Friday, June 25th 2021

Thanks to Windows 11, Scalpers Buy Out Add-on TPM 2.0 Modules

Most modern PC platforms include an fTPM (firmware trusted platform module) of some form. Those that don't, have a TPM 2.0 compatible header on the motherboards. Microsoft's requirement of a hardware TPM for Windows 11 has scalpers go after add-on TPMs, which are typically priced around $20, but now marked up to $100, according to price-tracking by Shen Ye, a senior HTC VIVE exec, who has been tracking prices of add-on TPMs on Twitter.

Scalpers possibly anticipate a rush of ill-informed buyers out for add-on TPMs, who haven't spent 5 minutes digging through their UEFI setup programs for the fTPM toggle. Below is a screenshot of a Ryzen 7 2700X-based machine, paired with an AMD B450 chipset motherboard (a platform from 2018), with its fTPM toggle turned on. The PC now meets Windows 11 system requirements. Windows 11 uses hardware TPMs for secure storage of credentials. "Microsoft, can you not impose a TPM requirement during a silicon shortage? Especially considering most desktop motherboards support TPM only as a purchasable accessory," Shen Ye tweeted.
Source: Shen Ye (Twitter)
Add your own comment

263 Comments on Thanks to Windows 11, Scalpers Buy Out Add-on TPM 2.0 Modules

#201
Easo
lexluthermiesterDo you have a link where you read this?


No, not fully. But a good firewall is a solid method of defense. Discounting the value of one is a fools errand.

As I said, properly configured firewall. A good and properly configured browser is important. However a good computing ethic is important too.
What I meant is security in layers/defense in depth/call it whatever you want. Firewall is just one thing out of many. This hardware level security push by Microsoft is another (and MS are not the only ones doing it, it starts from CPU manufacturers themselves). And really, trusting users with this is pointless. Any work in customer service, not just IT, should already tell you everything you need to know how failed such an attempt would be.
Posted on Reply
#202
Isaac`
woomUpgraded my AMD 3800X to windows 11 all good ,also did my 4790k with Z79X MB AND A 3570K all ugraded from w10 pro.
How to get beta builds
Posted on Reply
#203
R-T-B
trparkyI don't have Secure Boot enabled on my motherboard and the compatibility checking tool says that my system can be upgraded to Windows 11 just fine.

As for why I don't have Secure Boot enabled, I have no idea how to enable it on my motherboard. I tried to enable it in UEFI but it gave me some cryptic message about it not being able to be enabled and that's when I said, 'fuck it' and went on my merry way.
If I turn it off I get a failure in the compatability tool.
EasoThis hardware level security push by Microsoft is another (and MS are not the only ones doing it, it starts from CPU manufacturers themselves).
This is true but it's still a really flawed model. It just gives malware an avenue to become persistent across reinstalls.
Posted on Reply
#204
Makaveli
Isaac`How to get beta builds
The insider build doesn't get released until this week or next to that is probably the leaked iso.
Posted on Reply
#205
Arcdar
It's funny and sad that MS tries to block still absolutely fine hardware "just because" .... I've got two machines up and running which don't really need
any upgrade for what they are needed for (some office work and light gaming) - one of them is a dual x79 with two 2900v1's and the other one is a
dual x99 board with two 2698v3 .....

both of them do more than just fine for gaming and work. But neither of the two boards has the option to include a TPM (1.2 or 2) module sadly ....
and even if they would, they are not on the list of supported CPU's and thus even with tpm2.0 they wouldn't be "eligible to use Windows11" ...





Also, my Microsoft Surface Book (v1.0) with it's tpm1.2 module is NOT supported for windows11 .... and as far as I read nearly 50% of all MS "in-house-
products" are not compatible with windows 11...... yeah. awesome. That's why I got a MS "laptop" ............ to be locked out of future windows versions....
amazing.....
Posted on Reply
#206
trparky
Athlonitethere's two things you need to do to enable Secure Boot
1: Turn it on in your UEFI/BIOS settings
2: Make sure your Boot Drive is using a GPT partition type not the old MBR type
I get something mentioning something about hardware keys when I try and turn it on and something called user mode in UEFI.
Posted on Reply
#207
Athlonite
trparkyI get something mentioning something about hardware keys when I try and turn it on and something called user mode in UEFI.
Well that's weird could that be any more cryptic oh wait yes it could Hmmm I'd be looking at things CSM if it's on turn it off
Posted on Reply
#208
trparky
AthloniteWell that's weird could that be any more cryptic oh wait yes it could Hmmm I'd be looking at things CSM if it's on turn it off
I can't remember exactly what it said, I'd have to go back into UEFI but I have a long-running process that's going on that I can't interrupt at this time. I can't reboot the system to go into UEFI right now. Maybe I'll make a thread in the Motherboard forum about this when I can.
Posted on Reply
#209
totalfreq
lexluthermiesterThat just made me laugh..


Simple: NoScript(or disabling JS). However, and I KNOW I've said this in other treads, Spectre/Meltdown attack CAN NOT SUCCEED REMOTELY! Physical presence is REQUIRED.

I'm not going into a dissertation on how and why that is easily protected from.

You seem to be taking this to an extreme NO ONE will ever face.

Protecting ones self on the internet is somewhat involved, it's not rocket science.

Quit with your sad flame baiting.
Spectre may require local access but there are ways to remotely access the MEBx. And do so proir to bios password or bitlocker.

Im not going to outline all the details as it is still a wide spread problem. A critical update went out Sept 2020 patching the AMT/ISM system that you should apply immediately if you have not. But most OEMs still use the default MEBx password, and if PXE boot, AMT with Wifi, windows remote management or a whole slew of other settingsl could leave your MEBx exposed and remotely accessible. Furthermore a lot of OEMs havnt changed the MEBx password from default, or they have a universal password that can found easily on a google search.

Im not saying that every machjne is vulnerable, but alk ot takes is one of the above to be enabled and not secured properly and MEBx will be accessible remotely, bypassing Bios password lock, bitlocker, etc.

Im personally going to clip one tpm pin at a time (i think there are 20) to see which one windiws accepts as active/installed, but then doesnt actually work ;)
Posted on Reply
#210
lexluthermiester
EasoWhat I meant is security in layers/defense in depth/call it whatever you want. Firewall is just one thing out of many. This hardware level security push by Microsoft is another (and MS are not the only ones doing it, it starts from CPU manufacturers themselves). And really, trusting users with this is pointless. Any work in customer service, not just IT, should already tell you everything you need to know how failed such an attempt would be.
There are so many things wrong with that statement...
MakaveliThe insider build doesn't get released until this week or next to that is probably the leaked iso.
It's out now apparently..
Posted on Reply
#211
totalfreq
lexluthermiesterThere are so many things wrong with that statement...


It's out now apparently..
Yep win 11 preview is available. Its not yet in my action pack but build 22000.51 is available as a preview.
Posted on Reply
#212
lexluthermiester
totalfreqYep win 11 preview is available. Its not yet in my action pack but build 22000.51 is available as a preview.
Someone reviewed it:
Thanks to @rk3066 for the link over in the GN thread..
Posted on Reply
#213
windwhirl
blogs.windows.com/windows-insider/2021/06/28/update-on-windows-11-minimum-system-requirements/
Microsoft's blog post about the requirements.

Main takeaways (may read like PR, take what you will from this):

On TPM, SecureBoot, etc.:
Windows 11 raises the bar for security by requiring hardware that can enable protections like Windows Hello, Device Encryption, virtualization-based security (VBS), hypervisor-protected code integrity (HVCI) and Secure Boot. The combination of these features has been shown to reduce malware by 60% on tested devices. To meet the principle, all Windows 11 supported CPUs have an embedded TPM, support secure boot, and support VBS and specific VBS capabilities.
On their decision of supporting only 8th gen Intel and Zen+ AMD CPUs and newer:
Devices upgraded to Windows 11 will be in a supported and reliable state. By choosing CPUs that have adopted the new Windows Driver model and are supported by our OEM and silicon partners who are achieving a 99.8% crash free experience.
They might review that decision to support the previous generation to those (no promises though)
As we release to Windows Insiders and partner with our OEMs, we will test to identify devices running on Intel 7th generation and AMD Zen 1 that may meet our principles. We’re committed to sharing updates with you on the results of our testing over time, as well as sharing additional technical blogs.
Acknowledging their PC Health check app was kinda a confusing mess:
the PC Health Check app was intended to help people check if their current Windows 10 PC could upgrade to Windows 11. Based on the feedback so far, we acknowledge that it was not fully prepared to share the level of detail or accuracy you expected from us on why a Windows 10 PC doesn’t meet upgrade requirements. We are temporarily removing the app so that our teams can address the feedback. We will get it back online in preparation for general availability this fall. In the meantime, you can visit our minimum system requirements page here to learn more.
Posted on Reply
#215
Chrispy_
trstttethis is hilarious :D:D:D

TPM modules are not hard to manufacture and their scarcity is dictated mostly by their uselessness so these scalpers will most likely only help retailers clear out old junk. specially when microsoft walks this back as they surely will

I honestly find this super amusing
The same thing could be said about desktop webcams 18 months ago.
Nobody had a need to buy one until they suddenly did, and it took 6 months of scalping before supply overtook demand to bring the prices down again.
Posted on Reply
#216
windwhirl
Chrispy_The same thing could be said about desktop webcams 18 months ago.
Nobody had a need to buy one until they suddenly did, and it took 6 months of scalping before supply overtook demand to bring the prices down again.
Not like it matters much in this case. With TPM being built in CPUs, there's no need to get a discrete one.
Posted on Reply
#217
Chrispy_
windwhirlNot like it matters much in this case. With TPM being built in CPUs, there's no need to get a discrete one.
I think there are going to be a bunch of people using CPUs that predate integrated TPM. You only have to look at how many people are still on 7 and even XP still has significant marketshare despite being out of support for 12 years at this point.
Posted on Reply
#218
windwhirl
Chrispy_I think there are going to be a bunch of people using CPUs that predate integrated TPM.
Nah, if Microsoft holds their position, all the supported CPUs have a TPM integrated.
Actually, I'm gonna check on that.

Well, after a while of searching, it's not completely clear, but it seems Intel's PTT (which is a TPM implementation) was introduced in some Haswell chips, and later brought into the rest of their CPUs in their sixth generation (so Skylake). Though others say that it was introduced in all Haswell and later chips, so it's not completely sure.

Funny thing, though, Intel Macs will not be able to dual boot to Windows 11, as they do not support TPM.
Posted on Reply
#219
Adam Krazispeed
opteronGreedy Scalpers are the bane of humanity...
you got that right... im sick of the scalpers and MS can go and die for all i care.. GAMING IS GOING TO HELL ON PC.. im about done thanks to scalpers ( mainly on CPUs and Graphics Cards. Ram and SSDs (nvme especially) the good ones

but so does first gen 1000 series ryzen and Threadripper, A,B,&X 300 + X399 Threadripper 1st gen ryzen has TPM2.0 because iv always turned it on in the bios, so wtf Zen1 Unsupported>> WHY MS?
Posted on Reply
#220
lexluthermiester
Adam Krazispeedyou got that right... im sick of the scalpers, and MS can go and die for all i care.. GAMING IS GOING TO HELL ON PC.. im about done thanks to scalpers ( mainly on CPUs and Graphics Cards. Ram and SSDs (nvme especially) the good ones

but so does first gen 1000 series ryzen and Threadripper, A,B,&X 300 + X399 Threadripper 1st gen ryzen has TPM2.0 because iv always turned it on in the bios, so wtf Zen1 Unsupported>> WHY MS?
We feel your frustration. You're not alone. However, your missing something. It's called customizing your installation media. It's been a thing for decades, works on 11 now and will be a thing when 11 is released. The enthusiast & power user community will NOT be tolerating microsoft's nonsense. I've been customizing Windows installs since XP. Look into it.

BTW, folks, MJD just reviewed the newest build, 22000.51. Looks interesting;
Posted on Reply
#221
Chrispy_
windwhirlFunny thing, though, Intel Macs will not be able to dual boot to Windows 11, as they do not support TPM.
That's okay, Windows 11 looks like an OSX clone so there's no point in dual-booting any more....
/s :)
Posted on Reply
#222
lexluthermiester
Chrispy_That's okay, Windows 11 looks like an OSX clone so there's no point in dual-booting any more....
/s :)
Try using it.
Posted on Reply
#223
Mussels
Moderprator
lexluthermiesterTry using it.
Just did. Seems like W10, but easier on the eyes.
Only thing i dislike is that i gotta right click the windows button for task manager, instead of the task bar
Posted on Reply
#224
Chrispy_
lexluthermiesterTry using it.
I have. Hence the /s
It's not really anything like OSX, just that first impressions, colourscheme and centralised dock are such blatant copies :)
Posted on Reply
#225
lexluthermiester
MusselsOnly thing i dislike is that i gotta right click the windows button for task manager, instead of the task bar
That one doesn't bother me. It's just moved. I usually call up the task manager with CTRL+SHFT+ESC anyway...
Posted on Reply
Add your own comment
Copyright © 2004-2021 www.techpowerup.com. All rights reserved.
All trademarks used are properties of their respective owners.