Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Windows Microsoft Operating Systems

Microsoft Shares Windows 11 TPM Check Bypass For Unsupported PCs (bleepingcomputer.com) 74

Microsoft has published a new support webpage where they provide an official method to bypass the TPM 2.0 and CPU checks (TPM 1.2 is still required) and have Windows 11 installed on unsupported systems. Bleeping Computer reports: [I]t looks like Microsoft couldn't ignore the fact that bypassing TPM checks is fairly simple, so to avoid having people breaking their systems by using non-standardized third-party scripts, they decided to just give users an official way to do it. Installing Windows 11 on unsupported hardware comes with some pitfalls that users must be aware of, and in some cases, agree to before the operating system will install. "Your device might malfunction due to these compatibility or other issues. Devices that do not meet these system requirement will no longer be guaranteed to receive updates, including but not limited to security updates," Microsoft explains in a new support bulletin. [Y]ou will still require a TPM 1.2 security processor, which many will not likely have. If you are missing a TPM 1.2 processor, you can bypass all TPM checks by using this script that deletes appraiser.dll during setup. To use the new AllowUpgradesWithUnsupportedTPMOrCPU bypass to install Windows 11 on devices, Microsoft instructs you to perform the following steps:

1. Please read all of these instructions before continuing. 2. Visit the Windows 11 software download page, select "Create tool now," and follow the installation instructions to create a bootable media or download an ISO. 3. On Windows, click 'Start', type 'Registry Editor' and click on the icon to launch the tool. 4. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\Setup\MoSetup Registry key and create a new "REG_DWORD" value named "AllowUpgradesWithUnsupportedTPMOrCPU" and set it to "1". Alternatively, you can download a premade Registry file that you can double-click on and merge it to create the above value for you. 5. Reboot your system

Having done all that, you may now upgrade to Windows 11 by double-clicking on the downloaded ISO file and running Setup.exe or by using the bootable Windows 11 media you created in Step 1. Microsoft states that standard installation options such as 'Full Upgrade', 'Keep Data Only', and 'Clean Install', will all be available as usual.

This discussion has been archived. No new comments can be posted.

Microsoft Shares Windows 11 TPM Check Bypass For Unsupported PCs

Comments Filter:
  • But why? (Score:5, Insightful)

    by quall ( 1441799 ) on Wednesday October 06, 2021 @07:58PM (#61867863)

    My computer does not meet requirements, which actually surprised me. But I consider myself lucky. I assume that I won't be nagged to update. Who would bypass this "failure", especially if the lack of meeting requirements is going to deliver an even more broken OS?

    • by Anonymous Coward

      Jump through endless hoops, and for what? So Microsoft can deny you updates and you get hacked for ransom soon after? This is stupid.

      Just install Linux and be done with it. No BS. Plenty of updates for free. Extremely portable -- same hard drive will very likely boot up without much effort (if any) on your next big computer upgrade when your old computer konks out hardware-wise.

      • Re: (Score:3, Insightful)

        by Skapare ( 16644 )

        can i put W11 in a VM under Linux?

        • by LVSlushdat ( 854194 ) on Wednesday October 06, 2021 @09:56PM (#61868121)

          Sure can.. At least the current preview you can.. I've got 11 running in a KVM VM, and -- I cannot BELIEVE I'm saying this. But it ACTUALLY looks pretty snazzy. Not that I use Windows as a daily driver, that chore is reserved for KUbuntu 20.04, but since I'm retired, and have time on my hands, I was curious about how screwed up Win11 would be, but at least from an "eye-candy" point of view, it looks pretty nice.

          • by AmiMoJo ( 196126 )

            Not sure if that's a good sign or not. Historically eye candy has often correlated with poor usability.

            • "Historically eye candy has often correlated with poor usability."

              When, historically, has that been true? Sounds like an unsupportable assessment stated as fact.

              • by AmiMoJo ( 196126 )

                Many Linux desktops, MacOS, iOS, arguably Windows Vista, early versions of Windows 10...

              • by Merk42 ( 1906718 )
                When building an OS is a zero-sum game. Any time developing something visual is just a waste instead of fixing a bug because those people's skill sets are completely interchangeable.
            • Well, not sure if caused by eye-candy or not, in current Windows 11 you can't ungroup applications windows' in the taskbar and therefore you can't see all your opened windows just by looking at the taskbar or easily identify them by their labels.
              That's a dealbreaker for me. So I'm keeping off Win 11 for now. I read somewhere that they rewrote the code for the taskbar and that's the reason it's missing some features but you can never be sure what Ms will implement.
              • by AmiMoJo ( 196126 )

                Wow, that's a dealbreaker for me too. Combined windows or whatever they call it is always one of the first things I turn off, along with large size icons.

                • Yeah, me too. I get that many people never change defaults so they get used to it. But grouped windows makes locating the right window much harder.
                  Those space-saving measures make sense on a smartphone-sized screen. On a computer monitor? You gain much more by having more information visible. It's just nuts.
              • by flink ( 18449 )

                As long as they can get OpenShell [github.com] working on Windows 11, there is hope. It's a mandatory install for a fresh system since Windows 8 as far as I'm concerned.

            • Correlation doesn't imply causation, yadda, yadda . . . but I agree; I notice the correlation, and I think it results from differing development priorities. Funding UI at the expense of UX, or vice versa.

              I'm way more inclined toward usability than toward eye candy, if I have to pick.

        • Depends on the VM. But unless you both have TPM2 and your VM engine allows passthrough access to it, *and* you have a supported CPU, you'll probably need to use the registry hacks described in the article.

          Completely not worth it to me. At home I run Linux almost exclusively and at work we're not planning to move to 11 anytime even remotely soon.

      • I would love to use Linux on my laptop in addition to central home desktop, but sadly, have not yet found a DE that is accessible enough as well as not a resource hog (bad experience with KDE).

        By the way, this is just a comment, not an invitation to discuss merits of different DEs, let alone OSs.

        • Sorry, but I can't help recommending XFCE. I've used it since forever, and IMO it strikes a very good balance between usability, performance, and featurefulness. Does what I need, and otherwise stays out of my way.

          Not gonna argue; different people have different needs, so YMMV.

      • by Merk42 ( 1906718 )
        I switched to Linux and now none of my software works! This is terrible!
      • For a large number of applications that donâ(TM)t run elsewhere. Think of PC games and other apps which wonâ(TM)t ever be ported to Linux or macOS.

        Note, my Windows install is on a secondary partition, but it is there for those special use cases.

    • by Anonymous Coward
      Filter error: Looks like ascii art.

      What the fuck is this retarded bullshit? There is no "ASCII Art" in my post, you stupid, retarded, fuckwad.

      Fuck this place.
      • Had that too a number of times, it's some braindamaged filter that looks for something like three identical characters in a row or something similarly stupid and prone to false positives. Fortunately it's in line to get fixed, right after they finish adding UTF8/Unicode support.
      • but at least it

        .   _._           _._
        .  (o o)         (o o)
        . (  V  ) works (  V  )
        . --m-m--       --m-m--

    • How is it that there is a registry key to bypass all of the retarded bullshit? It didn't get there by accident. Someone had to create it. More importantly, someone high up at Microsoft had to give the order to create it.

      What is the point of putting a bunch of stupid shit into your OS and then telling people how to bypass it.

      Seriously, what the fucking fuck.
      • What do you expect, this IS Microsoft we're talking about, after all.

      • Re: (Score:2, Insightful)

        How is it that there is a registry key to bypass all of the retarded bullshit? It didn't get there by accident. Someone had to create it. More importantly, someone high up at Microsoft had to give the order to create it. What is the point of putting a bunch of stupid shit into your OS and then telling people how to bypass it. Seriously, what the fucking fuck.

        See, Microsoft screwed up the communication but it turns out all that retarded bullshit / stupid shit actually makes sense. Remember stuff like Spectre and Meltdown? Well, modern (ie. last 3-4 years) processors have hardware mitigations for them, as well as other hardware security features. That's not even talking about TPM. That's just process isolation and memory protection type features. Software emulation is possible, but has dramatic performance penalties. Microsoft elected to make this the oppor

    • by tlhIngan ( 30335 )

      I assume that I won't be nagged to update.

      Why would you assume that? Past history shows people were upgraded to Windows 10 whether or not their computer supported it. Even if on the first page of the installer it tells you right there you cannot upgrade. You cancel out, and the next day you get a pop up asking you to upgrade.

    • Who would bypass this "failure"

      Presumably someone who wants to use the new Windows 11 features, or someone who just has to have the latest and greatest shiny.

      Spend a bit of time on Reddit and you may find that this is a not so insignificant number of people.

  • I guess this will keep the CCP happy, as they banned TPM in favor of their own TCM spyware
    • by Anonymous Coward
      Yes, it couldn't possibly be that the majority of the Build-you-own crowd doesn't have TPM, and the majority of PCs out there are out of spec because of either TPM an unsupported CPU. It must be the Chinese.
  • by gweihir ( 88907 ) on Wednesday October 06, 2021 @08:39PM (#61867967)

    Either MS relaxes that or Win11 will never make it on any of my machines.

    • by rudy_wayne ( 414635 ) on Wednesday October 06, 2021 @09:14PM (#61868053)
      It took a year for Windows 7 to become stable and decent. It took 3 years for Windows 10. I estimate that Windows 11 will be usable in 2026.
      • by jools33 ( 252092 )

        Never had an issue with windows 10 on any of my 5 home systems, and I installed it as soon as it came out.

      • It took 3 years for Windows 10.

        Windows 10 was nothing more than a stable and decent version of Windows 8. I can't say I've had a single problem with it from day 1. What issues were you having?

        Note: Windows 8 was a comparative shitshow.

      • by gweihir ( 88907 )

        It took a year for Windows 7 to become stable and decent. It took 3 years for Windows 10. I estimate that Windows 11 will be usable in 2026.

        Sounds about right.

    • by AmiMoJo ( 196126 )

      Why not use Secure Boot to your own advantage? Most motherboards allow you to install your own keys so you can sign your own kernels for Linux. Under Windows there is no advantage to not using Secure Boot.

      In any case unless you never buy a new machine again it is only a matter of time until you get a machine with TPM hardware built in.

      • by gweihir ( 88907 )

        Why not use Secure Boot to your own advantage?

        Too much effort for no real security gain. Remember that "Secure" Boot is mostly DRM (i.e. Digital Restrictions Management), not security to protect you. The real intent is to make some things harder for users, but that is it.

        Securing the boot-chain does not secure your system, it just means attackers have to install their persistence modules a bit later in the boot process and may have to use some local privilege elevation as part of it. As these abound of Windows and as one is needed for the initial attac

        • by AmiMoJo ( 196126 )

          This is clearly not the case. For example a popular attack vector on Windows was to replace core parts of the system like the NTFS driver or SATA driver with ones that prevent the malware being seen by anti-virus scanners. With Secure Boot enabled that becomes impossible because the kernel can't be modified and the driver has its signature checked when being loaded so also cannot be modified.

          Those kinds of attacks are rare now, and malware mostly just runs in user-space.

    • Just find an LTSB copy of 10.

  • by Canberra1 ( 3475749 ) on Wednesday October 06, 2021 @10:39PM (#61868193)
    Microsoft simply does not want to pay for popular drivers to be re-written. Surface Tablet was a exception, and they did, after they discovered they abandoned their own on-sale products. They could outsource the job to freelancers on the internet easily enough. Then prioritize most popular in use drivers first, such as video cards.
    • by AmiMoJo ( 196126 )

      The issue with drivers is that often the manufacturer of the particular part supplies them and the documentation needed to develop your own is not available, even under NDA. Linux has this problem sometimes, although it's better today as many manufacturers do now supply binary blob drivers for it.

      Chances are Microsoft forgot to put anything in the contract about updating drivers for Windows 11 and the manufacturer wasn't intending to. Microsoft could pay them to do it, that's probably the most realistic way

  • My i7-7700k is more than qualified from a performance perspective, just some arbitrary line drawn that excludes it, and I have the TPM support, so good to see I can upgrade. Now all I need is for Microsoft to release it to Sweden... or get the early access - if still available...

  • There isn't much in Windows 11 that screams "update now" so why would people be clamouring to install it on computers that Microsoft won't even properly support?
    • There isn't much in Windows 11 that screams "update now" so why would people be clamouring to install it on computers that Microsoft won't even properly support?

      I completely agree, but that's why I think they're doing it this way. The error messages are going to appear for people who have four year old Pavilions and Inspirons, providing a nudge to get a new computer, giving OEMs the bump they are eyeballing. Those who are willing to do the sort of workarounds that have already been identified are unlikely to be doing it in a business setting, and are more likely to be okay with having to use passwords and Bluestacks instead of Windows Hello and native Android apps.

      • by DrXym ( 126579 )
        I thought a bit after posting and the only reasonable use case I can come up with is there may be people with VMs or dev machines who can live with the downsides of a degraded, unsupported experience because of what they're using it for. Any end user who deliberately installs it on a live system, even a home computer is just asking for trouble.
  • MS wants you to install something they won't give you updates to? seems like a security issue to happen

  • Great, people with unsupported hardware will be allowed to ruin it. At their own risks. To whose benefit : hardware resellers probably.

    But now, imagine I have fully functionnal hardware with win 10 (which is not my case, but colleagues do).

    Imagine I want to stick with it until win10 end of life.

    Imagine this hardware fully supports win 11 but I don't care.

    This scenario is fairly common in enterprises, which are a strong share of microsoft incomes.

    Only ways I found so far was by fiddling around gpedit.msc and

    • I can't wait for 2015 when Windows 10 PCs are dumped, and I buy some cheap (or free) to replace my "antiques". Currently running a 12 year old HP/Compaq with MX-KDE.

  • I wrote a very long post about this, but it "looks like ASCII art". So, the TLDR version is, the registry key doesn't work. It only bypasses the unsupported CPU check. Despite its name, it still insists on having TPM 2.0 and SecureBoot.

If all the world's economists were laid end to end, we wouldn't reach a conclusion. -- William Baumol

Working...