The Trusted Platform Module has just become important

Topic

New Reply

HARDWARE By Ben Myers Microsoft has said that the Trusted Platform Module 2.0 is a firm requirement for Windows 11. Why? The leak of an early version
[See the full post at: The Trusted Platform Module has just become important]

2 users thanked author for this post.

Pim, abbodi86

Reply | Quote

Replies

It is somewhat ironic that an operating system intended to be trusted was leaked.

Its not ironic, it was on purpose. After nearly decade of “you must update” attitude, te opposite “you cant have it” gave Microsoft amazing ammount of free betatesting. TPM module is a good thing, when it comes to encrypting, thus I consider the requirement of TPM as a wise descision.

Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise

HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

PRUSA i3 MK3S+

Reply | Quote

Question

I have an ASUS TUP Z390 Plus motherboard which uses Intel Platform Trust Technology (PTT) not true TPM 2.0.  When I turn on PTT in the BIOS apps like WhyNotWin11 and WindowsPCHealthCheckSetup say that my ready for Windows 11.

Is truly the case or do I need a “true” TPM 2.0 motherboard?  I get mixed messages from what I am reading and being told.  It would be nice to know exactly what the heck the requirements of Win11 are – right now it seems like a moving target with each leak of new or changed info.

Custom Build - Intel i5 9400 5 Core CPU & ASUS TUF Z390 Plus Motherboard
Edition Windows 10 Home
Version 22H2

Dell Laptop - Inspiron 15 11th Generation Intel(R) Core(TM) i5-1135G7 Processor
Edition Windows 11 Home
Version 23H2

Reply | Quote

Can the chip based Intel Platform Trust Technology (PTT) be turned on while leaving Secure Boot turned off?

Is there any benefit to turning PTT on in Windows 10?

Windows 10 Pro x64 v22H2 and Windows 7 Pro SP1 x64 (RIP)

Reply | Quote

blueboy714 wrote:

Is truly the case or do I need a “true” TPM 2.0 motherboard?

You are good for Win11 with PTT.

Reply | Quote

Those who wish to continue using older tech can easily do so without the need of disposing of a perfectly good device because microsoft says so in it’s PRE final based OS..this may change. In any case, windows 10 still has another 4 years of support, then there are options such as linux mac android iOS or chrome. This will be my last microsft misadventure using windows 10, what a waste of time

Reply | Quote

There is a registry/software workaround that allows upgrading to the Insiders Preview.  I just used it again today.  My hardware is circa 2013, 4th generation.

With some experience, it can also be used for a clean install, but I don’t do those, only upgrades.

GoneToPlaid wrote:

How to bypass the TPM check during Windows 11 installation: https://www.bleepingcomputer.com/news/microsoft/how-to-bypass-the-windows-11-tpm-20-requirement/

Windows 11 RTM will still have a registry, and there will still be hacks available.

What’s curious to me is why the Microsoft/Windows 10 bashers are sweating Windows 11.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

1 user thanked author for this post.

Pim

Reply | Quote

bbearren wrote:

What’s curious to me is why the Microsoft/Windows 10 bashers are sweating Windows 11.

Many Microsoft/Windows 10 bashers are those who use it. They bash MS in the forlorn hope that MS will hear them and clean up their act. It hasn’t happened yet, but the odds are better if they speak their minds than if they give up and accept what MS is willing to give them.

Those MS bashers who are sweating Windows 11 are not the ones like myself who moved on to greener pastures… it’s those who are still using Windows, and who would like to make the choice for themselves whether to upgrade to Windows 11 on their relatively recent hardware (including that sold to them by Microsoft itself), rather than have MS make the choice for purported reasons as dubious as those MS has given for the existence of Windows 11 itself.

Woody was something of a MS/Windows 10 basher himself, and so are lots of other tech media figures, like Joel Hruska at ExtremeTech (who upgraded to Win 10 years ago, warts and all). When MS or any other tech giant misbehaves, it’s not doing Windows users any favors to not call them out, as it is so often in the Windows 10 era. It’s not being done to tear MS down… it’s done to try to make Windows better–  for users, not for Microsoft.

 

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

AlexEiffel

Reply | Quote

Aren’t there also Windows 7 enthusiasts who wouldn’t touch Windows 10 with a bargepole but are upset by possibly not being able to get Windows 11 (without a new computer)?

Reply | Quote

Could be, but the same answer about why MS/Windows bashers are sweating Windows 11 (because they are Windows users) still applies. These users have rejected 10 and they know they cannot reasonably remain on 7 forever, so it makes sense that they would seek an alternative to both 7 and 10 within the Windows world. They may or may not reject 11 also after having seen the as-yet nonexistent release version, but they would like to have the opportunity to accept it or not as they did with 10.

 

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

Reply | Quote

b wrote:

Aren’t there also Windows 7 enthusiasts who wouldn’t touch Windows 10 with a bargepole but are upset by possibly not being able to get Windows 11 (without a new computer)?

I was using the WayBack Machine (the imported Windows Secrets “Whale” of my posts and replies) and saw lots of posts of XP aficionados making the same complaints about the RTM of Windows 7.

Some things never change.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

For even more info, click on this link to Linus Tech Tips.

https://www.youtube.com/watch?v=NivpAiuh-s0

 

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

Ben Myers is secretly Robert DeNiro.

 

HP Pavilion Desktop TP01-0050 – 64 bit
Windows 10 Home Version 22H2
OS build 19045.5487
Windows Defender and Windows Firewall
Microsoft Office Home and Business 2019
-Version 2501(Build 18429.20132 C2R)

Reply | Quote

blueboy714 wrote:

I have an ASUS TUP Z390 Plus motherboard which uses Intel Platform Trust Technology (PTT) not true TPM 2.0. When I turn on PTT in the BIOS apps like WhyNotWin11 and WindowsPCHealthCheckSetup say that my ready for Windows 11.

I have an Asus Prime  Z390-A motherboard, with an empty TPM socket (and a cheap $15 TPM in hand), and options in the UEFI/BIOS for either TPP or TPM.

I haven’t made any changes yet, but was wondering which path is easiest to take (TPP or TPM). I currently have my system drive set to GPT, with Bitlocker encryption enabled.

Windows 10 Pro 22H2

Reply | Quote

If you have PTT, that satisfies the Win 11 requirement without having to add anything… but you already have the discrete TPM, so what else would you do with it but plug it in?

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

Reply | Quote

Question

After trying to upgrade to TPM 2.0 from the Dell site, I find my Optiplex 9020 with 4th Gen i5 processor is too old to support it? I don’t have a PTT enabled PC either. Bloody annoying to only have TPM 1.2 active.

I’ve found the workaround to installing the Win 11 trial

https://fossbytes.com/solve-tpm-2-0-error-installing-windows-11-fixed/

and my Dell has Secure Boot and is UEFI capable but I don’t know how to migrate from Legacy ROM mode to UEFI bootable ?? Can anyone help here?? I’m running Win 10 Pro.

Thanks – David

Reply | Quote

If you are on Legacy MBR you have first to convert to GPT.
Next set Legacy to UEFI (you must have a UEFI capable PC.

MBR2GPT.EXE

“Important

After the disk has been converted to GPT partition style, the firmware must be reconfigured to boot in UEFI mode.
Make sure that your device supports UEFI before attempting to convert the disk.”

Convert Legacy BIOS to UEFI

Create a full image of your PC before any changes.

1 user thanked author for this post.

davexl

Reply | Quote

I followed the link to Convert Legacy BIOS to UEFI, just to see what I may have to do if/when the question of upgrading to Win 11 arises.

One necessary condition is that “The disk you are trying to convert should not have more than three partitions. If you have more than three partitions on the Windows 10 installation drive, either merge or delete excess partitions”.

Mine has four, see the attached screen snip from Disk Management

I do not understand fully the function of the two very small partitions.  Partition C: is the operating system and applications; partition D: is all “my” stuff.  On more than one occasion in the past, I have been glad to have my stuff separate from the OS and apps when this became corrupted and had to be re-installed.

My question is – I see four partitions, two trivial in size, but probably essential to the functioning of my system, one obviously essential, that containing the OS.  Is that my three?  And am I going to have to merge “my stuff” on the D: partition with the C: partition where the OS resides?

Dell E5570 Latitude, Intel Core i5 6440@2.60 GHz, 8.00 GB - Win 10 Pro

Reply | Quote

You don’t put your stuff on the same drive with the OS.
Your D: – stuff partition should be another drive (hdd/ssd).

Reply | Quote

Alex – yes, in a desktop box, you’re right, but in a laptop, with every little piece of space already committed that is rarely an option.

Dell E5570 Latitude, Intel Core i5 6440@2.60 GHz, 8.00 GB - Win 10 Pro

Reply | Quote

I use a laptop. Drive C: 256GB SSD Nvme + Drive D: 1TB HDD SATA3 + 3 X external HDDs total 16TB.

Reply | Quote

Thanks Alex – perfect answer!

Reply | Quote

Alex – thanks for the advice about keeping “my stuff” on a physically distinct drive.

My question stands, is the UEFI limit of three partitions fully used up by the C: partition, the Recovery partition and the System Reserved partition?

Dell E5570 Latitude, Intel Core i5 6440@2.60 GHz, 8.00 GB - Win 10 Pro

Reply | Quote

ScotchJohn wrote:

is the UEFI limit of three partitions fully used up by the C: partition, the Recovery partition and the System Reserved partition?

I don’t know. I suppose every type of partition count and you have 4.
You should do more digging regarding UEFI – partitions.

Mine is UEFI + GPT. Drive C has 3 partitions.

Reply | Quote

Alex5723 wrote:

I don’t know. I suppose every type of partition count and you have 4. You should do more digging regarding UEFI – partitions.

“The specification allows an almost unlimited number of partitions. However, the Windows implementation restricts this to 128 partitions. The number of partitions is limited by the amount of space reserved for partition entries in the GPT.”

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

https://docs.microsoft.com/en-us/windows/deployment/mbr-to-gpt

The disk is currently using MBR
There is enough space not occupied by partitions to store the primary and secondary GPTs:
16KB + 2 sectors at the front of the disk
16KB + 1 sector at the end of the disk
There are at most 3 primary partitions in the MBR partition table
One of the partitions is set as active and is the system partition
The disk does not have any extended/logical partition
The BCD store on the system partition contains a default OS entry pointing to an OS partition
The volume IDs can be retrieved for each volume which has a drive letter assigned
All partitions on the disk are of MBR types recognized by Windows or has a mapping specified using the /map command-line option

Slightly different then stated in this thread but still a limiting factor I was not aware of.

MiniTool Partition Wizard , program suggested many times in the-is forum for various uses seems to be able to handle a situation such as your.

https://www.partitionwizard.com/ppc/convert-mbr-to-gpt.html?gclid=CjwKCAjwlrqHBhByEiwAnLmYUGGdTD7xErTEZWFGDeUPZo8qR4yEjBjJC1F3XyGFovMLwCbQXZfD4xoCgecQAvD_BwE

IMAGE YOUR DISK FIRST

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

1 user thanked author for this post.

ScotchJohn

Reply | Quote

Wavy – much food for thought there, warrants reading, and then re-reading.

Many thanks.

Dell E5570 Latitude, Intel Core i5 6440@2.60 GHz, 8.00 GB - Win 10 Pro

Reply | Quote

My Dell Latitude E5420 has a transitional BIOS, both Legacy and UEFI.

Adventures with UEFI has my transition chronicled.

Backing into a dual boot in UEFI may also have some pertinent information.  Drive imaging is a key ingredient.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

Ascaris wrote:

If you have PTT, that satisfies the Win 11 requirement without having to add anything… but you already have the discrete TPM, so what else would you do with it but plug it in?

Just wondering about the pros/cons with each approach. And would either cause me to have to disable and re-enable BitLocker with a new startup key?

I had to enable the group policy ‘require additional authentication at startup’ to get BitLocker to work in the current non-TPM configuration.

BitLocker is working fine now as-is, and I would rather not insert a monkey wrench if at all possible.

If you want to use BitLocker on a computer without a TPM, select the “Allow BitLocker without a compatible TPM” check box. In this mode either a password or a USB drive is required for start-up. When using a startup key, the key information used to encrypt the drive is stored on the USB drive, creating a USB key. When the USB key is inserted the access to the drive is authenticated and the drive is accessible. If the USB key is lost or unavailable or if you have forgotten the password then you will need to use one of the BitLocker recovery options to access the drive.

On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use only the TPM for authentication, or it can also require insertion of a USB flash drive containing a startup key, the entry of a 6-digit to 20-digit personal identification number (PIN), or both.

 

Windows 10 Pro 22H2

Reply | Quote