this post was submitted on 03 Dec 2024
1073 points (99.2% liked)
Technology
59972 readers
3613 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I still fail to see how windows 11 was anything but a collusion scam to sell new hardware.
None of the changes including TPM requirements required a new iteration. Nothing about the underlying NT dropped any of the old and antiquated BS despite Microsoft hiring some morons to advertise the fact on reddit to all the insiders asking questions.
They even let the media pick up a fake report that Windows 11 was related to the Core OS and a brand new kernel was in the works.
If Microsoft wanted a marketing strategy, they could have properly started naming feature updates and adverising them similar to Apple.
8, 10, and 11 have also been a pain on enterprise because Microsoft axed their QA team. I seriously hope any new firms start considering linux desktop as a valid option. All they really need is a vendor to offer a solid distro along with an agreement to rapidly create/deploy any software solution so they don't get scared looking at the cheap entry windows stuff.
You're absolutely right. The fact that people can work around the requirement for UEFI, TPM, and SecureBoot shows that it still runs fine on legacy BIOS. I've been saying this forever, it's like a car radio company telling car dealerships to only allow them to be installed into cars with car alarms and then claiming that the radio is secure (when the security is a feature of the car, not the radio). It's such bullshit...
You talk as if this is some sort of special trick.
You're able to work around those things precisely because they have been designed to be turned off.
Running a business system with the TPM turned off is madness,, whcih will pretty much guarantee a ransomware attack,.
I cannot install Windows 11 on my computer without using a hacky work around because Windows 11 "requires" SecureBoot and TPM, but my computer doesn't even have UEFI.
Don't be silly, it was also about putting dedicated spyware and even more ads into your OS.
It was Microsoft's kickback to Intel and later Qualcomm.
This is completely wrong.
The TPM is a hardware feature, so you need to update the whole system. The software patch is too slow to be useful.
The uptake level is expected given falling PC sales and the fact that upgrading is limited.
The TPM is not a dedicated cryptographic processor, it's an external keystore with a few select functions. You're thinking of an HSM which is used almost exclusively in servers that have to handle thousands of secrets per second.
CPUs have had dedicated AES hardware for decades which is why LUKS and Bitlocler use it by default.
The TPM just allows certain keys and secrets to be generated and stored physically separate from the CPU as a security measure.
Bitlocker and LUKS will store a master key in the TPM so that you don't have to enter a password every time you boot. They retrieve it from the TPM and then use it to unlock the actual encryption key which is done entirely in the CPU. If the TPM detects foul play such as secure boot alteration, it will refuse to give the key or clear itself.
Using the TPM for constant encryption like at rest disk encryption would be way too slow.
It's so so small that most modern TPMs have been integrated into the CPU or even simulated via the motherboard firmware (fTPM and PTT).