Yep, exactly this. You can bypass the TPM and Processor requirements, but at some point it will come back to bite someone in the butt.
Microsoft with the 24H2 update broke Windows 11 for older systems (like Core2Duo, which are already ancient) due to a lack of required processor instructions. I’ve seen systems running under QEMU, and also on newer systems like the AMD Ryzen Zen1 platform experience “Unsupported Processor” BSODs preventing the system from booting.
Even outside of that, Microsoft doesn’t deploy the yearly feature roll-ups to systems with unsupported hardware, even if Windows 11 is already installed. I’ve seen many unsupported systems end up stuck 1-2 builds behind, and they never see the update. They have to be manually updated using the same mechanisms that got Windows 11 installed in the first place.
Microsoft I believe, expects Windows 11 to be running on a minimum set of hardware, and that’s all they are qualifying it for. So older systems are going to eat it at some point if they are used in production.
The TPM checks are for security but, certainly not required if someone is willing to drop system security for some reason.
TPM is more about securing data from PC owners rather than for them. Since it’s there anyways, it is used to support bitlocker, but the reason they are pushing it so much is because it might (depending on whether it actually is secure) be able to allow content providers to allow users to view their content without needing to give them access to copy or edit it.
And there isn’t any guarantee that the uses that do benefit the user’s security don’t have some backdoor for approved crackers to get in. Like doesn’t the MS account store a copy of the recovery key for bitlocker? Which is nice for when the user needs it, but also comes in handy if MS wants to grant access to anyone else.
Microsoft does on Home Edition without even asking, and it doesn’t provide the users with a choice to store the key locally OR put it on the Cloud account, like Windows Pro does. I’m sure Microsoft has a master key to an account as well. But one can hope they do not, and they are also storing those BitLocker keys in an encrypted fashion in whatever database runs the backend.
Also agree with you on TPMs. They are useful when invoked by the user. DRM on content and software is, and always will be, anti-consumer. As for now secure TPMs are, I know Infineon did have that Random Number Generator bug which basically broke the TPMs. So there’s that.
Would all the Linux versions out there be subjected the same 15 years of updates??
They shouldn’t be, since the model for updates is quite distinct from Windows or iOS in a way that I would argue should effectively meet the requirements anyways. If a distro releases a new version twice a year, outside of enterprise situations where a company is paying for support, there’s nothing to really stop anyone who wants from upgrading. They don’t charge for it, and while new versions might add out-of-the-box support for new hardware, it’s pretty rare for Linux to suddenly change minimum hardware requirements in a way that requires you to buy a whole new machine in order to run the latest release. The only case that immediately comes to mind is that of distros increasingly removing support for i386 machines, but in fairness, Intel discontinued manufacturing of i386 chips 18 years ago.
Of course, this all assumes that the people in charge of making these decisions actually understand the technology in at least a general sense, and it’s not being left up to a bunch of idiots who have refused to keep up with any innovations more recent than the fax machine, so odds are kind of crap.
Upgrades are more seamless as well, it’s definitely a bit more blurry of a process. Plus Ubuntu releases twice a year, so their versions are more like the equivalent of Microsoft’s service packs (or whatever they call them now) but on a rolling basis.
Correct, the “obsolete” PCs can’t update to Windows 11. The Windows 11 update forces certain hardware support that a lot of devices don’t have. The security this hardware provides is mainly in someone physically removing data from your PC. As such it’s very business oriented but affects all versions of Windows 11.
Couldn’t you theoretically swap out the tpm chip? Or spoof/emulate it? If not, how do VMs run Win11, do they just inherit the host tpm chip and that’s that? I feel like this was the same goal of having a mac address on each device, and it became irrelevant in short order.
I don’t get this. Can’t those PCs update to the new version? Yes, I am very aware that win11 is a shit show and win10 was better.
But Ubuntu also has a similar support policy for updates:
Would all the Linux versions out there be subjected the same 15 years of updates??
No, Windows 11 added extra, unneeded hardware requirements.
Obsolete in this case actually means obsolete. Windows 11 literally blocks the update because you do not meet requirements, such as not having a TPM.
Technically, there are ways to bypass this, but not for a casual user (and it probably breaks some ToS)
Yep, exactly this. You can bypass the TPM and Processor requirements, but at some point it will come back to bite someone in the butt.
Microsoft with the 24H2 update broke Windows 11 for older systems (like Core2Duo, which are already ancient) due to a lack of required processor instructions. I’ve seen systems running under QEMU, and also on newer systems like the AMD Ryzen Zen1 platform experience “Unsupported Processor” BSODs preventing the system from booting.
Even outside of that, Microsoft doesn’t deploy the yearly feature roll-ups to systems with unsupported hardware, even if Windows 11 is already installed. I’ve seen many unsupported systems end up stuck 1-2 builds behind, and they never see the update. They have to be manually updated using the same mechanisms that got Windows 11 installed in the first place.
Microsoft I believe, expects Windows 11 to be running on a minimum set of hardware, and that’s all they are qualifying it for. So older systems are going to eat it at some point if they are used in production.
The TPM checks are for security but, certainly not required if someone is willing to drop system security for some reason.
TPM is more about securing data from PC owners rather than for them. Since it’s there anyways, it is used to support bitlocker, but the reason they are pushing it so much is because it might (depending on whether it actually is secure) be able to allow content providers to allow users to view their content without needing to give them access to copy or edit it.
And there isn’t any guarantee that the uses that do benefit the user’s security don’t have some backdoor for approved crackers to get in. Like doesn’t the MS account store a copy of the recovery key for bitlocker? Which is nice for when the user needs it, but also comes in handy if MS wants to grant access to anyone else.
Microsoft does on Home Edition without even asking, and it doesn’t provide the users with a choice to store the key locally OR put it on the Cloud account, like Windows Pro does. I’m sure Microsoft has a master key to an account as well. But one can hope they do not, and they are also storing those BitLocker keys in an encrypted fashion in whatever database runs the backend.
Also agree with you on TPMs. They are useful when invoked by the user. DRM on content and software is, and always will be, anti-consumer. As for now secure TPMs are, I know Infineon did have that Random Number Generator bug which basically broke the TPMs. So there’s that.
Apparently there’s a way to install Win11 and bypass all these requirements.
https://www.tomshardware.com/how-to/bypass-windows-11-tpm-requirement
https://youtu.be/tx5TaozMXMQ
They shouldn’t be, since the model for updates is quite distinct from Windows or iOS in a way that I would argue should effectively meet the requirements anyways. If a distro releases a new version twice a year, outside of enterprise situations where a company is paying for support, there’s nothing to really stop anyone who wants from upgrading. They don’t charge for it, and while new versions might add out-of-the-box support for new hardware, it’s pretty rare for Linux to suddenly change minimum hardware requirements in a way that requires you to buy a whole new machine in order to run the latest release. The only case that immediately comes to mind is that of distros increasingly removing support for i386 machines, but in fairness, Intel discontinued manufacturing of i386 chips 18 years ago.
Of course, this all assumes that the people in charge of making these decisions actually understand the technology in at least a general sense, and it’s not being left up to a bunch of idiots who have refused to keep up with any innovations more recent than the fax machine, so odds are kind of crap.
You don’t typically pay to run Linux distros. They’re open-source. I can’t imagine they’d be subject to this.
if anyone pays though they would need to keep a long-long-term-support.
Upgrades are more seamless as well, it’s definitely a bit more blurry of a process. Plus Ubuntu releases twice a year, so their versions are more like the equivalent of Microsoft’s service packs (or whatever they call them now) but on a rolling basis.
Correct, the “obsolete” PCs can’t update to Windows 11. The Windows 11 update forces certain hardware support that a lot of devices don’t have. The security this hardware provides is mainly in someone physically removing data from your PC. As such it’s very business oriented but affects all versions of Windows 11.
It’s not business oriented, it provides a unique ID attached to the machine, cryptographically proven.
Next step is to use that unique ID to identify you on the internet and digital life. Ending all privacy.
You think this is far fetched? Kernel-level anti-cheat for games already does this and bans the machine from playing that game ever again.
Couldn’t you theoretically swap out the tpm chip? Or spoof/emulate it? If not, how do VMs run Win11, do they just inherit the host tpm chip and that’s that? I feel like this was the same goal of having a mac address on each device, and it became irrelevant in short order.