Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TPM 2.0 Is Mandatory For Windows 10 Anniversary Edition


  • Please log in to reply
13 replies to this topic

#1 Rocky Bennett

Rocky Bennett

  • Members
  • 2,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:11:02 AM

Posted 13 May 2016 - 06:39 PM

Come July of 2016 when Microsoft releases the anniversary edition of Windows 10, every computer must have TPM 2.0 enabled in order to install and use this anniversary edition.
 
http://sec.ch9.ms/slides/winHEC/03_WindowsSecurity.pdf
 
https://technet.microsoft.com/en-us/itpro/windows/keep-secure/tpm-recommendations

Edited by Queen-Evie, 15 May 2016 - 08:02 AM.
moved from Windows 10 Support to Windows 10 Discussion

594965_zpsp5exvyzm.png


BC AdBot (Login to Remove)

 


#2 bludgard

bludgard

  • Members
  • 934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:No Clue Whatsoever, Western Hemishere
  • Local time:12:02 PM

Posted 13 May 2016 - 10:10 PM

Crazy how all this security is needed when the machine sends all info to MS anyway....

Windows 10 = :smash:



#3 x64

x64

  • Members
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London UK
  • Local time:06:02 PM

Posted 14 May 2016 - 02:18 AM

@RockyBennett - It looks as if it is requirement for new computer models  - not for existing systems, or existing product lines (as they are at the moment). There is a mention of updating hardware which could be read a couple of ways, but I read it as 'if a manufacturer updates the specification of an existing product line, then that updated product must include a TPM2.0 to be Windows 10 compliant'.

 

@Bludgard - You are getting privacy and security muddled up - The privacy issues (be they slighted or real) have been done to death many times in other threads - let's not go there again here - Please!!!!!!!. TPM is a security device - it has nothing to do with privacy.

 

General comment: I'd expect there to be a way around it anyway. For example - Bitlocker on Win 10 supposedly requires a TPM - I wholeheartedly agree that Bitlocker without a TPM (or key on removable USB media) is nowhere as secure as it is with, but it CAN be enabled to use a boot time password instead. No way could MS (who have worked so hard to get millions of old PCs upgraded to win 10, invalidate the old hardware platforms, which for desktop PCs would likely NOT include any form of TPM. Bear in mind that as the periodic updaes are mandatory (even if you defer them).

 

x64



#4 Rocky Bennett

Rocky Bennett
  • Topic Starter

  • Members
  • 2,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:11:02 AM

Posted 14 May 2016 - 03:18 AM

x64, thanks for the insight. I am still studying this but you did give me some new information that helps me to understand this.


594965_zpsp5exvyzm.png


#5 rp88

rp88

  • Members
  • 2,937 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:02 PM

Posted 14 May 2016 - 11:19 AM

Bitlocker and TPMs may improve security but only against local attackers, they will not make things any harder (or easier) for the majority of attackers who are anywhere from half a city to half a world away and coming at you across the internet. So yes they improve security, but in the context of the threats most people face having a good antivirus/ second opinion scanner/anti-exploit program/script blocker/adblocker is much more important.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#6 bludgard

bludgard

  • Members
  • 934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:No Clue Whatsoever, Western Hemishere
  • Local time:12:02 PM

Posted 14 May 2016 - 09:06 PM

@Bludgard - You are getting privacy and security muddled up....

:lmao:

It is my reckoning that privacy is the only security we may have....

Thanks, though, for trying to sort me out.



#7 JohnC_21

JohnC_21

  • Members
  • 22,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 17 May 2016 - 11:54 AM

Anybody remember this about TPM?

 

http://investmentwatchblog.com/leaked-german-government-warns-key-entities-not-to-use-windows-8-links-the-nsa/



#8 bludgard

bludgard

  • Members
  • 934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:No Clue Whatsoever, Western Hemishere
  • Local time:12:02 PM

Posted 17 May 2016 - 09:37 PM

Ya... Got it disable in BIOS on laptops and other devices. Run Kill Windows 10 to rid 7 of all related telemetry,  rid system of any/all "security" related OEM software and stay away from latest BIOS (Win 10 "optimized") that cannot be reverted after update.

Worrysome how a paranoid like me has to jump through such hoops and go off-grid. LOL

:flowers:

 

Edit: Paranoia is not from anything I have done or have to hide... it has more to do with a rebellious nature and not being impressed with the new OS, It's GUI or it's increasing "requirements" to run defectively.


Edited by bludgard, 17 May 2016 - 09:47 PM.


#9 Niweg

Niweg

  • Members
  • 802 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US of A
  • Local time:12:02 PM

Posted 21 May 2016 - 11:55 AM

 From doing some looking around, I've verified that Bitlocker isn't available on the Windows 10 Home version (as I thought was the case), so that raises some questions for me.  Does the TPM requirement affect Win 10 Home users?  If so, how, what encryption software would use it?  I gather that this only pertains to the Pro & Enterprise versions of Windows 10, is that right?  Do we know now  or will we have to give it "the fullness of time" to find out?


Make regular full system backups or you'll be sorry sooner or later.


#10 Niweg

Niweg

  • Members
  • 802 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US of A
  • Local time:12:02 PM

Posted 22 May 2016 - 12:53 PM

 I just ran across this article describing hardware requirements for the Anniversary Edition here.

https://msdn.microsoft.com/en-us/library/windows/hardware/dn915086%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396 .

 

 The TPM requirement appears to be required for all new Windows 10 systems MS calls Windows 10, version 1607.  

  

 They're also requiring UEFI which raises the question of whether I'll be able to run this new version on my 5 year old test desktops.

  

 They don't talk about Home vs Pro editions.

 

 If you're looking for something with a ton of buzzwords, look no further!


Edited by Niweg, 22 May 2016 - 01:02 PM.

Make regular full system backups or you'll be sorry sooner or later.


#11 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 6,871 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:01:02 PM

Posted 22 May 2016 - 01:08 PM

Niweg,

 

        I don't read it that way based on Section 3.7.  This appears to apply to hardware produced after a certain date when TPM was implemented.

 

        I will admit that this is, to me, a conflict with their "required" statement in the earlier table.  I just do not believe that suddenly Windows 10 is not going to run on the untold millions of machines that were upgraded that don't have this capability.  Since I know that the "born on" date for a given motherboard is able to be queried I'd have to think this will be done and a decision branch implemented depending on what comes back.

 

        I may be wrong and time will tell, but I just don't see MS yanking the rug out from those who have older hardware and that they've really pushed to upgrade.  In fact, were they to yank out that proverbial rug, I'd see a class action suit coming from several planets away from earth.


Brian  AKA  Bri the Tech Guy (my website address is in my profile) Windows 10 Home, 64-bit, Version 1709, Build 16299

       

    Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
             ~ Lauren Bacall
              

 


#12 Niweg

Niweg

  • Members
  • 802 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US of A
  • Local time:12:02 PM

Posted 22 May 2016 - 05:23 PM

 Britechguy, I hope you're right.  As usual MS doesn't make this exactly crystal clear.  The part that makes me wonder is the Table 3 part that says UEFI is required without making it clear whether it pertains just to new computers or not.  Oh well, we'll find out for sure in just over two months.


Make regular full system backups or you'll be sorry sooner or later.


#13 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 6,871 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:01:02 PM

Posted 22 May 2016 - 06:19 PM

 Britechguy, I hope you're right.  As usual MS doesn't make this exactly crystal clear.  The part that makes me wonder is the Table 3 part that says UEFI is required without making it clear whether it pertains just to new computers or not.  Oh well, we'll find out for sure in just over two months.

 

Since you can't plop UEFI in to hardware that was manufactured before it existed (at least not reasonably or economically), and because there are untold millions of those pieces of hardware now running Windows 10, I am virtually certain it applies to hardware built after UEFI was introduced.

 

It's also possible that MS will keep a build branch of Win10 for "old hardware" and another for "new hardware".

 

It would not make any sense, and particularly from a "dollars and cents" perspective, not to mention a PR one, to make millions of users that you encouraged, strongly, to upgrade instant orphans.

 

There are definitely all kinds of stupid that Microsoft has proven itself to be at different times, but virtually none of those could have been foreseen as cutting off a huge chunk of the current embedded base, and this would.


Brian  AKA  Bri the Tech Guy (my website address is in my profile) Windows 10 Home, 64-bit, Version 1709, Build 16299

       

    Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
             ~ Lauren Bacall
              

 


#14 Niweg

Niweg

  • Members
  • 802 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US of A
  • Local time:12:02 PM

Posted 22 May 2016 - 07:40 PM

"It's also possible that MS will keep a build branch of Win10 for "old hardware" and another for "new hardware".

 

Yes, that's the part that I'm concerned with.  Just like there were some older PCs that couldn't upgrade to Windows 10 because they didn't have certain features like they say in section 3.1 where they say a CPU has to:

  • Supports PAE, NX and SSE2.
  • Supports CMPXCHG16b, LAHF/SAHF, and PrefetchW for 64-bit OS installation.

 My concern is not whether existing Windows 10 systems will continue to be supported on existing hardware.  Rather it's whether I'll continue to be able to test the NEW Anniversary Edition builds will run on my 5 year old hardware.  It's not a monumental big thing like what you describe, it's just whether I'll finally have to toss the old hardware and get new hardware for testing insider builds.  Like I say, it's no monumental big deal.  I've gotten 5 good years of use out of the old hardware, so sooner or later I'll have to spend a few hundred bucks for new hardware; I just hope it's later!   :rolleyes:

It's also possible that MS will keep a build branch of Win10 for "old hardware" and another for "new hardware".


Make regular full system backups or you'll be sorry sooner or later.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users