Thanks to Windows 11, Scalpers Buy Out Add-on TPM 2.0 Modules

[trparky]

Yes, I practice safe computing habits but for once I'd like to be able to let my guard down without everyone trying to destroy my systems while doing so.

 

[lexluthermiester]

Yes, I practice safe computing habits but for once I'd like to be able to let my guard down without everyone trying to destroy my systems while doing so.

Install and learn how to properly use a firewall other than the windows firewall. You will then be able to browse and use the net without much worry.

 

[VEGGIM]

if it will make anyone happy, windows 11 pro doesn't require you to have a Microsoft account to sign in

 

[Mussels]

if it will make anyone happy, windows 11 pro doesn't require you to have a Microsoft account to sign in

I'm all for that... and now we know which one the pirates will aim for too

 

[Easo]

And writing comments like this, trying to look "cool", make you look like a shill, and not a particularly Intelligent one

As opposed to people talking about sheeps and big bad corpos in comments? Hah... Years in IT support painted a very clear picture of the average computer user and where majority of issues comes from, no matter the OS. People either do nothing or listen to the so called enthusiasts and tech experts writing "Winblows" and suggesting doing stuff like disabling Windows Update so that "M$ does not spy on them". Afterwards there is surprise about why their data was encrypted/stolen, "Windows became slow" or why the computer in question is another node of some botnet.

Install and learn how to properly use a firewall other than the windows firewall. You will then be able to browse and use the net without much worry.

Almost as if firewall alone fully protects you. No, no they do not. Firewall is not going to stop anything if you open a breached webpage, or a specifically crafted one. Add to it vulnerability chaining for more fun.

 

[lexluthermiester]

if it will make anyone happy, windows 11 pro doesn't require you to have a Microsoft account to sign in

Do you have a link where you read this?

Almost as if firewall alone fully protects you. No, no they do not.

No, not fully. But a good firewall is a solid method of defense. Discounting the value of one is a fools errand.

Firewall is not going to stop anything if you open a breached webpage, or a specifically crafted one.

As I said, properly configured firewall. A good and properly configured browser is important. However a good computing ethic is important too.

 

[trparky]

A good and properly configured browser is important.

Yes. With a good adblocking extension and a good filter list. That and employing Windows Defender's Exploit Protection Technology that injects a special DLL into the memory space of the browser to protect it with a number of protection types such as blocking untrusted fonts, code integrity guard, control flow guard, disabling of extension points, disabling of Win32k system calls, export address filtering, mandatory ALSR, import address filtering, and others that help block known exploit types even against zero-day exploits. These protections basically harden the program in question to protect it from a whole class of exploit techniques.

You can read about these protection techniques at the Microsoft article linked below...
Customize exploit protection | Microsoft Docs

 

[sweethoneybee]

Do you have a link where you read this?

It´s written in the system requirements that only Win11 Home requires a MS account:

Windows 11 Specs and System Requirements | Microsoft Windows

Find an overview of Windows 11 specs and features from Microsoft. Learn about the device specifications, versions, and languages available for Windows 11

www.microsoft.com

Btw: NTLite is a very good tool to create your own Win11 as soon as the final version is out at the end of this year. I´m using it for Win10 since many years and throw out everything that i don´t want from MS:

NTLite

Official NTLite website

www.ntlite.com

 

[lexluthermiester]

Yes. With a good adblocking extension and a good filter list. That and employing Windows Defender's Exploit Protection Technology that injects a special DLL into the memory space of the browser to protect it with a number of protection types such as blocking untrusted fonts, code integrity guard, control flow guard, disabling of extension points, disabling of Win32k system calls, export address filtering, mandatory ALSR, import address filtering, and others that help block known exploit types even against zero-day exploits. These protections basically harden the program in question to protect it from a whole class of exploit techniques.

You can read about these protection techniques at the Microsoft article linked below...
Customize exploit protection | Microsoft Docs

Some people trust microsoft. Some do not.

It´s written in the system requirements that only Win11 Home requires a MS account:

Windows 11 Specs and System Requirements | Microsoft Windows

Find an overview of Windows 11 specs and features from Microsoft. Learn about the device specifications, versions, and languages available for Windows 11

www.microsoft.com

Btw: NTLite is a very good tool to create your own Win11 as soon as the final version is out at the end of this year. I´m using it for Win10 since many years and throw out everything that i don´t want from MS:

NTLite

Official NTLite website

www.ntlite.com

Doesn't mean they won't try to enforce it.

 

[sweethoneybee]

Doesn't mean they won't try to enforce it.

Shure, we have to wait for the final anyway...

 

[dorsetknob]

As its now A Windows 11 Requierment ...........will motherboard manafactures Now include a TMP module in the box ? or Hard wire one into Motherboard..

 

[Athlonite]

Atleast some of you can find one to buy I can't even find a single one here in Gougelandastan (New Zealand)

 

[Mussels]

As its now A Windows 11 Requierment ...........will motherboard manafactures Now include a TMP module in the box ? or Hard wire one into Motherboard..

been hardwired at a firmware level for many years now

 

[windwhirl]

As its now A Windows 11 Requierment ...........will motherboard manafactures Now include a TMP module in the box ? or Hard wire one into Motherboard..

Doesn't matter, AMD & Intel CPUs have a TPM integrated on die these days.

I imagine that some motherboards do not expose the option to enable it, though.

 

[Totally]

Doesn't matter, AMD & Intel CPUs have a TPM integrated on die these days.

I imagine that some motherboards do not expose the option to enable it, though.

It isn't just firmware tpm, otherwise it the add-ons wouldn't be needed for x570 boards. e.g.: next to the safe boot and retry buttons

 

[windwhirl]

It isn't just firmware tpm, otherwise it the add-ons wouldn't be needed for x570 boards. e.g.: next to the safe boot and retry buttons

You can use the fTPM,since it's a TPM 2.0 implementation. The slot is there if you want to use a different TPM or a previous one you already had.

 

[RedBear]

It isn't just firmware tpm, otherwise it the add-ons wouldn't be needed for x570 boards. e.g.: next to the safe boot and retry buttons

It's not needed for Windows 11. The TPM header is there because firmware TPM is relatively more vulnerable and some people might just require the additional security of a discrete TPM module.

Still, it looks like this is indeed going to cause quite a bit of confusion.

 

[R-T-B]

Secure boot is not mandatory

Why do you think this? The official compatability tool suggests otherwise.

You can call it hardware based security. More about it on https://en.wikipedia.org/wiki/Trusted_Platform_Module#History

We seriously need to wake up and realize hardware security is a flawed model.

 

[Zubasa]

I imagine that some motherboards do not expose the option to enable it, though.

It is the opposite, many OEM machines do not have the option to disable TPM.

 

[totalfreq]

It is the opposite, many OEM machines do not have the option to

For intel (my experience with dells mostly...but hundreds of them, the person ordering always ordered vPro and since we didnt need OOB access I would always kill it). Download intel managment and security software and enable MEBx. Reboot hit ctrl+p. For dells youll have to go through a passsword reset (just google the procedure). Then in mebx disable AMT.

When you go back in the OS it will be disabled. This will kill TPM and vPRO

This has worked on every dell Ive cone acrkss in the past 2 decades...cant sspeak for other pkatgorms though and most of the machines were precisions, latitudes and servers...not home versions like vostro.

 

[Aleksandar_038]

Seriously, people, which smartphones you are using?

Judging by outcry against "Microsoft Espionage" via damned Microsoft account and hysteria against TPM, I assume those who commented are using some very special OS on their smartphone?

Or you all using Android and iOS, have there Facebook, proper Google and Apple account (because you have to) and now you just fall into hysteria because you can?

If Windows is so unimportant, go install Linux and stop babbling about it... For Christ sake, every second post is about "I am switching to Linux, Linux is great, Linux, Linux...", and very few about subject.

And, finally, Microsoft will surely force TPM requirements only on Pro and upper versions, Home versions will be left without it, because it is not in their interest to slow down upgrade - quite contrary, they want as many people as possible, as fast as possible, to switch to 11...

 

[dogwitch]

For intel (my experience with dells mostly...but hundreds of them, the person ordering always ordered vPro and since we didnt need OOB access I would always kill it). Download intel managment and security software and enable MEBx. Reboot hit ctrl+p. For dells youll have to go through a passsword reset (just google the procedure). Then in mebx disable AMT.

When you go back in the OS it will be disabled. This will kill TPM and vPRO

This has worked on every dell Ive cone acrkss in the past 2 decades...cant sspeak for other pkatgorms though and most of the machines were precisions, latitudes and servers...not home versions like vostro.

bet then hp....

 

[zlobby]

Why do you think this? The official compatability tool suggests otherwise.


We seriously need to wake up and realize hardware security is a flawed model.

Only dynamic root of trust has the theoretical potential to achieve good security, if done right, that is.

Yes, I practice safe computing habits but for once I'd like to be able to let my guard down without everyone trying to destroy my systems while doing so.

Sorry. For as long as there are systems there will be people who will try to break in into them. Letting our guard down is not a luxury we have.

 

[R-T-B]

if done right

That will never happen. It's precisely why hardware security is such a bad idea.

It's like saying "everything will be ok as long as we write a perfect, flawlwess, bug free program."

That never happens. And while you can patch software easily, hardware is... not as easy.

 

[Athlonite]

for those with AMD platforms with supported AMD CPU's check your UEFI settings try finding the setting that chooses which TPM device to use you should see two options available
option 1: dTPM = Discrete TPM module plugged into your mobo choosing this setting disables fTPM
option 2: fTPM = AMD's built in TPM2.0 compliant module

If it's set to option 1 then choose option 2 save and reboot once into windows rerun the health ap and it should tell you YES instead of NO for being able to run Windows 11

You'll also find a new Device listed under Security Devices in Device Manager like this