> The practical effect is they are forcing you to spend more money.
In the average case sure, in my case nope.
I currently dual boot windows 10 and Fedora with Windows 10 been strictly for gaming only.
I bought a windows 10 licence for that.
I won't buy a windows 11 license for that.
I'll game on Fedora where I can and will buy a console for everything else (and probably for the first time a PS not Xbox since I've owned every version of Xbox but the current one).
The problem you never win and never will. Our economic system has a win-lose structure.
Big companies like Microsoft make billions not because they sell lots of good products and services that everyone buys, quite contrary. They sell shitty products and services and force them to buyers making sure to extract every single penny you have even when they are not providing value for you anymore.
This is bullshit. I have a custom gaming desktop with an i7-6700k. It's still a very powerful system that can play AAA games on high or ultra settings. There's no good reason to drop support other than forcing people to upgrade.
In a few years, I can imagine governments mandating that all computing devices come with these chips, ostensibly for cyber-security purposes.
The question is, what happens after that? Do they mandate that your connection to your ISP be secured with the TPM too? That way they can also require that your OS provide remote attestation that it is has applied all the relevant security patches.
By the end of the decade, I predict that it will be almost impossible to run "unapproved" software on any computer connected to the internet. I also suspect that "unapproved" software will include any software that supports End-to-End encryption, or even anonymity online.
We use refurbished HP Xeon Workstations, Z240s, etc. and they only support TPM 1.2 and cannot be upgraded to TPM 2.0 according the what I can learn from HP's online support.
Unless I am missing something, our machines will not run Windows 11. It seems this will occur with many people using refurbished machines. So odd.
Chances are those CPUs have the Intel PTT which is a fully compliant TPM 2.0 module running in the Intel Management Engine firmware. AMD has a similar feature called fTPM. You should be able to enable that in the BIOS/UEFI. If there's no BIOS setting for that you may be out of luck unless HP releases an update.
Unless I’m mistaken, what I’ve read is that Win11 actually supports TPM 1.2 but they’re saying that to be “logo certified”, new machines must come with TPM 2.0
Edit: apparently that was true but now they’re backpedaling and saying “TPM 2.0 is a hard requirement”, thank you for the reply
How do we know for certain that TPM chips do not have any lawful intercept code that permit an entity to bypass disk encryption and possibly even authentication should MS decide to tie authentication caching to TPM?
How do you know for certain that there isn't another non-TPM chip on the device doing the same thing?
How do you know for certain that the CPU microcode does not have any lawful intercept code?
How do you know for certain that the Windows kernel does not have any lawful intercept code?
How do you know for certain that the reason that Windows disks were not encrypted by default for decades was that the government asked them to make it that way? There's a whole industry of digital forensics that's been able to make a copy of your secret files on every MS operating system from DOS onwards. Why didn't DOS come with disk encryption?
Unless you have nation-state level resources I don't think that's a question you can answer for certain. You can inspect the source code, but then you have to trust the compiler and underlying hardware as well (a la "Trusting Trust": https://dl.acm.org/doi/10.1145/358198.358210)
I wonder how related to Microsoft Pluton this change is. I suppose it's going to be very beneficial for Microsoft to have a security chip to rely on for all sorts of uses, beneficial to the end user or very much not. This change may or may not be a precursor. Personally, I've always disabled TPM on Windows machines — I've never seen any benefit in keeping it enabled and possibly letting applications use it against me, furthermore the decent-against-thefts-on-non-critical-devices BitLocker (in its GUI form, CLI doesn't need the registry fix) really wants you not to use a password to decrypt the drive.
That's what I'll likely end up doing with my desktop. Not immediately, but in a couple years when Windows 10 is EOL. Microsoft is worlds better than Apple when it comes to supporting older hardware/software but this is still unacceptable. New machines are better but the improvement is much more incremental than it used to be.
Windows 10 is still going to be supported until 2025. That's a full ten years after it's initial release. How much longer do you think Apple is going to support Intel Macs now that they're releasing them with ARM chips? I had a Core 2 Duo Macbook once upon a time that got left in the dust less than five years after it was released because Apple didn't feel like supporting it anymore.
According to Microsoft's Windows health check tool on the Windows 10 installation on my Macbook Pro 16" it would not be supported under Windows 11. no TPM module is present on that system.
I assume it will be possible to work around this, whatever Microsoft decides? Shouldn't a driver be able to emulate a TPM, for example? Or you could even have the bootloader patch the kernel, as is common on Hackintosh.
This is a decision that benefits their business and it doesn't matter if they need to force you into something.
The practical effect is they are forcing you to spend more money. They win and their business partners win.