BArmsMicrosoft Windows Government Backdoor edition. Nobody is asking for these TPM 2.0 modules and they will hurt W11 adoption massively, the only safe assumption is that someone is putting the pressure on MS to require them.

Yes, but it isn't the government you are looking for. It's private sector. Think DRM.

trsttteI realize I'm in the minority but I love this change. Yes, let me control which app opens which extension easily.

I love that feature too! Fine-grained controls are exactly what I've been asking for since the Windows 8 garbage. These are not meant to not make anything more difficult. What it means is that things take a little more time to configure. But on the upside, users get to set things up exactly the way we want them. That feature is part of what I love about Windows 11. While it might take more time to set up, it makes a ton of things much easier and less cumbersome!

trsttteI don't think it will be a problem for anyone.

Only the whiners who don't understand the feature will complain.(no offense to anyone here)

windwhirlThat era ended. Since Windows 10 you have to use the system settings to change associations. The apps can no longer make the changes themselves.

It's been brought back, but in a way that is not perfectly clear, YET. As discussed above, those settings are easily available to the user to change, it's just a little bit of a learning curve which I'm sure everyone will learn quickly and appreciate.

trsttteYou'll have 5 years to continue using windows 10

Ah, the ultimatum argument. We really don't want to go there..

trstttebut in the end what's more expensive, upgrade the computers or pay the extended support fees like with windows 7?

You don't seem to understand how the things work, and I'm not going to detail it here. However, dropping the hammer on $16million worth of computers is not something most budgets will deal with. And that is but one facility.

The red spiritSure it wasn't entirely free, did people really pay for it?

Oh yes. For my personal systems I have 3 retail copies and 4 digital download CDKeys bought from key sellers. And that is for Windows 10 alone. For all other versions of Windows, dozens of COAs for either retail or OEMs. I am far from alone, so yes lots people actually buy Windows.

R-T-BThink DRM.

Do you really think that might be a possibility? Can think of a dozen or so ways why that wouldn't work. I think it's microsoft trying to control the OS in a way that the normal user would have no idea how to change.

Yep, DRM is my bet for why they are so completely into shoving this thing into w11.

Now, that's a good feature.

AmetituNow, that's a good feature.

What is? You didn't quote anyone so we no idea what you are talking about or who you are responding to.. Please use the "Reply" button.

Hope that didn't seem rude, no offense was intended. You're a new user, it's understandable that you need a pointer about a site feature.

And Welcome to TPU!

lexluthermiesterWhat is? You didn't quote anyone so we no idea what you are talking about or who you are responding to.. Please use the "Reply" button.

Hope that didn't seem rude, no offense was intended. You're a new user, it's understandable that you need a pointer about a site feature.

And Welcome to TPU!

I, believe, he/she is responding, with his/her opinion, to the topic (Microsoft to Ban Unsupported Machines from Windows 11 Updates).

95ViperI, believe, he/she is responding, with his/her opinion, to the topic (Microsoft to Ban Unsupported Machines from Windows 11 Updates).

Ah ok. Would not have guessed that 4 pages in.

rvalenciaNot correct,

Read AMD's web link for Ryzen 3 3250U www.amd.com/en/products/apu/amd-ryzen-3-3250u


Zen = 14 nm
Zen+ = 12 nm

Ryzen 3 3250U is Zen 1 APU. Zen 1 APU has a single CCX module which is different from dual CCX modules (2 cores +2 cores) Ryzen 3 Zen 1 desktops.

AMD treating APUs like Radeon rename PR BS.

From docs.microsoft.com/en-au/windows-hardware/design/minimum/supported/windows-11-supported-amd-processors

Ryzen 3 3200U and Ryzen 3 3250U are 14 nm Zen APUs and these SKUs are supported in Windows 11's AMD CPU support list. :laugh:

Well, I did a bit of sleuthing around and it seems you're right. Sorry about that.

Though, now it begs the question of why that processor (which is, on top of being Zen1, a low end one) is on the list but the others are not. I mean, I'd understand it if all Zen1 processors were not supported, as one could simply make the assumption that Microsoft was not satisfied with their single thread performance (back when it launched it seemed to be somewhere pre-speculative execution mitigations Haswell's level). And as silly as it would sound, at least it would have been somewhat consistent. But with this... I don't know. Maybe for embedded or mobile applications, but it's strange nonetheless.

R-T-BThink DRM.

That could be one possibility. Outside of DRM and Bitlocker, what other applications are there for a TPM? That don't require the user to go into configuring it or anything, an "it justs works" approach, a la Apple.

lexluthermiesterI love that feature too! Fine-grained controls are exactly what I've been asking for since the Windows 8 garbage. These to not make anything more difficult. What it means is that things take a little more time to configure. But on the upside, users get to set things up exactly the way we want them. That feature is part of what I love about Windows 11. While it might take more time to set up, it makes a ton of things much easier and less cumbersome!

Be that as it may, I'd have liked it if they had left the Windows 10 global association controls for less experienced users. And in general, it was a time saver, it set up most of the associations and then you could go in and change what you needed, but without having to go one by one.

lexluthermiesterIt's been brought back, but in a way that is not perfectly clear, YET. As discussed above, thus setting are easily available to the user to change, it's just a little bit of a learning curve which I'm sure everyone will learn quickly and appreciate.

Well, that would be a game changer, I guess. I take it applications will have to be updated to do it? At least Foobar2000 still doesn't do it.
The text is in Spanish but it's basically pointing me to go to Settings to do the changes.

I mean, you tell me if you want to go one-by-one setting associations for Foobar200 when scrolling down the list of filetypes as fast as possible takes over 30 seconds lol

windwhirlI mean, you tell me if you want to go one-by-one setting associations for Foobar200 when scrolling down the list of filetypes as fast as possible takes over 30 seconds lol

I've already been doing that. It takes an extra minute or two and it needs to be done only once.

However, I agree, the one click easy setting should be side by side with the fine-grained settings.

when the w11 iso was released i immediately wiped my laptop ssd (had w11 installed from w10 and laggy af) and made a dual boot w10 w11 instead, w11 is clearly running better althought there are some slowdown but it's cpu related as it's a (weak) i3 6100u

windwhirlThat could be one possibility. Outside of DRM and Bitlocker, what other applications are there for a TPM? That don't require the user to go into configuring it or anything, an "it justs works" approach, a la Apple.

It's a glorified keylocker. Not much.

lexluthermiesterDo you really think that might be a possibility? Can think of a dozen or so ways why that wouldn't work.

It would work. I don't know why you think it wouldn't. But it'd just be another reason to avoid the ms-store.

lexluthermiesterI think it's microsoft trying to control the OS in a way that the normal user would have no idea how to change.

I doubt this. TPMs aren't really much more than hardware keylockers.

lexluthermiesterYou don't seem to understand how the things work, and I'm not going to detail it here. However, dropping the hammer on $16million worth of computers is not something most budgets will deal with. And that is but one facility.

Absolutely, upgrading a computer park costs a lot of money but like I said no one wants to work for free and at a certain point microsoft will want to sell another license to keep churning updates along. The alternative is a subscription model which I don't think we want either.

So what's the solution here right? In this case the easy answer would be for microsoft to not try to sell computers and just sell their software licenses (no free upgrades) and let manufacturers figure their business out (computers will still need to be bought anyway!), but they seem to have done a different deal. With how chromebooks are taking off maybe not the best plan to pull this kind of stunts but let's see how it goes I guess

R-T-BIt would work. I don't know why you think it wouldn't.

No really, explain how/where ANY form of DRM would depend in TPM and SecureBoot?

R-T-BI doubt this. TPMs aren't really much more than hardware keylockers.

Oh? Please review the following and continue on till post #1031. This is not an isolated incident. Using SecureBoot to lock people out of their own PC makes troubleshooting impossible unless you crack the drive, but then that install of Windows will never boot again. SecureBoot does nothing for the average user. It only prevents people from modifying the data on their OS drive from outside the OS. There is no purpose to this other than for microsoft to lock an installation down from being altered. It is nothing but a slimy form of control. It also prevents use of all drive data encryption other than microsoft's own Bitlocker, which is known to have a back-door. Back-doors are NOT secure and running software that is not secure is, naturally, NOT good security.

trsttteSo what's the solution here right?

The solution is telling microsoft that these requirements are wildly inappropriate & unacceptable, followed by a metaphoric foot in the butt-crack, starting with the CEO.

trsttteand just sell their software licenses (no free upgrades) and let manufacturers figure their business out (computers will still need to be bought anyway!),

That too!

nVidia probably released their final drivers at August 31 2021 to their 6xx and 7xx series of graphics cards for Windows 7 and Windows 10, (maybe one more can come before October 2021). This is also a premature give up. Because, Windows 7 has one more year for paid customers. This means that, their paid Windows 7 will have no updates by means of graphics drivers by nVidia. They must logically have to extend 6xx and 7xx support at least for one more year, because there is a shortage at production we all know and the prices are too high. We will throw away whatever we got after 5 to 10 years, so paying too high for a new card is a truly money waste. Also, there is Windows 8.1, it's end of support date not yet reached either, which is 10 January 2023.

I have looked the new one, it is well not really good. I have installed open shell, and it placed it's start button to the left. The system either can be shut down from the left, or from the new menu. Seeing double menus made me laugh a bit! :) Stupid thing, I said....

Windows 10 is good, but I know how to update Windows 7 as well like paid customers with ESU bypass. I have started to think, do I have to use Windows 7 one more year or go through Windows 10. I have nVidia 670, 680, 770 and 780Ti on various machines based on Xeon v2, v3 and v4 CPU's. My latest is in my HP notebook, which carries a 3GB 1050. It has TPM 2.0 and Intel i7-1065G7 CPU. I will install Windows 11 to it, and see how it goes.

lexluthermiesterNo really, explain how/where ANY form of DRM would depend in TPM and SecureBoot?

Encryption keys. Keys you can't easily get at.
Need I say more?

lexluthermiesterOh? Please review the following and continue on till post #1031.

You are confusing three seperate concepts in that post. TPM, edrive, and SecureBoot. Yes they can work together but his core issue appears to be edrive not tpm or secure boot.

karakargaI know how to update Windows 7 as well like paid customers with ESU bypass.

Nice!

karakargago through Windows 10.

Unless you need DX12/RTX for gaming, stick with 7 if you know how to keep it secure.

R-T-BEncryption keys. Keys you can't easily get at.

That's not an example.

R-T-BNeed I say more?

Yuppers.

R-T-BYou are confusing three seperate concepts in that post. TPM, edrive, and SecureBoot.

No, I'm not. I'm not talking out of my butt. This is years worth of experience. SecureBoot is the runtime that locks a drive from casual outside access. SecureBoot requires TPM. Troubleshooting an installation from an external EBD is NOT possible with SecureBoot enabled. Using third party drive encryption with SecureBoot enabled is NOT possible(currently).

lexluthermiesterThat's not an example.

Ok. I encrypt a game with keys stored in the TPM that can only be unlocked via a master key from something like ms store, steam, etc.

It can be done. Not sure how much more simple I can make it for you.

lexluthermiesterSecureBoot is the runtime that locks a drive from casual outside access.

No, it's a boot binary hash verifier. It's design is purely to protect against "evil-maid" attacks.
Now I know you are talking out of your butt, sorry.

PS: SecureBoot is something I use daily, and without a TPM I might add. We enroll our own TGC opal bootloader based on sedutil. No you can't see it.

R-T-BOk. I encrypt a game with keys stored in the TPM that can only be unlocked via a master key from something like ms store, steam, etc.

That's not exactly what TPM was designed for, but you're right, I don't see any reason why it can't be adapted.

R-T-BNo, it's a boot binary hash verifier. It's design is purely to protect against "evil-maid" attacks.

If that were true, an attacker could easily disable TPM & SecureBoot, boot a USB drive, alter or steal data from the host drive, reboot and reenable the TPM & SecureBoot and act like it's not there. This would work because the keys in the TPM module were not replaced. And if we were talking about TPM 1.x it would work flawlessly. However, with TPM2.0 the dynamic changes...

R-T-BSecureBoot is something I use daily, and without a TPM I might add.

...and here it is. YOUR use-case-scenario is NOT what microsoft is doing.

Don't believe me? Install Windows 11 on a compliant system with everything enabled. Then, without changing any settings, try to boot a EBD like Hirens. When that fails, disable SecureBoot and try again. Let's see what happens when you get into the WinPE desktop... Yeah, have fun!

R-T-BNow I know you are talking out of your butt, sorry.

Stop being childish.

lexluthermiesterIf that were true, an attacker could easily disable TPM & SecureBoot, boot a USB drive, alter or steal data from the host drive, reboot and reenable the TPM & SecureBoot and act like it's not there. This would work because the keys in the TPM module were not replaced. And if we were talking about TPM 1.x it would work flawlessly. However, with TPM2.0 the dynamic changes...

They can.

That's where edrive fills the gaps. TCQ opal and its ilk.

lexluthermiesterStop being childish.

I'm really not trying to be but I was quoting you, for the record

R-T-BThey can.

Ok...

lexluthermiesterDon't believe me? Install Windows 11 on a compliant system with everything enabled. Then, without changing any settings, try to boot a EBD like Hirens. When that fails, disable SecureBoot and try again. Let's see what happens when you get into the WinPE desktop... Yeah, have fun!

...go for it.

R-T-BI'm really not trying to be but I was quoting you, for the record

...

lexluthermiesterOk...

...go for it.

...

I'm unsure what you are aiming to prove with that. Of course it won't work. The encryption keys are likely in the TPM on a Windows 11 device. Secure boot isn't whats stopping you though, encryption is.

I've lost track of what you're even trying to establish, so out.

R-T-BI'm unsure what you are aiming to prove with that. Of course it won't work.

That's what I've been saying. Tada!

R-T-BThe encryption keys are likely in the TPM on a Windows 11 device. Secure boot isn't whats stopping you though, encryption is.

The encryption scheme microsoft is employing doesn't work without SecureBoot. Tada!

R-T-BI've lost track of what you're even trying to establish, so out.

That's because you didn't seem to understand the context to begin with.

lexluthermiesterThe encryption scheme microsoft is employing doesn't work without SecureBoot. Tada!

...

It can. You need to set some gpedit keys but yeah.

Still confused.

eidairaman1W7 for me.

are you ok with cyber crime higher t hen its eever been to be on super super old tech... also why win 7 not 8 or 10 like billions have done if you have a flip phone then i understand why 2009 tech otherwise huh??,,

R-T-BIt can.

Sure it can, but that's not what they're aiming for.

R-T-BStill confused.

Ok, what are you confused about?

simlifeare you ok with cyber crime higher t hen its eever been to be on super super old tech... also why win 7 not 8 or 10 like billions have done if you have a flip phone then i understand why 2009 tech otherwise huh??,,

Windows 7 is not insecure just because microsoft isn't supporting it. Let's not do that fearmongering crap.