What is TPM and why does Windows 11 require it?

B

Bullwinkle M

Posts: 911   +814
m3tavision said:
TPM2.0 is the start of what is to come, in giving the end-user a secure space to be you...
Click to expand...

Nnnnnnooooooooooo........

The start of what is to come (from an end users perspective) was "Window Genuine Disadvantage" from Windows XP, followed by the additional spyware of SP3, followed by the backdoors in Windows 7, followed by more unwanted telemetry, then more and more and more through to Spyware Platform 10 with advertising, malware, virus's, bugs, wiper updates, blackmailware, extortionware and who knows what we have yet to find

From Microsoft's perspective, again, the beginning was "Windows Monopoly Advantage" in Windows XP (AKA: Genuine Disadvantage from the users perspective)

I fail to see how the latest trend in a long line of abuse is the "beginning"
(unless you are a Microsoft shareholder)
 
dustin_ds3000

dustin_ds3000

Posts: 918   +49
Bullwinkle M said:
Real Security Experts do not use TPM or Bitlocker!
Click to expand...
I am a real Security Expert that works for the US DoD, we use TPM 2.0, Bitlocker with Credential Guard and Secure Boot. You should do some research on what a DISA STIG is. Here I will help you

Windows 10 Security Technical Implementation Guide

Security Technical Implementation Guides (STIGs) that provides a methodology for standardized secure installation and maintenance of DOD IA and IA-enabled devices and systems.
www.stigviewer.com www.stigviewer.com

So unless you have your CISSP cert and want to share your knowledge please stop trolling.
 
Last edited:
  • Like
Reactions: m3tavision
I

itgerald

Posts: 33   +31
Mr Majestyk said:
Well 1700X isn't supported so I will just stick with Windows 10 for as long as possible or until I update to 7800X in 3 years.
Click to expand...
Running Windows 11 Insider build on my Ryzen 1700 without an external TPM chip. It came as an update and installed under 2 mins like the usual Windows 10 updates I can confirm that the 1st gen Ryzen is supported. Did not understand why they say in was not supported in the 1st place
 
A

Aranarth

Posts: 149   +146
Bullwinkle M said:
Real Security Experts do not use TPM or Bitlocker!
Click to expand...
oh?! then what do they use to confirm trust and to encrypt the hdd at boot?

As far as I know there is no other tech available to initiate and confirm trust from boot than using EUFI, TPM, and secure boot.

As far as I know all current versions of systems that encrypt the drive from boot up all require TPM. Bitlocker is well known and so is a system from McAfee.

Symantec has one though I wouldn't trust it because it has no method I know of to recover the keys.

I'm not sure you really know what the heck we are talking about...
 
B

Bullwinkle M

Posts: 911   +814
dustin_ds3000 said:
I am a real Security Expert that works for the US DoD, we use TPM 2.0, Bitlocker with Credential Guard and Secure Boot. You should do some research on what a DISA STIG is. Here I will help you

Windows 10 Security Technical Implementation Guide

Security Technical Implementation Guides (STIGs) that provides a methodology for standardized secure installation and maintenance of DOD IA and IA-enabled devices and systems.
www.stigviewer.com www.stigviewer.com

So unless you have your CISSP cert and want to share your knowledge please stop trolling.
Click to expand...

The "requirements" for security you have linked to are not "evidence" of security

Please provide "evidence" of security or please stop trolling

"Evidence" of security would "prove" that Bitlocker is not backdoor'ed

REAL security experts do not base their security assessments upon "requirements" or propaganda

Try again, but don't you DARE claim to be a "Security Expert" until "I" certify you as one!

Now you kids GET OFF MY LAWN!
 
Last edited:
B

Bullwinkle M

Posts: 911   +814
Aranarth said:
oh?! then what do they use to confirm trust and to encrypt the hdd at boot?

As far as I know there is no other tech available to initiate and confirm trust from boot than using EUFI, TPM, and secure boot.

As far as I know all current versions of systems that encrypt the drive from boot up all require TPM. Bitlocker is well known and so is a system from McAfee.

Symantec has one though I wouldn't trust it because it has no method I know of to recover the keys.

I'm not sure you really know what the heck we are talking about...
Click to expand...
"Trust" does not confirm "security"

As far as "you" know there is no other tech available to confirm "trust" (not security)

Blind trust is a black box (or closed system) does not provide any security in a "Zero Trust Environment"
 
Last edited:
TheBigT42

TheBigT42

Posts: 696   +731
I was able to install the leaked version without TMP.
I copied the Windows 11 .WIM to a Windows 10 USB install drive.

Hope that keeps on working!
 
A

Aranarth

Posts: 149   +146
Bullwinkle M said:
"Trust" does not confirm "security"

As far as "you" know there is no other tech available to confirm "trust" (not security)

Blind trust is a black box (or closed system) does not provide any security in a "Zero Trust Environment"
Click to expand...
The "Trust" that you are talking about is not the "Trust" I'm talking about. When you get the error that your machine has a broken trust relationship when logging into a domain what does "trust relationship" mean? That is the trust I'm talking about. OR try this: When you connect to a website and it uses TLS or SSL how is that link created? Literally go ahead and google it and learn something.

When this article talks about what TPM is, they really did not explain what it is and why it is needed. In order to create identity and to form encrypted links etc. you need to create a trusted relationship first. How does computer one KNOW who computer two is? TPM is one way creating that trust in hardware BEFORE the computer boots.

Yes I'm using broad strokes, yes I'm keeping this very simple.

TPM is kind of like biometrics for computers. When you see someone in the flesh you can see who they are. When you communicate via a phone call you can be pretty sure who you are talking to by their voice. But what abt a text message? Well the message came from their phone number right? Or was it cloned and you are really talking to a bad actor? So you ask the person on the other end something that only the really person knows the answer to. That is Trust.
 
  • Like
Reactions: m3tavision and dustin_ds3000
A

Aranarth

Posts: 149   +146
I should add that trust is the proven basis for security.
Your computer must first trust the system it is talking to in order to start encryption. If you cannot build a trust relationship you cannot encrypt.
Even TOFU (trust on first use) requires some agreement (standardization) to start the process.

More info on the need for trust in local encryption and network communications:

I may not have certification in system security but that doesn't mean I'm bad at it! Doing it for 30 years gives you plenty of time to learn a thing or two.

Digging down into security certificates, authorities, and how they work is rather cool.
 
A

Aranarth

Posts: 149   +146
cliffordcooley said:
And for those of us that do not and never will care to use encryption?
Click to expand...
HTTPS:// means you are already using it.... :D

So there are two kinds of encryption.
Encryption for STORAGE and TRANSMISSION.

Your bank encrypts your stored data, and transmits it to you.
So do you use a credit card?? The data is transmitted encrypted to your bank.

Encryption is used EVERYWHERE not just on your hard drive.

Sure you may not want to encrypt your storage that is up to you, you trust it right? How about your internet connection? Do you trust that? You mostly can if it is accessed through https and tls ...
 
captaincranky

captaincranky

Posts: 19,360   +8,496
dustin_ds3000 said:
I am a real Security Expert that works for the US DoD, we use TPM 2.0, Bitlocker with Credential Guard and Secure Boot. You should do some research on what a DISA STIG is. Here I will help you
Click to expand...
Please correct me if I'm wrong but, didn't you guys just get hacked?

thehill.com

Pentagon, State Department among agencies hacked: report

Branches of the Department of Defense and the State Department were among the agencies hacked as part of a massive espionage attack aimed at the federal government by a nation state that came to li…
thehill.com thehill.com
 
A

Aranarth

Posts: 149   +146
APT's are extremely hard to guard against. If the DOD, NSA, and CIA are having a hard time of it even with all of the security guards in place, then companies have basically zero chance. Individuals don't have too much to worry about right now as they are not too much of a target as long as you're being smart. It does point out the need for a trusted platform though doesn't it?
 
dustin_ds3000

dustin_ds3000

Posts: 918   +49
captaincranky said:
Please correct me if I'm wrong but, didn't you guys just get hacked?

thehill.com

Pentagon, State Department among agencies hacked: report

Branches of the Department of Defense and the State Department were among the agencies hacked as part of a massive espionage attack aimed at the federal government by a nation state that came to li…
thehill.com thehill.com
Click to expand...
that was SolarWinds that got hacked, DoD using that software. We cant control if and when 3rd party software gets hacked. And we patched ASP when good patch passed test and NO DATA LOST.
 
m3tavision

m3tavision

Posts: 1,160   +966
captaincranky said:
I would argue that you could have put you best and brightest at trying to hack it before it was installed. But as they say, "hindsight id 20/20".
Click to expand...
Bro, we understand China is trying to feed their people.... USA has 350 million people, while China has that many teenagers...

China's hackers usually get lucky, through attrition and attempts due to their mass scale of operation, while being directly funded by the CCP. Imagine if the USA started a hacking program, where they paid all the youth to hack other Countries... and when they do, they get awards..!

CCP is nobodies friend and they should suffer under their own rules. The world can't buy their property, or build in China, so the world should offer CCP the SAME rules. If CCP has a great firewall, then the world should cut Chinese Nationals off from the internet... let them live in their own CCP bubble..

Fair is fair....
 
  • Like
Reactions: Gastec and captaincranky
captaincranky

captaincranky

Posts: 19,360   +8,496
m3tavision said:
CCP is nobodies friend
Click to expand...
Um, the CCP is "nobody's" (That's the possessive form) friend.... FIXED..!
Sorry, I try to keep the grammar Nazi act to a minimum, but I simply couldn't let that slide.

If' it's any consolation, I try to go back and fix my own posts, hours, days, weeks, or even months, after a blunder.
 
Last edited:
  • Like
Reactions: Gastec
m3tavision

m3tavision

Posts: 1,160   +966
captaincranky said:
Um, the CCP is "nobody's" (That's the possessive form) friend.... FIXED..!
Sorry, I try to keep the grammar Nazi act to a minimum, but I simply couldn't let that slide.

If' it's any consolation, I try to go back and fix my own posts, hours, days, weeks, or even months, after a blunder.
Click to expand...
I wasn't going for possessive, I was stating more than one nobody, plural.
 
Gars

Gars

Posts: 337   +46
I'm happy that...
NO. Im not.

a lot of the commenters are struggling around the purpose of TPM, and thats the point -
MS cant make 'more safe os' whitout firewall it - isnt that?

TPM make sense in the enterprise environment (even there, its questionable)

in the other hand, gamers, enthusiasts, (all home users - they need education), etc, don't need that 'extra' protection/burden

For sure, we will see a lot of attacks based on the TPM connected systems (like on INTEL/AMD cpu's architecture specific) in the near future.

There is no stupid water, only stupid hydro engineers.

Congratz M$, you brought a new kind of life to live in to the 'virus eco sys'.

Kasperski and the other guys must be mad about haha (no, its new business ofc)
 
Gastec

Gastec

Posts: 364   +174
If They say they need to force TPM 2.0 on us because ransomware is forecasted to cost $265 billion worldwide by 2031, then it might be cheaper to just send the Military to deal with those who demand ransom. Isn't that why we have and PAY FOR military forces, to keep us safe and fight with our enemies?
 
  • Like
Reactions: cliffordcooley
Gastec

Gastec

Posts: 364   +174
itgerald said:
Why is 1st and 2nd Gen Ryzen CPU's not compatible even though they have fTPM 2.0 enabled CPU's. What is the difference between 3rd and 4th gen Ryzens fTPM vs that of 1st and 2nd?. This question also applies to Intel's CPU's as well
Click to expand...
Because this is all just a marketing ploy to increase consumerism, to increase sales of the latest CPUs, motherboards, RAM and the rest. They want you, the NEED you to buy their new stuff, just like anyone else who has a business in this world.
 
  • Like
Reactions: cliffordcooley
You must log in or register to reply here.

Similar threads

A
Two security flaws in the TPM 2.0 specs put cryptographic keys at risk
2
Replies
29
Views
379
pcnthuziast
pcnthuziast
Daniel Sims
Windows 11 desktop watermarks start appearing on unsupported systems
2
Replies
33
Views
676
Darth Shiv
Darth Shiv
midian182
Windows 11 keeps adding users, but Windows 10 is still king
2
Replies
41
Views
861
TheBigFatClown
T

Latest posts