This movement is not about security. It's about control.<p>This is a decision that benefits their business and it doesn't matter if they need to force you into something.<p>The practical effect is they are forcing you to spend more money. They win and their business partners win.
This is bullshit. I have a custom gaming desktop with an i7-6700k. It's still a very powerful system that can play AAA games on high or ultra settings. There's no good reason to drop support other than forcing people to upgrade.
In a few years, I can imagine governments mandating that all computing devices come with these chips, ostensibly for cyber-security purposes.<p>The question is, what happens after that? Do they mandate that your connection to your ISP be secured with the TPM too? That way they can also require that your OS provide remote attestation that it is has applied all the relevant security patches.<p>By the end of the decade, I predict that it will be almost impossible to run "unapproved" software on any computer connected to the internet. I also suspect that "unapproved" software will include any software that supports End-to-End encryption, or even anonymity online.
We use refurbished HP Xeon Workstations, Z240s, etc. and they only support TPM 1.2 and cannot be upgraded to TPM 2.0 according the what I can learn from HP's online support.<p>Unless I am missing something, our machines will not run Windows 11. It seems this will occur with many people using refurbished machines. So odd.
How do we know for certain that TPM chips do not have any lawful intercept code that permit an entity to bypass disk encryption and possibly even authentication should MS decide to tie authentication caching to TPM?
I wonder how related to Microsoft Pluton this change is. I suppose it's going to be very beneficial for Microsoft to have a security chip to rely on for all sorts of uses, beneficial to the end user or very much not. This change may or may not be a precursor. Personally, I've always disabled TPM on Windows machines — I've never seen any benefit in keeping it enabled and possibly letting applications use it against me, furthermore the decent-against-thefts-on-non-critical-devices BitLocker (in its GUI form, CLI doesn't need the registry fix) really wants you not to use a password to decrypt the drive.
Chip hoarders in China seem go have bought all TPM 2.0 stock on the market.<p>Now there will be no new TPM chips at least for a year because of extreme 12 months+ backlog at chip foundries.<p>So, Win 11 is delayed at least for a year.
I assume it will be possible to work around this, whatever Microsoft decides? Shouldn't a driver be able to emulate a TPM, for example? Or you could even have the bootloader patch the kernel, as is common on Hackintosh.