Monday, August 30th 2021

Microsoft to Ban Unsupported Machines from Windows 11 Updates

With pre-release builds of Microsoft's upcoming operating system, Windows 11, doing rounds, the PC enthusiast community has developed various workarounds to the system requirement of a hardware trusted-platform module 2.0 (TPM 2.0) for the operating system. Microsoft itself also suggested that those on older machines (without TPMs), who cannot upgrade from Windows 10 to Windows 11, have the option of performing a clean-installation of the new operating system using its ISO installer disk image.

These machines, however, will be treated as "unsupported," will not have access to Windows Update, and may potentially be barred from receiving important security updates. Microsoft recommends, however, that those who don't meet the system requirements of Windows 11 remain on Windows 10. The company plans to maintain support for Windows 10 up to October 14, 2025, which means four more years of security updates for the older operating system. The choice, hence, would be between upgrading hardware to meet Windows 11 requirements, or to remain on Windows 10 until Q4-2025.
Source: HotHardware
Add your own comment

117 Comments on Microsoft to Ban Unsupported Machines from Windows 11 Updates

#76
R-T-B
BArmsMicrosoft Windows Government Backdoor edition. Nobody is asking for these TPM 2.0 modules and they will hurt W11 adoption massively, the only safe assumption is that someone is putting the pressure on MS to require them.
Yes, but it isn't the government you are looking for. It's private sector. Think DRM.
Posted on Reply
#77
lexluthermiester
trsttteI realize I'm in the minority but I love this change. Yes, let me control which app opens which extension easily.
I love that feature too! Fine-grained controls are exactly what I've been asking for since the Windows 8 garbage. These are not meant to not make anything more difficult. What it means is that things take a little more time to configure. But on the upside, users get to set things up exactly the way we want them. That feature is part of what I love about Windows 11. While it might take more time to set up, it makes a ton of things much easier and less cumbersome!
trsttteI don't think it will be a problem for anyone.
Only the whiners who don't understand the feature will complain.(no offense to anyone here)
windwhirlThat era ended. Since Windows 10 you have to use the system settings to change associations. The apps can no longer make the changes themselves.
It's been brought back, but in a way that is not perfectly clear, YET. As discussed above, those settings are easily available to the user to change, it's just a little bit of a learning curve which I'm sure everyone will learn quickly and appreciate.
trsttteYou'll have 5 years to continue using windows 10
Ah, the ultimatum argument. We really don't want to go there..
trstttebut in the end what's more expensive, upgrade the computers or pay the extended support fees like with windows 7?
You don't seem to understand how the things work, and I'm not going to detail it here. However, dropping the hammer on $16million worth of computers is not something most budgets will deal with. And that is but one facility.
The red spiritSure it wasn't entirely free, did people really pay for it?
Oh yes. For my personal systems I have 3 retail copies and 4 digital download CDKeys bought from key sellers. And that is for Windows 10 alone. For all other versions of Windows, dozens of COAs for either retail or OEMs. I am far from alone, so yes lots people actually buy Windows.
R-T-BThink DRM.
Do you really think that might be a possibility? Can think of a dozen or so ways why that wouldn't work. I think it's microsoft trying to control the OS in a way that the normal user would have no idea how to change.
Posted on Reply
#78
Bomby569
Yep, DRM is my bet for why they are so completely into shoving this thing into w11.
Posted on Reply
#79
Ametitu
Now, that's a good feature.
Posted on Reply
#80
lexluthermiester
AmetituNow, that's a good feature.
What is? You didn't quote anyone so we no idea what you are talking about or who you are responding to.. Please use the "Reply" button.

Hope that didn't seem rude, no offense was intended. You're a new user, it's understandable that you need a pointer about a site feature.

And Welcome to TPU!
Posted on Reply
#81
95Viper
lexluthermiesterWhat is? You didn't quote anyone so we no idea what you are talking about or who you are responding to.. Please use the "Reply" button.

Hope that didn't seem rude, no offense was intended. You're a new user, it's understandable that you need a pointer about a site feature.

And Welcome to TPU!
I, believe, he/she is responding, with his/her opinion, to the topic (Microsoft to Ban Unsupported Machines from Windows 11 Updates).
Posted on Reply
#82
lexluthermiester
95ViperI, believe, he/she is responding, with his/her opinion, to the topic (Microsoft to Ban Unsupported Machines from Windows 11 Updates).
Ah ok. Would not have guessed that 4 pages in.
Posted on Reply
#83
windwhirl
rvalenciaNot correct,

Read AMD's web link for Ryzen 3 3250U www.amd.com/en/products/apu/amd-ryzen-3-3250u


Zen = 14 nm
Zen+ = 12 nm

Ryzen 3 3250U is Zen 1 APU. Zen 1 APU has a single CCX module which is different from dual CCX modules (2 cores +2 cores) Ryzen 3 Zen 1 desktops.

AMD treating APUs like Radeon rename PR BS.

From docs.microsoft.com/en-au/windows-hardware/design/minimum/supported/windows-11-supported-amd-processors

Ryzen 3 3200U and Ryzen 3 3250U are 14 nm Zen APUs and these SKUs are supported in Windows 11's AMD CPU support list. :laugh:
Well, I did a bit of sleuthing around and it seems you're right. Sorry about that.

Though, now it begs the question of why that processor (which is, on top of being Zen1, a low end one) is on the list but the others are not. I mean, I'd understand it if all Zen1 processors were not supported, as one could simply make the assumption that Microsoft was not satisfied with their single thread performance (back when it launched it seemed to be somewhere pre-speculative execution mitigations Haswell's level). And as silly as it would sound, at least it would have been somewhat consistent. But with this... I don't know. Maybe for embedded or mobile applications, but it's strange nonetheless.
R-T-BThink DRM.
That could be one possibility. Outside of DRM and Bitlocker, what other applications are there for a TPM? That don't require the user to go into configuring it or anything, an "it justs works" approach, a la Apple.
lexluthermiesterI love that feature too! Fine-grained controls are exactly what I've been asking for since the Windows 8 garbage. These to not make anything more difficult. What it means is that things take a little more time to configure. But on the upside, users get to set things up exactly the way we want them. That feature is part of what I love about Windows 11. While it might take more time to set up, it makes a ton of things much easier and less cumbersome!
Be that as it may, I'd have liked it if they had left the Windows 10 global association controls for less experienced users. And in general, it was a time saver, it set up most of the associations and then you could go in and change what you needed, but without having to go one by one.
lexluthermiesterIt's been brought back, but in a way that is not perfectly clear, YET. As discussed above, thus setting are easily available to the user to change, it's just a little bit of a learning curve which I'm sure everyone will learn quickly and appreciate.
Well, that would be a game changer, I guess. I take it applications will have to be updated to do it? At least Foobar2000 still doesn't do it.
The text is in Spanish but it's basically pointing me to go to Settings to do the changes.

I mean, you tell me if you want to go one-by-one setting associations for Foobar200 when scrolling down the list of filetypes as fast as possible takes over 30 seconds lol
Posted on Reply
#84
lexluthermiester
windwhirlI mean, you tell me if you want to go one-by-one setting associations for Foobar200 when scrolling down the list of filetypes as fast as possible takes over 30 seconds lol
I've already been doing that. It takes an extra minute or two and it needs to be done only once.

However, I agree, the one click easy setting should be side by side with the fine-grained settings.
Posted on Reply
#85
Valent117
when the w11 iso was released i immediately wiped my laptop ssd (had w11 installed from w10 and laggy af) and made a dual boot w10 w11 instead, w11 is clearly running better althought there are some slowdown but it's cpu related as it's a (weak) i3 6100u
Posted on Reply
#86
R-T-B
windwhirlThat could be one possibility. Outside of DRM and Bitlocker, what other applications are there for a TPM? That don't require the user to go into configuring it or anything, an "it justs works" approach, a la Apple.
It's a glorified keylocker. Not much.
lexluthermiesterDo you really think that might be a possibility? Can think of a dozen or so ways why that wouldn't work.
It would work. I don't know why you think it wouldn't. But it'd just be another reason to avoid the ms-store.
lexluthermiesterI think it's microsoft trying to control the OS in a way that the normal user would have no idea how to change.
I doubt this. TPMs aren't really much more than hardware keylockers.
Posted on Reply
#87
trsttte
lexluthermiesterYou don't seem to understand how the things work, and I'm not going to detail it here. However, dropping the hammer on $16million worth of computers is not something most budgets will deal with. And that is but one facility.
Absolutely, upgrading a computer park costs a lot of money but like I said no one wants to work for free and at a certain point microsoft will want to sell another license to keep churning updates along. The alternative is a subscription model which I don't think we want either.

So what's the solution here right? In this case the easy answer would be for microsoft to not try to sell computers and just sell their software licenses (no free upgrades) and let manufacturers figure their business out (computers will still need to be bought anyway!), but they seem to have done a different deal. With how chromebooks are taking off maybe not the best plan to pull this kind of stunts but let's see how it goes I guess
Posted on Reply
#88
lexluthermiester
R-T-BIt would work. I don't know why you think it wouldn't.
No really, explain how/where ANY form of DRM would depend in TPM and SecureBoot?
R-T-BI doubt this. TPMs aren't really much more than hardware keylockers.
Oh? Please review the following and continue on till post #1031. This is not an isolated incident. Using SecureBoot to lock people out of their own PC makes troubleshooting impossible unless you crack the drive, but then that install of Windows will never boot again. SecureBoot does nothing for the average user. It only prevents people from modifying the data on their OS drive from outside the OS. There is no purpose to this other than for microsoft to lock an installation down from being altered. It is nothing but a slimy form of control. It also prevents use of all drive data encryption other than microsoft's own Bitlocker, which is known to have a back-door. Back-doors are NOT secure and running software that is not secure is, naturally, NOT good security.
trsttteSo what's the solution here right?
The solution is telling microsoft that these requirements are wildly inappropriate & unacceptable, followed by a metaphoric foot in the butt-crack, starting with the CEO.
trsttteand just sell their software licenses (no free upgrades) and let manufacturers figure their business out (computers will still need to be bought anyway!),
That too!
Posted on Reply
#89
karakarga
nVidia probably released their final drivers at August 31 2021 to their 6xx and 7xx series of graphics cards for Windows 7 and Windows 10, (maybe one more can come before October 2021). This is also a premature give up. Because, Windows 7 has one more year for paid customers. This means that, their paid Windows 7 will have no updates by means of graphics drivers by nVidia. They must logically have to extend 6xx and 7xx support at least for one more year, because there is a shortage at production we all know and the prices are too high. We will throw away whatever we got after 5 to 10 years, so paying too high for a new card is a truly money waste. Also, there is Windows 8.1, it's end of support date not yet reached either, which is 10 January 2023.

I have looked the new one, it is well not really good. I have installed open shell, and it placed it's start button to the left. The system either can be shut down from the left, or from the new menu. Seeing double menus made me laugh a bit! :) Stupid thing, I said....

Windows 10 is good, but I know how to update Windows 7 as well like paid customers with ESU bypass. I have started to think, do I have to use Windows 7 one more year or go through Windows 10. I have nVidia 670, 680, 770 and 780Ti on various machines based on Xeon v2, v3 and v4 CPU's. My latest is in my HP notebook, which carries a 3GB 1050. It has TPM 2.0 and Intel i7-1065G7 CPU. I will install Windows 11 to it, and see how it goes.
Posted on Reply
#90
R-T-B
lexluthermiesterNo really, explain how/where ANY form of DRM would depend in TPM and SecureBoot?
Encryption keys. Keys you can't easily get at.
Need I say more?
lexluthermiesterOh? Please review the following and continue on till post #1031.
You are confusing three seperate concepts in that post. TPM, edrive, and SecureBoot. Yes they can work together but his core issue appears to be edrive not tpm or secure boot.
Posted on Reply
#91
lexluthermiester
karakargaI know how to update Windows 7 as well like paid customers with ESU bypass.
Nice!
karakargago through Windows 10.
Unless you need DX12/RTX for gaming, stick with 7 if you know how to keep it secure.
R-T-BEncryption keys. Keys you can't easily get at.
That's not an example.
R-T-BNeed I say more?
Yuppers.
R-T-BYou are confusing three seperate concepts in that post. TPM, edrive, and SecureBoot.
No, I'm not. I'm not talking out of my butt. This is years worth of experience. SecureBoot is the runtime that locks a drive from casual outside access. SecureBoot requires TPM. Troubleshooting an installation from an external EBD is NOT possible with SecureBoot enabled. Using third party drive encryption with SecureBoot enabled is NOT possible(currently).
Posted on Reply
#92
R-T-B
lexluthermiesterThat's not an example.
Ok. I encrypt a game with keys stored in the TPM that can only be unlocked via a master key from something like ms store, steam, etc.

It can be done. Not sure how much more simple I can make it for you.
lexluthermiesterSecureBoot is the runtime that locks a drive from casual outside access.
No, it's a boot binary hash verifier. It's design is purely to protect against "evil-maid" attacks.
Now I know you are talking out of your butt, sorry.

PS: SecureBoot is something I use daily, and without a TPM I might add. We enroll our own TGC opal bootloader based on sedutil. No you can't see it.
Posted on Reply
#93
lexluthermiester
R-T-BOk. I encrypt a game with keys stored in the TPM that can only be unlocked via a master key from something like ms store, steam, etc.
That's not exactly what TPM was designed for, but you're right, I don't see any reason why it can't be adapted.
R-T-BNo, it's a boot binary hash verifier. It's design is purely to protect against "evil-maid" attacks.
If that were true, an attacker could easily disable TPM & SecureBoot, boot a USB drive, alter or steal data from the host drive, reboot and reenable the TPM & SecureBoot and act like it's not there. This would work because the keys in the TPM module were not replaced. And if we were talking about TPM 1.x it would work flawlessly. However, with TPM2.0 the dynamic changes...
R-T-BSecureBoot is something I use daily, and without a TPM I might add.
...and here it is. YOUR use-case-scenario is NOT what microsoft is doing.

Don't believe me? Install Windows 11 on a compliant system with everything enabled. Then, without changing any settings, try to boot a EBD like Hirens. When that fails, disable SecureBoot and try again. Let's see what happens when you get into the WinPE desktop... Yeah, have fun!
R-T-BNow I know you are talking out of your butt, sorry.
Stop being childish.
Posted on Reply
#94
R-T-B
lexluthermiesterIf that were true, an attacker could easily disable TPM & SecureBoot, boot a USB drive, alter or steal data from the host drive, reboot and reenable the TPM & SecureBoot and act like it's not there. This would work because the keys in the TPM module were not replaced. And if we were talking about TPM 1.x it would work flawlessly. However, with TPM2.0 the dynamic changes...
They can.

That's where edrive fills the gaps. TCQ opal and its ilk.
lexluthermiesterStop being childish.
I'm really not trying to be but I was quoting you, for the record
Posted on Reply
#95
lexluthermiester
R-T-BThey can.
Ok...
lexluthermiesterDon't believe me? Install Windows 11 on a compliant system with everything enabled. Then, without changing any settings, try to boot a EBD like Hirens. When that fails, disable SecureBoot and try again. Let's see what happens when you get into the WinPE desktop... Yeah, have fun!
...go for it.
R-T-BI'm really not trying to be but I was quoting you, for the record
...
Posted on Reply
#96
R-T-B
lexluthermiesterOk...

...go for it.

...
I'm unsure what you are aiming to prove with that. Of course it won't work. The encryption keys are likely in the TPM on a Windows 11 device. Secure boot isn't whats stopping you though, encryption is.

I've lost track of what you're even trying to establish, so out.
Posted on Reply
#97
lexluthermiester
R-T-BI'm unsure what you are aiming to prove with that. Of course it won't work.
That's what I've been saying. Tada!
R-T-BThe encryption keys are likely in the TPM on a Windows 11 device. Secure boot isn't whats stopping you though, encryption is.
The encryption scheme microsoft is employing doesn't work without SecureBoot. Tada!
R-T-BI've lost track of what you're even trying to establish, so out.
That's because you didn't seem to understand the context to begin with.
Posted on Reply
#98
R-T-B
lexluthermiesterThe encryption scheme microsoft is employing doesn't work without SecureBoot. Tada!
...

It can. You need to set some gpedit keys but yeah.

Still confused.
Posted on Reply
#99
simlife
eidairaman1W7 for me.
are you ok with cyber crime higher t hen its eever been to be on super super old tech... also why win 7 not 8 or 10 like billions have done if you have a flip phone then i understand why 2009 tech otherwise huh??,,
Posted on Reply
#100
lexluthermiester
R-T-BIt can.
Sure it can, but that's not what they're aiming for.
R-T-BStill confused.
Ok, what are you confused about?
simlifeare you ok with cyber crime higher t hen its eever been to be on super super old tech... also why win 7 not 8 or 10 like billions have done if you have a flip phone then i understand why 2009 tech otherwise huh??,,
Windows 7 is not insecure just because microsoft isn't supporting it. Let's not do that fearmongering crap.
Posted on Reply
Add your own comment
Copyright © 2004-2021 www.techpowerup.com. All rights reserved.
All trademarks used are properties of their respective owners.