Friday, June 25th 2021

Thanks to Windows 11, Scalpers Buy Out Add-on TPM 2.0 Modules

Most modern PC platforms include an fTPM (firmware trusted platform module) of some form. Those that don't, have a TPM 2.0 compatible header on the motherboards. Microsoft's requirement of a hardware TPM for Windows 11 has scalpers go after add-on TPMs, which are typically priced around $20, but now marked up to $100, according to price-tracking by Shen Ye, a senior HTC VIVE exec, who has been tracking prices of add-on TPMs on Twitter.

Scalpers possibly anticipate a rush of ill-informed buyers out for add-on TPMs, who haven't spent 5 minutes digging through their UEFI setup programs for the fTPM toggle. Below is a screenshot of a Ryzen 7 2700X-based machine, paired with an AMD B450 chipset motherboard (a platform from 2018), with its fTPM toggle turned on. The PC now meets Windows 11 system requirements. Windows 11 uses hardware TPMs for secure storage of credentials. "Microsoft, can you not impose a TPM requirement during a silicon shortage? Especially considering most desktop motherboards support TPM only as a purchasable accessory," Shen Ye tweeted.
Source: Shen Ye (Twitter)
Add your own comment

263 Comments on Thanks to Windows 11, Scalpers Buy Out Add-on TPM 2.0 Modules

#151
lexluthermiester
trparkyYes, I practice safe computing habits but for once I'd like to be able to let my guard down without everyone trying to destroy my systems while doing so.
Install and learn how to properly use a firewall other than the windows firewall. You will then be able to browse and use the net without much worry.
Posted on Reply
#152
VEGGIM
if it will make anyone happy, windows 11 pro doesn't require you to have a Microsoft account to sign in
Posted on Reply
#153
Mussels
Moderprator
VEGGIMif it will make anyone happy, windows 11 pro doesn't require you to have a Microsoft account to sign in
I'm all for that... and now we know which one the pirates will aim for too
Posted on Reply
#154
Easo
TheinsanegamerNAnd writing comments like this, trying to look "cool", make you look like a shill, and not a particularly Intelligent one
As opposed to people talking about sheeps and big bad corpos in comments? Hah... Years in IT support painted a very clear picture of the average computer user and where majority of issues comes from, no matter the OS. People either do nothing or listen to the so called enthusiasts and tech experts writing "Winblows" and suggesting doing stuff like disabling Windows Update so that "M$ does not spy on them". Afterwards there is surprise about why their data was encrypted/stolen, "Windows became slow" or why the computer in question is another node of some botnet.
lexluthermiesterInstall and learn how to properly use a firewall other than the windows firewall. You will then be able to browse and use the net without much worry.
Almost as if firewall alone fully protects you. No, no they do not. Firewall is not going to stop anything if you open a breached webpage, or a specifically crafted one. Add to it vulnerability chaining for more fun.
Posted on Reply
#155
lexluthermiester
VEGGIMif it will make anyone happy, windows 11 pro doesn't require you to have a Microsoft account to sign in
Do you have a link where you read this?
EasoAlmost as if firewall alone fully protects you. No, no they do not.
No, not fully. But a good firewall is a solid method of defense. Discounting the value of one is a fools errand.
EasoFirewall is not going to stop anything if you open a breached webpage, or a specifically crafted one.
As I said, properly configured firewall. A good and properly configured browser is important. However a good computing ethic is important too.
Posted on Reply
#156
trparky
lexluthermiesterA good and properly configured browser is important.
Yes. With a good adblocking extension and a good filter list. That and employing Windows Defender's Exploit Protection Technology that injects a special DLL into the memory space of the browser to protect it with a number of protection types such as blocking untrusted fonts, code integrity guard, control flow guard, disabling of extension points, disabling of Win32k system calls, export address filtering, mandatory ALSR, import address filtering, and others that help block known exploit types even against zero-day exploits. These protections basically harden the program in question to protect it from a whole class of exploit techniques.

You can read about these protection techniques at the Microsoft article linked below...
Customize exploit protection | Microsoft Docs
Posted on Reply
#157
sweethoneybee
lexluthermiesterDo you have a link where you read this?
It´s written in the system requirements that only Win11 Home requires a MS account:
www.microsoft.com/en-us/windows/windows-11-specifications

Btw: NTLite is a very good tool to create your own Win11 as soon as the final version is out at the end of this year. I´m using it for Win10 since many years and throw out everything that i don´t want from MS:
www.ntlite.com/
Posted on Reply
#158
lexluthermiester
trparkyYes. With a good adblocking extension and a good filter list. That and employing Windows Defender's Exploit Protection Technology that injects a special DLL into the memory space of the browser to protect it with a number of protection types such as blocking untrusted fonts, code integrity guard, control flow guard, disabling of extension points, disabling of Win32k system calls, export address filtering, mandatory ALSR, import address filtering, and others that help block known exploit types even against zero-day exploits. These protections basically harden the program in question to protect it from a whole class of exploit techniques.

You can read about these protection techniques at the Microsoft article linked below...
Customize exploit protection | Microsoft Docs
Some people trust microsoft. Some do not.
sweethoneybeeIt´s written in the system requirements that only Win11 Home requires a MS account:
www.microsoft.com/en-us/windows/windows-11-specifications

Btw: NTLite is a very good tool to create your own Win11 as soon as the final version is out at the end of this year. I´m using it for Win10 since many years and throw out everything that i don´t want from MS:
www.ntlite.com/
Doesn't mean they won't try to enforce it.
Posted on Reply
#159
sweethoneybee
lexluthermiesterDoesn't mean they won't try to enforce it.
Shure, we have to wait for the final anyway...
Posted on Reply
#160
dorsetknob
"YOUR RMA REQUEST IS CON-REFUSED"
As its now A Windows 11 Requierment ...........will motherboard manafactures Now include a TMP module in the box ? or Hard wire one into Motherboard..
Posted on Reply
#161
Athlonite
Atleast some of you can find one to buy I can't even find a single one here in Gougelandastan (New Zealand)
Posted on Reply
#162
Mussels
Moderprator
dorsetknobAs its now A Windows 11 Requierment ...........will motherboard manafactures Now include a TMP module in the box ? or Hard wire one into Motherboard..
been hardwired at a firmware level for many years now
Posted on Reply
#163
windwhirl
dorsetknobAs its now A Windows 11 Requierment ...........will motherboard manafactures Now include a TMP module in the box ? or Hard wire one into Motherboard..
Doesn't matter, AMD & Intel CPUs have a TPM integrated on die these days.

I imagine that some motherboards do not expose the option to enable it, though.
Posted on Reply
#164
Totally
windwhirlDoesn't matter, AMD & Intel CPUs have a TPM integrated on die these days.

I imagine that some motherboards do not expose the option to enable it, though.
It isn't just firmware tpm, otherwise it the add-ons wouldn't be needed for x570 boards. e.g.: next to the safe boot and retry buttons

Posted on Reply
#165
windwhirl
TotallyIt isn't just firmware tpm, otherwise it the add-ons wouldn't be needed for x570 boards. e.g.: next to the safe boot and retry buttons

You can use the fTPM,since it's a TPM 2.0 implementation. The slot is there if you want to use a different TPM or a previous one you already had.
Posted on Reply
#166
RedBear
TotallyIt isn't just firmware tpm, otherwise it the add-ons wouldn't be needed for x570 boards. e.g.: next to the safe boot and retry buttons
It's not needed for Windows 11. The TPM header is there because firmware TPM is relatively more vulnerable and some people might just require the additional security of a discrete TPM module.

Still, it looks like this is indeed going to cause quite a bit of confusion.
Posted on Reply
#167
R-T-B
Isaac`Secure boot is not mandatory
Why do you think this? The official compatability tool suggests otherwise.
JismYou can call it hardware based security. More about it on en.wikipedia.org/wiki/Trusted_Platform_Module#History
We seriously need to wake up and realize hardware security is a flawed model.
Posted on Reply
#168
Zubasa
windwhirlI imagine that some motherboards do not expose the option to enable it, though.
It is the opposite, many OEM machines do not have the option to disable TPM.
Posted on Reply
#169
totalfreq
ZubasaIt is the opposite, many OEM machines do not have the option to
For intel (my experience with dells mostly...but hundreds of them, the person ordering always ordered vPro and since we didnt need OOB access I would always kill it). Download intel managment and security software and enable MEBx. Reboot hit ctrl+p. For dells youll have to go through a passsword reset (just google the procedure). Then in mebx disable AMT.

When you go back in the OS it will be disabled. This will kill TPM and vPRO

This has worked on every dell Ive cone acrkss in the past 2 decades...cant sspeak for other pkatgorms though and most of the machines were precisions, latitudes and servers...not home versions like vostro.
Posted on Reply
#170
Aleksandar_038
Seriously, people, which smartphones you are using?

Judging by outcry against "Microsoft Espionage" via damned Microsoft account and hysteria against TPM, I assume those who commented are using some very special OS on their smartphone?

Or you all using Android and iOS, have there Facebook, proper Google and Apple account (because you have to) and now you just fall into hysteria because you can?

If Windows is so unimportant, go install Linux and stop babbling about it... For Christ sake, every second post is about "I am switching to Linux, Linux is great, Linux, Linux...", and very few about subject.

And, finally, Microsoft will surely force TPM requirements only on Pro and upper versions, Home versions will be left without it, because it is not in their interest to slow down upgrade - quite contrary, they want as many people as possible, as fast as possible, to switch to 11...
Posted on Reply
#171
dogwitch
totalfreqFor intel (my experience with dells mostly...but hundreds of them, the person ordering always ordered vPro and since we didnt need OOB access I would always kill it). Download intel managment and security software and enable MEBx. Reboot hit ctrl+p. For dells youll have to go through a passsword reset (just google the procedure). Then in mebx disable AMT.

When you go back in the OS it will be disabled. This will kill TPM and vPRO

This has worked on every dell Ive cone acrkss in the past 2 decades...cant sspeak for other pkatgorms though and most of the machines were precisions, latitudes and servers...not home versions like vostro.
bet then hp....
Posted on Reply
#172
zlobby
R-T-BWhy do you think this? The official compatability tool suggests otherwise.


We seriously need to wake up and realize hardware security is a flawed model.
Only dynamic root of trust has the theoretical potential to achieve good security, if done right, that is.
trparkyYes, I practice safe computing habits but for once I'd like to be able to let my guard down without everyone trying to destroy my systems while doing so.
Sorry. For as long as there are systems there will be people who will try to break in into them. Letting our guard down is not a luxury we have.
Posted on Reply
#173
R-T-B
zlobbyif done right
That will never happen. It's precisely why hardware security is such a bad idea.

It's like saying "everything will be ok as long as we write a perfect, flawlwess, bug free program."

That never happens. And while you can patch software easily, hardware is... not as easy.
Posted on Reply
#174
Athlonite
for those with AMD platforms with supported AMD CPU's check your UEFI settings try finding the setting that chooses which TPM device to use you should see two options available
option 1: dTPM = Discrete TPM module plugged into your mobo choosing this setting disables fTPM
option 2: fTPM = AMD's built in TPM2.0 compliant module

If it's set to option 1 then choose option 2 save and reboot once into windows rerun the health ap and it should tell you YES instead of NO for being able to run Windows 11

You'll also find a new Device listed under Security Devices in Device Manager like this

Posted on Reply
#175
FoxinuhhBox
Makavelii'm curious to see how this will work for older motherboards that you can buy the TPM and add it. Because even with doing that Haswell doesn't meet the cpu requirements for windows 11.

Intel 8th gen and up.
I'm one of the few that got ahold of a TPM 2.0 20-pin for my motherboard, I ignorantly thought my 4th gen 4.3 GHz i7-4790K would be supported. I was mistaken. while I may have been able to acquire the TPM, my CPU and any intel cup below 8th gen are not supported because they feel like it.
Posted on Reply
Add your own comment
Copyright © 2004-2021 www.techpowerup.com. All rights reserved.
All trademarks used are properties of their respective owners.