reasons why they may need a TPM2, but not need a well-known authority trusting it. For example, if they decide BitLocker on all the time but didn't want to require passwords for every boot, then TPM2 would be a pretty logical requirement for how to seal the bitlocker key for normal boot process. Same

        • by gweihir ( 88907 )

          Shouldn't it in theory be possible to make TPM software module?

          Of course. But somebody would need to get a respective key. It is quite possible that Win11 will piss of enough people that somebody will reverse engineer a TPM. It is not that hard, hardware at this price-point cannot really be secure against a competent attack.

          • >It is not that hard, hardware at this price-point cannot really be secure against a competent attack.

            It is, I had to conduct a security audit of a TPM in a former life. Also, you would have heard of attacks. Don't think no one has been trying.

            Security compromises will just occur at a different point in the chain

            • by gweihir ( 88907 )

              >It is not that hard, hardware at this price-point cannot really be secure against a competent attack.

              It is, I had to conduct a security audit of a TPM in a former life. Also, you would have heard of attacks. Don't think no one has been trying.

              Security compromises will just occur at a different point in the chain

              Ah, so you are one of those that will call something "tamper proof"? You know there is a reason any competent security person will only use the term "tamper resistant" and it is a good reason. Because no hardware ever has withstood a competent and determined attack so far and no hardware claimed to be "secure" ever was. For TPMs, there was just no good reason for a competent and determined attack so far or if somebody has done it, they kept it secret.

            • It is, I had to conduct a security audit of a TPM in a former life.

              Did you try using an electron microscope?

          • by Junta ( 36770 )

            Or just generate a randomly new EK. swtpm can do that and be used by a QEMU guest to meet the requirement, as far as I've read.

        • by Junta ( 36770 )

          Here's using a software TPM to install Windows 11 under qemu:
          https://www.tecklyfe.com/how-t... [tecklyfe.com]

          So yes, it's possible and yes it's been done. Technically your soft tpm won't be signed by Intel or AMD or Infineon, etc, but it appears that Windows doesn't in and of itself care.

    • by dargaud ( 518470 )
      Am I reading this right, as in "you are not allowed to run Windows in a VM anymore" ?
      For the past 15 years I've been using Linux 99% of the time, and for the remaining 1% I just start a VM and run Windows inside. And yes, I even paid for a license. But if they remove this possibility, hell no I'm not putting Windows back as my main OS. So what is their point here ?
      • Your Linux computer needs to support the Windows 11 hardware requirements so that your VM can pass through access to TPM 2.0, secureboot, etc.

        • by gweihir ( 88907 )

          Your Linux computer needs to support the Windows 11 hardware requirements so that your VM can pass through access to TPM 2.0, secureboot, etc.

          I doubt that very much. MS would lose a lot of business if they make that a hard requirement.

          • I mean that is actually the entire point of the article, they are enforcing it and no one is happy. How did you read it differently?

            • by gweihir ( 88907 )

              I mean that is actually the entire point of the article, they are enforcing it and no one is happy. How did you read it differently?

              Win11 is not released at this time. And they may well reduce or remove requirements even after release. Have you missed those little details somehow?
              Also, why would I take my information from a single article?

        • Umm no. That would bypass security and defeat one of the benefits to VM; no direct access to the hardware.
        • by Junta ( 36770 )

          Or not:
          https://www.tecklyfe.com/how-t... [tecklyfe.com]

      • For the once a year incompatibility problem, I run Windows XP in a VM with host only networking. Works for me (TM).
      • by gweihir ( 88907 )

        Am I reading this right, as in "you are not allowed to run Windows in a VM anymore" ?

        For the past 15 years I've been using Linux 99% of the time, and for the remaining 1% I just start a VM and run Windows inside. And yes, I even paid for a license. But if they remove this possibility, hell no I'm not putting Windows back as my main OS. So what is their point here ?

        They are not going to remove that possibility. There are too many use-cases for fully virtualized Windows (i.e. no access to the base-hardware like a TPM or "secure" boot of the base system) for them to lose all that business. They may require the "pro" version, but that is basically it.

  • First microsoft fucks over all the users six ways from sunday, then they throw some breadcrumbs at "professionals" that are pretty much unusable to everyone else. And this gets hailed as "extremely useful" in the fawning press.

    It's no coincidence that these editors tend to copy rather than summarise, nor is it a coincidence that these editors tend to focus on this sort of reality distortion. They really don't know any better. That's both the slashdot editors and their favourite "news" sources, of course.

  • by Opportunist ( 166417 ) on Wednesday September 29, 2021 @01:30AM (#61843373)

    I would've thought they'd only cave in much later when it becomes obvious that not even people who can upgrade according to their ridiculous members-only-club rules don't want that POS.

    However, Microsoft is now requiring compatible hardware even on virtual machines and taking a firm stance on its system requirement, going as far as to say that people who install Windows 11 on incompatible hardware may not get security updates.

    Yes. Yes. Absolutely. Let's talk about that in, say, 2 months.

    And if not, well, it's just Win11. Not something anyone would want, not even for free. Sweeten the deal, MS. Pay me.

    • They haven't caved. It's completely unsupported.

      Plus you're going to come up to a new non-Microsoft problem. Specifically third parties now get to assume Windows 11 users have TPM. One game already has a TPM chip requirement if you run it under Windows 11 since it provides a secure way of identifying an account for banning purposes.

      Interestingly I'm curious as to what this means for the future of TPM attacks. The lack of widespread TPM adoption has left this largely off the hackers radar compared to say Sec

      • by gweihir ( 88907 )

        Interestingly I'm curious as to what this means for the future of TPM attacks. The lack of widespread TPM adoption has left this largely off the hackers radar compared to say Secure Enclave. But I expect a future full of TPM bypass and attacks.

        There will be attacks and there will be successes. Hardware at the price-point of a TPM cannot really be secure. A TPM requirement my MS is also a nice way to brick hardware when you can kill the TPM so there will not be one in the end.

        • There will be attacks and there will be successes. Hardware at the price-point of a TPM cannot really be secure.

          Then Linux will never be secure since it's "price-point" is zero.

          • by gweihir ( 88907 )

            There will be attacks and there will be successes. Hardware at the price-point of a TPM cannot really be secure.

            Then Linux will never be secure since it's "price-point" is zero.

            Wrong. Linux is already the most expensive software-project ever. It is just not sold for profit, or at least there are versions you can get without paying for them. Also, comparing hardware and software? Seriously? Ever noticed that hardware needs to be _manufactured_, and the more complex it gets, the more expensive that manufacturing gets? Incidentally that is why I wrote "hardware", because, you know, software does not have "manufacturing" cost. But apparently such simple facts are too complex for some

        • Hardware at the price-point of a TPM cannot really be secure. A TPM requirement my MS is also a nice way to brick hardware when you can kill the TPM so there will not be one in the end.

          Bricking the TPM doesn't kill your hardware, it just makes you unable to use the TPM. Having a machine here with an actually bricked TPM I can tell you the end result was a bluescreen at boot which caused secure boot to fail. Disabling TPM resolved the issue. In the future you may need to combine that with installing Linux.

          As for price-point, I'm not sure what you're talking about. Hardware TPM devices aren't complex which makes them cheap. Complexity doesn't create security. These things aren't doing compl

    • by gweihir ( 88907 )

      Just my take as well. They are testing the waters, but that is it. In the end, they may require the "pro" version, but neither TPM nor "secure" boot will be required and virtualization will work with all the usual VM packages.

  • It was the installed the required it, not the actual OS.

  • If you to through that much of a hassle, including all the other insanities of installing Windows... like de-bloating, removing telemetry, installing anti-virus and whatever, installing all the software manually when you can just give the package manager a list of your usuals is any sane OS... I think it's easier to just install Linux and be done with it.

    • But they don't. They download an ISO from Piratebay that already has what's needed. Just like they've been doing for years. There's no more work than there was before. That's been the chanting mantra for piracy for years.

  • by MisSpace21 ( 8627223 ) on Wednesday September 29, 2021 @04:34AM (#61843583) Journal
    This has been bugging me for the past two weeks while using the new OS. On previous versions of Windows, you could hold Shift+click on a pinned taskbar icon and it could open a new instance of the app. In Windows 11, you now have to right-click the pinned item to open the context menu, then click on the name of the app to open a new instance. Very annoying that this was taken away, and now it requires more steps. On previous versions of Windows, in File Explorer, you could right click to open the context menu and see apps that had written shell registrations to the context menu. Now, you have to click "Show more options" on the context menu before you can see these apps. I wish there was a registry setting to always enable the "Show more options" because I have to get to this menu multiple times a day. https://omegle.ws/ [omegle.ws] Thanks
    • It appears that current UX trends include, apart from making all UI elements big enough so they can be used with touchscreens (ugh), the elimination of useful keyboard shortcuts. New UI, it now requires more steps for common tasks!
      • This, plus success is measured as "user engagement." Since the world today revolves around ads, more engagement = more opportunities to show ads = more $$$ = better. If you have to click two times for an action that used to take one click, it appears the user engagement has incrased. Thank you, Google!
  • Fake requirments (Score:5, Insightful)

    by linebackn ( 131821 ) on Wednesday September 29, 2021 @07:14AM (#61843805)

    So, in other words these requirements are now proven to be 100% artificial.

    The only reason Windows 11 even exists is to force idiots to throw away perfectly good hardware and buy all new stuff.

    • Oh I have been saying this from the beginning. MS however has wanted to obscure little details like Windows 11 runs fine in a VM on hardware that does not meet "minimum" requirements. They also do not want to admit that Windows 11 cannot be installed on some of their own branded hardware as new as last year's model.
  • by DarkOx ( 621550 ) on Wednesday September 29, 2021 @07:15AM (#61843807) Journal

    This is the same question I pose to the Hackintosh clans.

    You have a substantial investment in computer hardware, why would want place your working environment under the Sword of Damocles by installing some operating system that the vendor specifically does not support using some hack on your system where that vendor has an active interest in breaking it?

    I'd bet they would never pull it on the Enterprise editions, but I would not put it past Microsoft at all to lock out the consumer editions on 'unapproved hardware' with an update at any time. Even if they don't do anything that nasty they will probably be a critical security patch or driver update, or directx update etc you'd be able to get on the Windows 10 side but you won't get on hacked Windows 11. Sooner or later you are going find yourself in situation where you are locked out in one way or anything with no good options until someone figures out the next hack/patch/bodge, and then you'll be installing sketchy shit forum into the most privileged parts of your operating system...

    Seriously what the heck is so compelling about Windows 11 vs Windows 10, you'd want to put up with that?

  • sure, you can install, but no updates.

    wake me up when they figure a way to get windows update to send you updates on unsupported hardware. ms has no obligation to let you use their os on unsupported hardware. if you don't like it, you have tons of choices:

    1) upgrade hardware
    2) keep using win 10 until it stops sending updates. your games and apps will continue to work past this even.
    3) move to linux/mac

  • by shanen ( 462549 ) on Wednesday September 29, 2021 @02:22PM (#61845425) Homepage Journal

    New thought about the old topic, but can't find any coverage in the discussion.

    I'm wondering what percentage of the built-for-Windows-10 computers can upgrade to 11. Obviously Windows 10 can run on many older machines, but I'm pretty sure the makers didn't deliberately build any "old style" machines for Windows 10 just because they could. (Though they might have done it if the cost advantages were strong enough.)

    So there seems to be a fuzzy region here. Offering an upgrade path certainly implies that some Windows 10 machines must be upgradable...

    (However, I have yet to read about any feature of 11 that I want, so... Back to the position of upgrading only because I get forced to by black hat hackers doing Microsoft's REAL marketing.)

The 11 is for people with the pride of a 10 and the pocketbook of an 8. -- R.B. Greenberg [referring to PDPs?]

Working...