I just finished my new build a month ago and the mobo doesn’t come with a TPM, of course (Asus Rog Strix Z590-E Gaming Wifi; it’s optional). While tracking one down, I noticed how difficult it was to find somewhere that sold them and, when I found one, I could see them vanishing from online stores quickly. Fortunately, I snagged one whether I needed to do so or not. They’re not expensive, and who knows how easy they’ll be to find once more people realize the requirement.
Now, someone tell me I didn’t actually need to scrounge one up because of some info I didn’t get to read in my haste to grab one.
More useless shit I instantly turned off. MS keeps adding useless shit. Cortana, the “people bubbles”, the new weather thing in the taskbar, it all gets turned off. As long as they allow me to keep turning off their useless shit, I guess I’m OK with it, but it would be lovely if they added stuff that doesn’t suck.
It won’t have a native TPM, but should have one bios option that offloads it to the CPU.
Btw, the CPU requirement list only includes the last 3-4 years CPU and nothing else. I don’t know if it’s enforced, but nothing beside the latest hardware meets minimum specs.
Yeah, hunting through the BIOS I found Secure Boot settings that had Other OS selected (instead of Windows UEFI) and a setting for Custom instead of Standard. I also found encryption keys already stored. I’m guessing what the checker missed was that I have to change those settings, but the documentation on the proper way to do it and what the settings means is lacking from Asus. I was about to change the settings but figure I better find out the best way to manage this before I do something wrong (like: am I supposed to clear the keys before changing the settings?).
I’ve only managed TPM on laptops, and all those just required me to enable it.
Cant it at least be moved to the top? That’s where mine are :(.
Fun story. After changing out my motherboard Windows refused to activate (would error when going through the “use this PC’s old license” process). But the monitors got reset when it first booted up, so it ended up with one monitor with the taskbar at the top and the other monitor with the task bar at the bottom, and since it wasn’t activated I couldn’t change it. That was really annoying.,
What’s funny about this is the last 2 motherboards I installed had TPM disabled by default (latest technically didn’t have it disabled, but had it set to use the discrete TPM (of which I don’t have).
So this is going to cause a lot of fun when people try to install windows 11 and start having to figure out how to navigate bios screens.
So is there any reason not to enable TPM in bios right now if I can? I’m not really up to date on the specifics of what it does, I only know really really basic generic things about it.
I noticed in the presentation something about “some Windows 10 PCs” are eligible for the upgrade.
Part of what Panos was also saying about the most secure versions of Windows, too.
It makes sense. If you’re going to rely on stuff like drive encryption and biometrics, you need a secure place to store the keys.
And MS has been requiring TPM as a requirement for OEMs for Windows certification since 2016. MS probably feels like it’s time. Non-TPM systems will remain on Win 10, which has like four more years of support. Anyone with a relatively new system will be okay, as Intel and AMD have been including firmware TPMs for years. But I have a pair of Haswell machines that do not have TPM.
Sucks, but by the time Win10 hits EOL, they will be 12 years old. Ancient technology.
We have also partnered closely with our OEM and silicon partners to deliver the most secure version of Windows ever. We increased the security baseline by requiring a security chip like the TPM2.0, and ensuring protections like Hardware-Based Isolation, Secure Boot and Hypervisor Code Integrity are built in and turned on by default to protect from malware and sophisticated attacks.
It’s also sounding like TPM 1.2 is the hard floor. MS is saying TPM 2.0, but TPM 1.2 will get you through.
Hardware Requirements
There are new minimum hardware requirements for Windows 11. In order to run Windows 11, devices must meet the following specifications. Devices that do not meet the hard floor cannot be upgraded to Windows 11, and devices that meet the soft floor will receive a notification that upgrade is not advised.
Hard Floor:
CPU: Core >= 2 and Speed >= 1 GHz
System Memory: TotalPhysicalRam >= 4 GB
Storage: 64 GB
Security: TPM Version >= 1.2 and SecureBootCapable = True
Smode: Smode is false, or Smode is true and C_ossku in (0x65, 0x64, 0x63, 0x6D, 0x6F, 0x73, 0x74, 0x71)
I would be careful if you use the TPM for bitlocker, as if you later reset your BIOS to factory defaults you could render a bitlocker-encrypted drive unreadable.
Anyway, I just turned TPM on, with AMD it’s in the CPU and not a separate chip.
I have a discrete TPM module. The Bitlocker recovery key is automatically backed-up to OneDrive. I disable Bitlocker before any BIOS update (the most recent one was last weekend). The one time I forgot to do that, it prompted for a recovery key after BIOS update. Typed it in, and it was satisfied. Didn’t need to input it on subsequent reboots.
According to Intel, Bridge itself is a run-time post compiler that translates applications that are compiled for non-x86 platforms (in this case, Android applications) into x86 instructions (which can run on Windows 11 with Intel or AMD CPUs). It’s a bit like a reverse version of Apple’s Rosetta software for its M1 Macs — but instead of converting x86 applications to run on Arm, it’s letting Arm-based apps run on x86 chips.
