Among the new memory requirements for Windows 10 is this little tidbit, Intel's TPM module will be required for new OEM installs of Microsoft's flagship OS.
Where this leaves AMD and ARM isn't clear, but for those of us who don't want hardware DRM baked into our systems this is an unwelcome bit of news.
Microsoft Technet details the requirements for the TPM, what features require its use and different ways it can be implemented. It also gives the option of a firmware based implementation which can use the security feature, such as trust zone and IME.
Related Stories
The KDE community has an outreach campaign encouraging the use of the Plasma desktop by people with older, but usable, laptops. Vista10 support will come to an end and Vista11 has been designed not to run on many still viable models of computer due to several factors including Digital Restrictions Management (DRM) requirements centered around TPM-2.0. GNU/Linux can not only keep the old system working, it can improve its performance, ease of use, and general security. KDE Plasma can be part of that.
Even if you agree to this tech extortion now, in a few years time, they will do it again as they have done many times in the past.
But things don't have to be this way...
Upgrade the smart way! Keep the machine you've got and switch to Linux and Plasma.
Linux can give new life to your laptop. Combined with KDE's Plasma desktop, you get all the advantages of the safety, stability and hi tech of Linux, with all the features of a beautiful, modern and powerful graphic environment.
Their campaign page covers where and how beginners can get help, what the differences are, the benefits gained, and more.
[Editor's Comment: This is obviously a KDE/Plasma centric promotion - which doesn't mean that it is bad but there are lots of other options too. Which Linux OS and desktop would you recommend for someone wanting to make the move from Windows to Linux? Which are the best for a beginner, and which desktops provide the most intuitive interface for someone who has never sat down in front of a Linux computer before?--JR]
Previously:
(2025) Microsoft is Digging its Own Grave With Windows 11, and It Has to Stop
(2023) The Wintel Duopoly Plans to Send 240 Million PCs to the Landfill
(2023) Two Security Flaws in the TPM 2.0 Specs Put Cryptographic Keys at Risk
(2022) Report Claims Almost Half of Systems are Ineligible for Windows 11 Upgrades
(2021) Windows 11 Will Leave Millions of PCs Behind, and Microsoft is Struggling to Explain Why
(2019) Microsoft's Ongoing Tactics Against Competitors Explained, Based on its Own Documents
(2016) Windows 10 Anniversary Update to Require TPM 2.0 Module
(Score: 3, Insightful) by Anonymous Coward on Thursday May 26 2016, @02:02AM
Microsoft has already proven it cannot be trusted. Now this. Looks like I'll be shopping around for older CPU's/motherboards.
(Score: 2, Interesting) by Anonymous Coward on Thursday May 26 2016, @02:05AM
No need to shop around. Last I checked most Gigabyte/Asus boards have TPM as an optional add-on.
(Score: 0) by Anonymous Coward on Thursday May 26 2016, @12:31PM
Or AMD/ARM and a different operating system?
(Score: 1) by Francis on Thursday May 26 2016, @02:43PM
That was my thought, anybody still using Windows 10 despite the ample evidence that MS is collecting a ton of telemetry data, isn't likely to care about the TPM chip being used.
It's fortunate that, at least, this bit of dystopian future hasn't yet come about. I remember the concerns when the TPM chip was originally announced and thankfully because of reasons the logical conclusion of the chip hasn't yet been reached. For national security and banking applications, I think the chip was a potentially useful innovation, unfortunately, it also gave the ability to do all sorts of draconian DRM controls on people's personal files.
I remember seeing a post years ago about a composer who wound up losing all of his music because Windows media player defaulted to protecting everything that was ripped, so when his discs were destroyed, he wasn't able to listen to the files because the same incident destroyed the computer and the licenses were lost. (And yes I know, back up your data)
(Score: 2) by Hairyfeet on Thursday May 26 2016, @11:55PM
Buy AMD. Not only does AMD not have any kind of DRM baked into their boards but so far the latest details on Zen, the new arch coming out within the next year, doesn't have AMD adding any kind of DRM.
The closest AMD ever came to DRM was the ARM security module they bought for inclusion in the consoles and the page on that chip on their website hasn't been updated since 2013 so I'd say its safe to assume they are not gonna pursue it. As of this date the only AMD chips you can buy with a security module is the 4 APUs that were originally built for the consoles and since there is nothing on the boards nor any software in the wild that can actually access it? I'd have no problem recommending those chips, its just dead silicon.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 5, Interesting) by Scruffy Beard 2 on Thursday May 26 2016, @02:12AM
To me this is great news on one condition: that it is still possible to buy a general-purpose computer without said TPM.
For a long time there have been allegations that Mircrosoft "tolerates" piracy just to keep the Free alternatives down. It may be the "Year of the Linux desktop" yet.
(Score: 1, Informative) by Anonymous Coward on Thursday May 26 2016, @02:29AM
TPM is great as long as you have full control of it.
Its nice for corporate managed systems too where the admins have full control.
AFAIK, none of the shipping TPM systems can lock the user out from their own hardware.
(Score: 1) by anubi on Thursday May 26 2016, @03:00AM
Yet.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 5, Informative) by Scruffy Beard 2 on Thursday May 26 2016, @03:14AM
It is called "UEFI Secure Boot". According to the Microsoft article linked in TFS, it is not required (yet).
Secure boot would be great if the user had control over the signing keys that they trust.
(Score: 2) by deimtee on Thursday May 26 2016, @10:11AM
And the problem with that is that if the user has control, then so does any program that can mimic the user, or any "windows support calling you" hacker that can talk a clueless user through it.
The best solution would be to go back to a hardware switch on the board. If you can be trusted to play with the keys, then you should know enough to set a jumper or flip a dipswitch to make the keys writable.
200 million years is actually quite a long time.
(Score: 2) by kazzie on Thursday May 26 2016, @01:56PM
The trouble is that a physical switch will cost money. Manufacturers want the cheapest board possible in order to stay competitive in the market.
(Score: 0) by Anonymous Coward on Thursday May 26 2016, @02:47PM
How much would a jumper cost? A fraction of a cent?
(Score: 2) by Dunbal on Thursday May 26 2016, @06:34PM
The trouble is that a physical switch will cost money.
Irrelevant. You just have to know the right crowd to target and you market it to them easily recovering the cost of the switch and more. Heck how many tinfoil hats would jump at the chance of owning a "back-door proof" switch?
(Score: 2) by stormreaver on Thursday May 26 2016, @02:59AM
It may be the "Year of the Linux desktop" yet.
Windows 10 has convinced my die-hard Windows-only client to move to Linux.
Thank you, Microsoft!
(Score: 0) by Anonymous Coward on Thursday May 26 2016, @08:16AM
and my wife
Which is a serious wtf. I never thought she would ask me to install linux over her windows machine.
Shows just how far down the rabbit hole we are
(Score: 0) by Anonymous Coward on Thursday May 26 2016, @03:44AM
That would be 2014.
Given the Choice for Christmas 2014, Consumers Chose Linux [soylentnews.org]
For others, it was earlier.
(People who don't look outside the USA for their numbers are missing a lot.)
The public school system of Brazil uses Linux exclusively.
World's largest Linux deployment (500,000 seats in 2011). [googleusercontent.com] (orig) [lwn.net]
-- OriginalOwner_ [soylentnews.org]
(Score: 2) by jmorris on Thursday May 26 2016, @10:26PM
And how will we have the Year of the Linux Desktop when there are no desktop systems capable of loading it? That is the end goal here. Trusted boot, trusted keys to play 4K media, etc. And if you think they are going to leave you an OFF switch much longer you are hopeless. The boot is coming down. Go look at an XBox, that is the future Microsoft has in mind for us.
No prebuilt system is going to switch from Windows to Linux in the future. The open question is whether we will still be able to buy bare motherboards that aren't locked to Microsoft's keys. And with this new 'firmware TPM' it means it goes directly into the CPU so with only two x86 vendors it is a very open question whether Linux on x86 is going to be a thing much longer. On the desktop that is, of course it will continue to own the server space. Maybe somebody will make a board that accepts a server CPU but has desktop like features? Are there enough Linux users to justify designing such a thing?
(Score: 1, Insightful) by Anonymous Coward on Friday May 27 2016, @01:24AM
Too much melodrama; too much pessimism.
...especially for an Invisible-Hand type.
The big manufacturers aren't providing the goods?
Competition arises from smaller guys who fill the niche. Right?
Isn't that the way this tune is supposed to go?
x86 systems don't get the job done?
Go to ARM.
...or one of the fifty-something other architectures that will run Linux.
(Section 3.18.) [gnu.org]
...for which MICROS~1 does NOT provide support.
.
No prebuilt system is going to switch from Windows to Linux in the future
With Visduh 10, Windoze has become cancer.
What makes you think manufacturers are going to continue pre-installing it?
Don't you think they have enough headaches already?
...then there's Ubuntu Touch with the convergence trick that turns a handheld into a desktop workstation just by connecting the peripherals.
MICROS~1 is playing catch-up these days.
-- OriginalOwner_ [soylentnews.org]
(Score: 3, Informative) by Anonymous Coward on Thursday May 26 2016, @04:27AM
OEMs shipping W10 are already required to have a TPM chip; they just have a choice of which version they use (1.2 vs 2.0). Once the deadline passes they will be required to ship TMP 2.0. Quote from TFA:
The initial Windows 10 specifications said that after July 28, all new systems must ship with Trusted Platform Module (TPM) 2.0. The TPM is used for various cryptographic purposes, including storing disk encryption keys. Until this cut-off date, OEMs could choose between TPM 1.2 and 2.0; TPM 2.0 adds a number of additional encryption capabilities to the 1.2 version.
(Score: 0) by Anonymous Coward on Thursday May 26 2016, @05:01AM
There are also good things that TPM can be used for, such as password managers. And the difference between TPM 1.2 and 2.0 is not that significant. Simply having TPM is not all that bad, either. It enables your computer to act against your interest, but you can (so far) typically turn it off. And you still have the choice to avoid applications that misuse the TPM. In the future, TPM could become much worse, but so far, it isn't really.
(Score: 0) by Anonymous Coward on Thursday May 26 2016, @07:49AM
Yeah sure, if you trust that those Intel(R) TPM-chips were designed in a country that does not have NSA-style security letters.
(Score: 0) by Anonymous Coward on Thursday May 26 2016, @08:37AM
If they were designed elsewhere they'd have backdoors from someone else. Perhaps even the buisness itself.
(Score: 2, Insightful) by Anonymous Coward on Thursday May 26 2016, @09:09AM
" In the future, TPM could become much worse, but so far, it isn't really."
So until then kiddies, keep rollin' down that hill. The pit with spikes and lava are still meters away!
(Score: 2, Funny) by aristarchus on Thursday May 26 2016, @05:29AM
Oh, how the Hairyfeet have fallen! Lie with dogs, and you wake up with TPM! We Linux users await your full and unconditional apology, Oh he of hairy feets!
(Score: 1) by baldrick on Thursday May 26 2016, @06:25AM
How will this affect windows instances running in a VM ?
... I obey the Laws of Physics
(Score: 3, Informative) by Wootery on Thursday May 26 2016, @08:20AM
You're not the only one wondering. [microsoft.com]
That thread gives the impression you're probably SOL, but is hardly authoritative.
(Score: 2) by choose another one on Thursday May 26 2016, @01:41PM
Probably SOL if you are trying to install _OEM_ Windows - you know, those copies that are only licensed for the original hardware they were bought with - on a VM.
But then you may be SOL anyway - more recent windows OEM licences are bios/efi linked so they will only install on the correct bios/efi, which won't be there on a VM.
All it means is that to install on a VM you will need retail or MSDN or other non-oem windows - which is what you should be doing anyway.
(Score: 0) by Anonymous Coward on Thursday May 26 2016, @06:22PM
ISTM that it might be an appropriate time to make a donation to the ReactOS guys.
Perhaps also triage some of their bug reports or otherwise add some manpower to the project.
For those folks still doing a task which requires running Windoze, Redmond's products seem even more than before to be a quicksand pit.
-- OriginalOwner_ [soylentnews.org]
(Score: 1, Interesting) by Anonymous Coward on Thursday May 26 2016, @08:24AM
Good point.
Expanding on this: what is to stop someone from running a whole system vm which passes information to Windows that it expects. Will running Xen or Hyper-V or similar be standard for some users?
or will they give up.and stop using Windows.
Windows 7 may be the last version after all.
(Score: 2, Interesting) by Anonymous Coward on Thursday May 26 2016, @08:40AM
Technically XP XP3 was the last real windows version, when they removed the GDI stack and replaced it with a halfbacked GPU hackjob it lost the one thing that defined windows as such.
(Score: 0) by Anonymous Coward on Thursday May 26 2016, @03:12PM
There better be ways around it, unless they are going to kill off the windows VDI market. ( and if they do the same with servers, the entire server market... )
(Score: 4, Informative) by boltronics on Thursday May 26 2016, @09:29AM
Is anyone surprised at this point? If you run Windows, you don't own your computer. It's that simple.
Pretty much any consumer-motherboard-based custom built machine has a TPM socket but no TPM module. Even if your board included the module, you should be able to physically remove it if you want to. It's only OEM machines you might need to be wary of, but I've never purchased an OEM desktop machine to know for sure.
It's GNU/Linux dammit!
(Score: 3, Interesting) by Unixnut on Thursday May 26 2016, @09:48AM
That is until they start baking TPM modules into the CPU die, what then? Not much chance you will be able to remove it (without seriously expensive kit, and might still damage the CPU).
Intel already hinted at doing it, I believe it was done for games consoles already, and just like the memory controller and other bridges were merged into the die, I don't see why they will not merge TPM in future as well.
(Score: 3, Insightful) by bob_super on Thursday May 26 2016, @04:48PM
My question is whether it makes sense for Intel's socket-CPUs. If you have a BGA CPU or a console, sure you can put key management in the CPU.
Intel does want you to upgrade your CPU, even if they realize that few people ever do.
But if you tell people they lose their keys/windows/drives with an upgrade, Intel loses the highest-margin customers (and all-important reviewers).
(Score: 2) by Unixnut on Monday May 30 2016, @10:36AM
They would provide a way to import/export your personal keys, like they allow microcode uploading now. My issue is with what other keys are in there, ones that I did not put there, and that I have no control over, but which would have control over my hardware, possibly at a higher level than I do.
(Score: 2) by kazzie on Thursday May 26 2016, @01:59PM
It's only OEM machines you might need to be wary of, but I've never purchased an OEM desktop machine to know for sure.
What about those who use laptops? I've never built one of those from scratch.
(Score: 2) by boltronics on Thursday May 26 2016, @11:40PM
No idea. I've never owned a laptop that has one, but I can't say I've ever noticed a TPM socket - not that I've specifically looked for one, but I have pulled all my laptops apart a number of times to upgrade HDDs, RAM and Wifi/Bluetooth modules.
It's GNU/Linux dammit!
(Score: 2) by Hairyfeet on Friday May 27 2016, @12:08AM
Again buy AMD, as none of their laptop APUs have any DRM module. the only chips they have with a DRM module is the ones they built for the consoles and the boards that are sold for those chips have no way to access the module nor is there any software out there that can access the module so even on those units its just dead silicon.
But if you look around you can get really nice AMD quad APU laptops for around $400, I've picked up several for customers and they just love 'em. Good battery life, GPU capable of playing many mainstream games or playing BD in 1080P on your widescreen when you get home, just great for when you need mobility.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 0) by Anonymous Coward on Thursday May 26 2016, @04:30PM
For a long time, TPM chips in laptops were a no-go in China. Has that changed?
(Score: 0) by Anonymous Coward on Thursday May 26 2016, @06:26PM
Update: China Will Upgrade All Gov't PCs to Linux by 2020 [soylentnews.org]
China Bans Windows 8 From Government PCs? [soylentnews.org]
China Urges XP Users to Choose Linux [soylentnews.org]
Chinese OS Expected to Debut in October [2014] [soylentnews.org]
(Kylin) [google.com]
So, this may speed up their pace, but ditching M$ (expensive and proprietary), MSFT (USAian; NSA-friendly), and MICROS~1 (quirky, non-standard, and poorly-documented) has been the plan for them for some time.
-- OriginalOwner_ [soylentnews.org]