Microsoft confirms: Windows 11 requires TPM 2.0 in all machines... even virtual ones

cliffordcooley

Posts: 12,993   +6,315
Interesting that are pushing that since I am in the Beta channel using a Haswell CPU without any issues other than print spooler issues but im not the only one with that issue
1) That's because they're mind is twisted. The thought has never crossed their mind that this mandate will eliminate some test conditions. And they are continuing to test conditions that will no longer be present after release.

2) Or they are keeping the door open for dropping this crazy mandate altogether.

I bet they are hoping for the mandate but willing to fall back.
 

jonny888

Posts: 150   +277
Not only is that list misquoted(fixed to be accurate), it is also fundamentally flawed as a citation. For example when we look at last years results we see that Microsoft dominated the list, but in 2019 there was a more or less even mix of OS varieties. Then when you scroll down to the bottom of the page to look at "Total Number Of Vulnerabilities Of Top 50 Products By Vendor ", Microsoft tops the list(by far), followed by Apple. Everyone else comes in a fair distance lower. Hmmm...

The reality is that vulnerabilities vary drastically from year to year and even vary wildly in severity. As such, lists like that can NEVER be used as a metric for gauging the quality of an OS or OS type nor overall level of security of same.


That part of your statement is true.
You didn't read what I said then when I said "As a single vendor" Microsoft wins/loses by raw count (I.e. that graph at the bottom). Please read properly before strawmanning.
I also never claimed all issues are equally bad. You got that from your own head.
I only cited to prove that saying "Linux is more secure" is a nonsense statement that needs to die in a fire. It has had, and continues to have, plenty of security issues of its own.
 

Ben Myers

Posts: 148   +63
I haven't tested it yet but I assume Server 2022 has the same restrictions. Also, why do articles like these just have a negative tone to them? Requiring TPM isn't a bad thing, it's never mentioned that Apple Mac's have had their own version of TPM (T2 security chip) for a while now as well and you don't see forum's filled with "we're boycotting Apple" because of it...
Negative tone, because Microsoft has not explained the Win 11 requirements clearly and completely, and because Microsoft has not explained the red line CPU requirement of 8th gen or later Intel CPUS and comparable AMD chips.

The consequence is that Windows 11 is mostly perceived as a way to stimulate end of year computer sales, getting people to abandon their old computers for the newer glitzier shiny sparkling new ones. Of course, Dell, HP, Lenovo and the rest are in bed with this idea. And, oh! That wonderful new desktop! Words in public cannot convey my excitement!
 

captaincranky

Posts: 17,379   +6,130
And, oh! That wonderful new desktop! Words in public cannot convey my excitement!
I'll have to content with my old obsolete Win 7 slide shows. I like watching fantasy landscapes, Japanese race Queens, along with nude, semi nude and spandex clad lovelies passing by, one every ten seconds.

I guess it's true, I'm a pervert who amuses all too easily easily,. I don't deserve Windows 11.
 

Fox God Records

Posts: 66   +65
My i5-6500 Skylake-S (14nm) based system assembled on 19 JUL 2017 is ineligible for the upgrade to WIN11 because of the irrational and inexplicable TPM2.0 requirement. I have plenty of power and plenty of storage. WIN10 is perfectly stable. I have 32GB of RAM and a little 256GB M.2 boot drive and two very nice WD Blue 2TB SATA SSDs. Reading those basic stats, explain to me - like I'm a 54-year-old who has been assembling custom PCs since 8088s were a thing - why WIN11 won't work on my rig. Because I only have TPM1.2? That's bullshit, and anyone with a brain knows it.

What I am being told by Microsoft is that in 4 years, when my system is eight years old, it will be too old to be worth their time. How about this? If Microsoft wants to require TPM2.0, THEY can bloody well wait for four years. You know, so that more people will actually have it on their machines. How about that? How about they do THAT instead?

It is PAINFULLY obvious that WIN11 will run perfectly well on "legacy systems" like mine.

And before you get on your, "Well just upgrade your system and you won't have to worry about it," high horse, I would like to apologize for my lack of funds. I'm sorry that I'm not in a financial league to afford to update my PC every other year like some of you seem to think everyone can do. I don't have two, three, or four grand to drop on a new rig every two or three years.

Until Microsoft or its forum-hopping army of sycophants can explain why I must replace my 4-year-old machine just to use WIN11 without it sounding like "Because we said so, that's why!", you can all rotate on an inclined plane, wrapped helically around an axis.
 

Ben Myers

Posts: 148   +63
I'll have to content with my old obsolete Win 7 slide shows. I like watching fantasy landscapes, Japanese race Queens, along with nude, semi nude and spandex clad lovelies passing by, one every ten seconds.

I guess it's true, I'm a pervert who amuses all too easily easily,. I don't deserve Windows 11.
Did you ever consider doing an add-on package of your pecadilloes?
 

hwertz

Posts: 72   +33
To those using the excuse that MacOS requires TPM... well... a) It doesn't, I've run it in a VM on systems I'm quite sure do not have a TPM. b) "It's OK because Apple does it" is not an excuse, Apple has many bad policies.

As far as I know, there's no useful reason to require TPM -- it's used for full-disk encryption by WIndows, but even for that I"m not sure there's a valid reason to REQUIRE it to be used, it just is.

Makes me glad I'm running Ubuntu! They've finally dropped 32-bit Intel CPU support, but that's about it, Canonical and Debian have no intention of having any particular hardware requirements on their x86-64 versions (just having enough RAM and disk space), no worries about my systems becoming unable to take a newer Ubuntu version if I want to.

 

Gezzer

Posts: 161   +83
Pure speculation here, but maybe the requirements aren't so much a M$ driven issue but more a Android one.

I'd say that Android's success took M$ by surprise. Google pretty much gave it away to any OEM that wanted it relying on their app store for revenue. And it worked. Currently Android has 76% of the mobile OS sector with Apple having 26%, and both make quite a lot of revenue through their app stores.

M$ reacted by developing Win8 with the "One OS for all devices" tag line. It was a very mobile/touch centric OS meant to leverage the large desktop user base into Windows mobile users. The hope being that they could grab a large mobile market share and with the Microsoft store enjoy the same fat revenues being enjoyed by Apple and Google.

It failed, IMHO the big reason being that it was too focused on being mobile first, desktop second. They quickly released 8.1 but it didn't help in the long run, and windows 8/8.1 became another of M$ swing and a miss OSes. They retooled and released Windows 10, a much better compromise between desktop and mobile/touch. But the store still struggles.

Even with revenue sharing cuts the M$ store is out performed by other platforms. Fact is all I've personally bought from it was 2 Windows 10 installs and Minecraft. So M$ is IMHO desperate to correct this. Hence why Windows 11 will now support Android apps that will be available in the Windows store.

But Android devices are solidly locked down requiring all app purchases to go through the store. The only way to get around this is to jail break your device which invalidates any warrantee, something your average user won't do. So maybe part of the deal to support Android apps in Win11 is that M$ has to lock the OS down or Google won't play ball.

Just a thought.
 

Gastec

Posts: 144   +68
I haven't tested it yet but I assume Server 2022 has the same restrictions. Also, why do articles like these just have a negative tone to them? Requiring TPM isn't a bad thing, it's never mentioned that Apple Mac's have had their own version of TPM (T2 security chip) for a while now as well and you don't see forum's filled with "we're boycotting Apple" because of it...
But why? Why would you be upset? Out of interest, what do you have exposure to when it comes to businesses and technology?

So what you're saying is, the way we've been doing it all these years, releasing new major versions that require better hardware, is all wrong. How do you propose we move forward then? Just never improve?

Also, why is there no major competition to Microsoft? When a company went from Windows 7 to 10, why didn't they go Apple Mac or install a Linux distribution?
"the way we've been doing it all these years, releasing new major versions that require better hardware" WE? As in, WE from Microsoft? Shilling increases.
 

Gezzer

Posts: 161   +83
"Well just upgrade your system and you won't have to worry about it"

Which to me is one of the worst lines of reasoning. If we're not supposed to use unsupported OSes due to security concerns what do we do with systems that are still viable but aren't supported in Windows 11? Throw them in the lake?

If a system is no longer viable due to performance issues I can see replacing it. But this isn't the case here, it's forced obsolescence. Depending on use case 10 year old systems are still very viable. Hell, until just recently I was using an OCed i7 875K@ 3.7Ghz with a GTX 980 for less strenuous games. It ran Wastelands 3 under Win10 without a hic up.

Now it's a media/Spotify system in my living room where it does a great job. So in 2025 it and my i7 4790K@ 4.6Ghz and SLI GTX980s (new secondary gaming computer) will be junk? My main gaming system is a i5 10600KF @5Ghz with a 2080S and I have no intentions of putting Windows 11 on it, so is it junk too?
 

Gezzer

Posts: 161   +83
But why? Why would you be upset? Out of interest, what do you have exposure to when it comes to businesses and technology?

So what you're saying is, the way we've been doing it all these years, releasing new major versions that require better hardware, is all wrong. How do you propose we move forward then? Just never improve?

Also, why is there no major competition to Microsoft? When a company went from Windows 7 to 10, why didn't they go Apple Mac or install a Linux distribution?

Except for one little fact.
Windows minimum requirements haven't really changed that much version on version since Windows 7.


The only difference is they called for slightly faster processors for server versions and have doubled the RAM from 2Gb to 4Gb for Windows 11.

Games have been requiring better hardware, Windows not so much...
 

bobc4012

Posts: 153   +62
https://www.cvedetails.com/top-50-products.php

1. Linux
2. Linux
3. Linux
4. Linux
5. Linux
6. Linux
7. Windows

As a single vendor, Microsoft may win (or lose) by virtue of how many products they push. But overall Linux is *not* in any way more secure than Windows.

Disclaimer: I work on a Macbook writing software running on Linux servers before spending my evening gaming on my Windows machine. I have zero OS favouritism. They all have their situational pros and cons.
What you posted was supposedly the "Alltime" stats (from 1999 to 2021). First, the CVE site posts the following ( https://www.cvedetails.com/how-does-it-work.php ):

Warning: This site and all data are provided as is. It is not guaranteed that all information is accurate and complete. Some of the published vulnerabilities may be missing in our database. Use any information provided on this site at your own risk. By using this site you accept that you know that these data are provided as is and not guaranteed to be accurate, correct or complete. All content is provided as is.

and

Please Note: CVE data have inconsistencies which affect accuracy of data displayed on www.cvedetails.com. For example a single product might have been defined with several different names. If a product is defined with different names in CVE data then they will be treated as different products by www.cvedetails.com. For example vulnerabilities related to Oracle Database 10g might have been defined for products "Oracle Database", "Oracle Database10g", "Database10g", "Oracle 10g" and similar. Or a PHP vulnerability might have been defined for Fedora Linux 10, so number of vulnerabilities or statistics are only as accurate as CVE data. Please make sure that you manually verify all data before using. If you think that there inconsistencies or errors in data published by this site that do not exist in NVD vulnerability XML feeds, please contact admin @ [this domain].

So the wording "Distinct" doesn't mean much as implied by the above.

Second, that posting means nothing in terms of vulnerability. For one thing, the basic kernel itself is found in all the distros that run off it and a bug there gets propagated to all those distros that use it. Another example, Debian is the basic Linux distro upon which a number of other Linux distros build upon, so its not clear that a vulnerability in Ubuntu is the same vulnerability in Debian. I believe the Apple products are built on FreeBSD. The point is, there are only a small number that most of the various Linux distros build upon and any bug in the root distro (or kernel) can get propagated to those distros that build upon it.

Now if I take the data for 2020, the last complete year, I get a different picture ( https://www.cvedetails.com/top-50-products.php?year=2020 )

1 Android
2 Windows 10
3 Windows Server 2016
4 Windows Server 2019
5 Debian Linux
6 Windows Server 2012
7 Windows 8.1
8 Windows Rt 8.1
9 Fedora
10 Windows 7
11 Windows Server 2008

and I can make the same case here as I did for Linux - how many of those Windows versions had the same bug counted.

Each year can be checked back to 1999 (while Linux was still an anomaly and iPhones, iPads, etc. didn't exist). BTW, even though 2021 is shown, it provides the identical data as "Alltime". Also, what is being counted as a vulnerability? Is it a true vulnerability or a bug? I use both Windows and Linux (Mint). I get more "Security" fixes from Windows than I do from Linux Mint and many of those in Mint are in the the installed packages such as Firefox, Chrome, or some other package (which, BTW, may have been the same fix in the corresponding Windows version, if one exists).
 

ZedRM

Posts: 631   +395
Please read properly before strawmanning.
"Strawmanning"? That's not a word. And learn how to context properly... When you cite flawed data, deliberately misquoting it in the process, you can't complain when someone tears the statement to shreds.
 

jonny888

Posts: 150   +277
"Strawmanning"? That's not a word. And learn how to context properly... When you cite flawed data, deliberately misquoting it in the process, you can't complain when someone tears the statement to shreds.
You didn't tear anything to shreds. You misread what I said, claimed I said something I didn't say, and did nothing to alter the conclusion or purpose of my post. But ok. Whatever helps you sleep at night.
 

jonny888

Posts: 150   +277
What you posted was supposedly the "Alltime" stats (from 1999 to 2021). First, the CVE site posts the following ( https://www.cvedetails.com/how-does-it-work.php ):

Warning: This site and all data are provided as is. It is not guaranteed that all information is accurate and complete. Some of the published vulnerabilities may be missing in our database. Use any information provided on this site at your own risk. By using this site you accept that you know that these data are provided as is and not guaranteed to be accurate, correct or complete. All content is provided as is.

and

Please Note: CVE data have inconsistencies which affect accuracy of data displayed on www.cvedetails.com. For example a single product might have been defined with several different names. If a product is defined with different names in CVE data then they will be treated as different products by www.cvedetails.com. For example vulnerabilities related to Oracle Database 10g might have been defined for products "Oracle Database", "Oracle Database10g", "Database10g", "Oracle 10g" and similar. Or a PHP vulnerability might have been defined for Fedora Linux 10, so number of vulnerabilities or statistics are only as accurate as CVE data. Please make sure that you manually verify all data before using. If you think that there inconsistencies or errors in data published by this site that do not exist in NVD vulnerability XML feeds, please contact admin @ [this domain].

So the wording "Distinct" doesn't mean much as implied by the above.

Second, that posting means nothing in terms of vulnerability. For one thing, the basic kernel itself is found in all the distros that run off it and a bug there gets propagated to all those distros that use it. Another example, Debian is the basic Linux distro upon which a number of other Linux distros build upon, so its not clear that a vulnerability in Ubuntu is the same vulnerability in Debian. I believe the Apple products are built on FreeBSD. The point is, there are only a small number that most of the various Linux distros build upon and any bug in the root distro (or kernel) can get propagated to those distros that build upon it.

Now if I take the data for 2020, the last complete year, I get a different picture ( https://www.cvedetails.com/top-50-products.php?year=2020 )

1 Android
2 Windows 10
3 Windows Server 2016
4 Windows Server 2019
5 Debian Linux
6 Windows Server 2012
7 Windows 8.1
8 Windows Rt 8.1
9 Fedora
10 Windows 7
11 Windows Server 2008

and I can make the same case here as I did for Linux - how many of those Windows versions had the same bug counted.

Each year can be checked back to 1999 (while Linux was still an anomaly and iPhones, iPads, etc. didn't exist). BTW, even though 2021 is shown, it provides the identical data as "Alltime". Also, what is being counted as a vulnerability? Is it a true vulnerability or a bug? I use both Windows and Linux (Mint). I get more "Security" fixes from Windows than I do from Linux Mint and many of those in Mint are in the the installed packages such as Firefox, Chrome, or some other package (which, BTW, may have been the same fix in the corresponding Windows version, if one exists).
I appreciate the time you've taken, but it doesn't change the conclusion I originally made. Linux has had plenty of it's own security bugs in the past (I've had to install patches for many of them for work, often on a weekly basis), and there's no reason to believe it won't continue to have them in the future. We can argue about how severe each individual flaw is, but it isn't particularly relevant over a large enough data set. I'm merely trying to disperse the premise some people seem to have of "Windows bad, Linux perfect". It just isn't true (at least the part about Linux anyway).
 

ZedRM

Posts: 631   +395
You didn't tear anything to shreds. You misread what I said, claimed I said something I didn't say, and did nothing to alter the conclusion or purpose of my post. But ok. Whatever helps you sleep at night.
Oh, that's cute. You deliberately misquoted the link you provided, misrepresented the context of the information and deliberately attempted(failed) to deceive. Your credibility does not exist here.
 
Last edited: