What is TPM and why does Windows 11 require it?

Bullwinkle M

Posts: 568   +459
TPM2.0 is the start of what is to come, in giving the end-user a secure space to be you...

Nnnnnnooooooooooo........

The start of what is to come (from an end users perspective) was "Window Genuine Disadvantage" from Windows XP, followed by the additional spyware of SP3, followed by the backdoors in Windows 7, followed by more unwanted telemetry, then more and more and more through to Spyware Platform 10 with advertising, malware, virus's, bugs, wiper updates, blackmailware, extortionware and who knows what we have yet to find

From Microsoft's perspective, again, the beginning was "Windows Monopoly Advantage" in Windows XP (AKA: Genuine Disadvantage from the users perspective)

I fail to see how the latest trend in a long line of abuse is the "beginning"
(unless you are a Microsoft shareholder)
 

dustin_ds3000

Posts: 911   +46
Real Security Experts do not use TPM or Bitlocker!
I am a real Security Expert that works for the US DoD, we use TPM 2.0, Bitlocker with Credential Guard and Secure Boot. You should do some research on what a DISA STIG is. Here I will help you


So unless you have your CISSP cert and want to share your knowledge please stop trolling.
 
Last edited:

itgerald

Posts: 23   +16
Well 1700X isn't supported so I will just stick with Windows 10 for as long as possible or until I update to 7800X in 3 years.
Running Windows 11 Insider build on my Ryzen 1700 without an external TPM chip. It came as an update and installed under 2 mins like the usual Windows 10 updates I can confirm that the 1st gen Ryzen is supported. Did not understand why they say in was not supported in the 1st place
 

Aranarth

Posts: 115   +100
Real Security Experts do not use TPM or Bitlocker!
oh?! then what do they use to confirm trust and to encrypt the hdd at boot?

As far as I know there is no other tech available to initiate and confirm trust from boot than using EUFI, TPM, and secure boot.

As far as I know all current versions of systems that encrypt the drive from boot up all require TPM. Bitlocker is well known and so is a system from McAfee.

Symantec has one though I wouldn't trust it because it has no method I know of to recover the keys.

I'm not sure you really know what the heck we are talking about...
 

Bullwinkle M

Posts: 568   +459
I am a real Security Expert that works for the US DoD, we use TPM 2.0, Bitlocker with Credential Guard and Secure Boot. You should do some research on what a DISA STIG is. Here I will help you


So unless you have your CISSP cert and want to share your knowledge please stop trolling.

The "requirements" for security you have linked to are not "evidence" of security

Please provide "evidence" of security or please stop trolling

"Evidence" of security would "prove" that Bitlocker is not backdoor'ed

REAL security experts do not base their security assessments upon "requirements" or propaganda

Try again, but don't you DARE claim to be a "Security Expert" until "I" certify you as one!

Now you kids GET OFF MY LAWN!
 
Last edited:

Bullwinkle M

Posts: 568   +459
oh?! then what do they use to confirm trust and to encrypt the hdd at boot?

As far as I know there is no other tech available to initiate and confirm trust from boot than using EUFI, TPM, and secure boot.

As far as I know all current versions of systems that encrypt the drive from boot up all require TPM. Bitlocker is well known and so is a system from McAfee.

Symantec has one though I wouldn't trust it because it has no method I know of to recover the keys.

I'm not sure you really know what the heck we are talking about...
"Trust" does not confirm "security"

As far as "you" know there is no other tech available to confirm "trust" (not security)

Blind trust is a black box (or closed system) does not provide any security in a "Zero Trust Environment"
 
Last edited:

TheBigT42

Posts: 578   +545
I was able to install the leaked version without TMP.
I copied the Windows 11 .WIM to a Windows 10 USB install drive.

Hope that keeps on working!
 

Aranarth

Posts: 115   +100
"Trust" does not confirm "security"

As far as "you" know there is no other tech available to confirm "trust" (not security)

Blind trust is a black box (or closed system) does not provide any security in a "Zero Trust Environment"
The "Trust" that you are talking about is not the "Trust" I'm talking about. When you get the error that your machine has a broken trust relationship when logging into a domain what does "trust relationship" mean? That is the trust I'm talking about. OR try this: When you connect to a website and it uses TLS or SSL how is that link created? Literally go ahead and google it and learn something.

When this article talks about what TPM is, they really did not explain what it is and why it is needed. In order to create identity and to form encrypted links etc. you need to create a trusted relationship first. How does computer one KNOW who computer two is? TPM is one way creating that trust in hardware BEFORE the computer boots.

Yes I'm using broad strokes, yes I'm keeping this very simple.

TPM is kind of like biometrics for computers. When you see someone in the flesh you can see who they are. When you communicate via a phone call you can be pretty sure who you are talking to by their voice. But what abt a text message? Well the message came from their phone number right? Or was it cloned and you are really talking to a bad actor? So you ask the person on the other end something that only the really person knows the answer to. That is Trust.
 

Aranarth

Posts: 115   +100
I should add that trust is the proven basis for security.
Your computer must first trust the system it is talking to in order to start encryption. If you cannot build a trust relationship you cannot encrypt.
Even TOFU (trust on first use) requires some agreement (standardization) to start the process.

More info on the need for trust in local encryption and network communications:

I may not have certification in system security but that doesn't mean I'm bad at it! Doing it for 30 years gives you plenty of time to learn a thing or two.

Digging down into security certificates, authorities, and how they work is rather cool.
 

Aranarth

Posts: 115   +100
And for those of us that do not and never will care to use encryption?
HTTPS:// means you are already using it.... :D

So there are two kinds of encryption.
Encryption for STORAGE and TRANSMISSION.

Your bank encrypts your stored data, and transmits it to you.
So do you use a credit card?? The data is transmitted encrypted to your bank.

Encryption is used EVERYWHERE not just on your hard drive.

Sure you may not want to encrypt your storage that is up to you, you trust it right? How about your internet connection? Do you trust that? You mostly can if it is accessed through https and tls ...
 

captaincranky

Posts: 17,435   +6,170
I am a real Security Expert that works for the US DoD, we use TPM 2.0, Bitlocker with Credential Guard and Secure Boot. You should do some research on what a DISA STIG is. Here I will help you
Please correct me if I'm wrong but, didn't you guys just get hacked?

 

Aranarth

Posts: 115   +100
APT's are extremely hard to guard against. If the DOD, NSA, and CIA are having a hard time of it even with all of the security guards in place, then companies have basically zero chance. Individuals don't have too much to worry about right now as they are not too much of a target as long as you're being smart. It does point out the need for a trusted platform though doesn't it?
 

dustin_ds3000

Posts: 911   +46
Please correct me if I'm wrong but, didn't you guys just get hacked?

that was SolarWinds that got hacked, DoD using that software. We cant control if and when 3rd party software gets hacked. And we patched ASP when good patch passed test and NO DATA LOST.
 

m3tavision

Posts: 683   +449
I would argue that you could have put you best and brightest at trying to hack it before it was installed. But as they say, "hindsight id 20/20".
Bro, we understand China is trying to feed their people.... USA has 350 million people, while China has that many teenagers...

China's hackers usually get lucky, through attrition and attempts due to their mass scale of operation, while being directly funded by the CCP. Imagine if the USA started a hacking program, where they paid all the youth to hack other Countries... and when they do, they get awards..!

CCP is nobodies friend and they should suffer under their own rules. The world can't buy their property, or build in China, so the world should offer CCP the SAME rules. If CCP has a great firewall, then the world should cut Chinese Nationals off from the internet... let them live in their own CCP bubble..

Fair is fair....
 

captaincranky

Posts: 17,435   +6,170
CCP is nobodies friend
Um, the CCP is "nobody's" (That's the possessive form) friend.... FIXED..!
Sorry, I try to keep the grammar Nazi act to a minimum, but I simply couldn't let that slide.

If' it's any consolation, I try to go back and fix my own posts, hours, days, weeks, or even months, after a blunder.
 
Last edited:

m3tavision

Posts: 683   +449
Um, the CCP is "nobody's" (That's the possessive form) friend.... FIXED..!
Sorry, I try to keep the grammar Nazi act to a minimum, but I simply couldn't let that slide.

If' it's any consolation, I try to go back and fix my own posts, hours, days, weeks, or even months, after a blunder.
I wasn't going for possessive, I was stating more than one nobody, plural.
 

Gars

Posts: 295   +23
I'm happy that...
NO. Im not.

a lot of the commenters are struggling around the purpose of TPM, and thats the point -
MS cant make 'more safe os' whitout firewall it - isnt that?

TPM make sense in the enterprise environment (even there, its questionable)

in the other hand, gamers, enthusiasts, (all home users - they need education), etc, don't need that 'extra' protection/burden

For sure, we will see a lot of attacks based on the TPM connected systems (like on INTEL/AMD cpu's architecture specific) in the near future.

There is no stupid water, only stupid hydro engineers.

Congratz M$, you brought a new kind of life to live in to the 'virus eco sys'.

Kasperski and the other guys must be mad about haha (no, its new business ofc)