Monday, August 30th 2021

Microsoft to Ban Unsupported Machines from Windows 11 Updates

With pre-release builds of Microsoft's upcoming operating system, Windows 11, doing rounds, the PC enthusiast community has developed various workarounds to the system requirement of a hardware trusted-platform module 2.0 (TPM 2.0) for the operating system. Microsoft itself also suggested that those on older machines (without TPMs), who cannot upgrade from Windows 10 to Windows 11, have the option of performing a clean-installation of the new operating system using its ISO installer disk image.

These machines, however, will be treated as "unsupported," will not have access to Windows Update, and may potentially be barred from receiving important security updates. Microsoft recommends, however, that those who don't meet the system requirements of Windows 11 remain on Windows 10. The company plans to maintain support for Windows 10 up to October 14, 2025, which means four more years of security updates for the older operating system. The choice, hence, would be between upgrading hardware to meet Windows 11 requirements, or to remain on Windows 10 until Q4-2025.
Source: HotHardware
Add your own comment

117 Comments on Microsoft to Ban Unsupported Machines from Windows 11 Updates

#101
R-T-B
lexluthermiesterOk, what are you confused about
How we got from my comment about TPM being used for DRM, to whatever point this is we are aparently trying to make.
Posted on Reply
#103
lexluthermiester
Andy ShiekhI wonder if TPM 1.2 will be enough
That is what microsoft defined as the "hard floor" for TPM.
Posted on Reply
#104
rvalencia
lexluthermiesterThat's not exactly what TPM was designed for, but you're right, I don't see any reason why it can't be adapted.

If that were true, an attacker could easily disable TPM & SecureBoot, boot a USB drive, alter or steal data from the host drive, reboot and reenable the TPM & SecureBoot and act like it's not there. This would work because the keys in the TPM module were not replaced. And if we were talking about TPM 1.x it would work flawlessly. However, with TPM2.0 the dynamic changes...

...and here it is. YOUR use-case-scenario is NOT what microsoft is doing.

Don't believe me? Install Windows 11 on a compliant system with everything enabled. Then, without changing any settings, try to boot a EBD like Hirens. When that fails, disable SecureBoot and try again. Let's see what happens when you get into the WinPE desktop... Yeah, have fun!


Stop being childish.
It's Secure Boot, TPM, and Bitlocker with TCG/Opal V2.0/IEEE1667 chain. Having just Secure Boot and TPM wouldn't complete the data security for corporate use.
Posted on Reply
#105
ThrashZone
simlifeare you ok with cyber crime higher t hen its eever been to be on super super old tech... also why win 7 not 8 or 10 like billions have done if you have a flip phone then i understand why 2009 tech otherwise huh??,,
Hi,
lol yeah I use win-7 daily on a few machines and the sky has not fallen and the world hasn't ended as so many have said it will :laugh:
I'm not even using this updates crack either I see no more updates as a long deserved holiday from MS trying to break win-7 every month lol

7 ESU Bypass
Posted on Reply
#106
Razrback16
windwhirlYou can choose to enable Bitlocker or not, you're not forced to use it.
Thanks!
Posted on Reply
#108
jelabarre59
Good side of this is their system might stop trying to send MSWin11 updates to my MSWin10 Tech Preview test machine.

I looked through my systems, and NONE of them are supported under MSW11. My work laptop could, but that runs Linux as is right and proper.

So MSW10 is supported up through late 2025? Fedora 42 should be even more kick-ass by then, so you won't need MSWin anymore.
Posted on Reply
#109
chrcoluk
Am I the only one thinking some people will be looking for ways to emulate not having a TPM so they are released from forced updates?
Posted on Reply
#110
windwhirl
chrcolukAm I the only one thinking some people will be looking for ways to emulate not having a TPM so they are released from forced updates?
It's already happening, probably :laugh:
Posted on Reply
#111
ThrashZone
Razrback16Thanks!
Hi,
Ran into this yesterday to make sure
Turn off crap bitlocker features in 11

fsutil behavior set disableencryption 1
cipher /d /s:C:\
reg add "HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices" /v "TCGSecurityActivationDisabled" /t REG_DWORD /d "1" /f
sc config BDESVC start= disabled
sc config "EFS" start= disabled
Posted on Reply
#112
lexluthermiester
chrcolukAm I the only one thinking some people will be looking for ways to emulate not having a TPM so they are released from forced updates?
There will be many other reasons for bypassing the limitations..
Posted on Reply
#113
micropage7
i guess that's the reason my pentium laptop with 12gb ram not got updated and crappy i3 with 4gb got update
Posted on Reply
#114
ThrashZone
chrcolukAm I the only one thinking some people will be looking for ways to emulate not having a TPM so they are released from forced updates?
Hi,
Using Virtual machine with hyper-v or kvm there is already a emulator for uefi & tpm that I've read
Kind of a lame way to use an os to me though.
Posted on Reply
Add your own comment
Copyright © 2004-2021 www.techpowerup.com. All rights reserved.
All trademarks used are properties of their respective owners.