this post was submitted on 29 Oct 2025
380 points (94.6% liked)
Peertube
1351 readers
11 users here now
For Peertube videos, channels, and general discussion. Feel free to share your videos!
Search for videos!
Other communities:
Find your platform!
founded 8 months ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Isn't it, at least officially, to enforce TPM 2.0?
Sure, and if you believe that, I have a bridge to sell you :P
Is it so trivially untrue? Could they just as easily have implemented TPM 2.0 in Win10 and just have stopped Win10 from working on devices without TPM 2.0 compatibility? Would that have been better?
There's no reason to force tpm requirements other than to create tons and tons of ewaste and force people to upgrade their hardware to run their new even more bloated and invasive operating system.
Don't believe this JUST HAD TO BE!
For sure it didn't just have to be, completely agree. But I find it hard to understand that that could be the only reason.
Is there really no way to steelman the requirement?
I'm not well versed on the reasons, but I see that AI is mentioned frequently when TPM is brought up in Windows 11.. probably because of that new rewind feature that's pretty much surveillance baked into your pc, they probably need that to be ultra secure.
It seems like maybe they have done this because it's maybe necessary, but only for features that no one wanted anyways.
There should be a choice and a warning if you don't have TPM, along with disabling invasive "features" that could have it's data stolen, otherwise they are signing off on what is probably thousands of tons of ewaste.
I believe there are ways to get around this requirement, but then you are running in an unsupported use case and I wouldn't be surprised if they brick your OS randomly one day with an unrelated (or maybe related) patch.
TPM's entire point is basically to prevent you from using anything but windows on the computer. They want to make it so that you can't change to e.g. linux or anything else, because they know they're going to be bringing in unpopular changes that people want to swap from.
In it's most basic form, it locks you out of modifying your computer how you want it to be, in favor of how microsoft or your OEM wants it to be.
They talk a lot about how it prevents attackers from changing deep, mystical boot level things so it sounds scary, but honestly I can't even think of that last time that was a legitimate attack someone actually did, and frankly encryption at rest already solved that issue a long time ago.
At the end of the day, it's a way to force you to buy a new computer, raising profits, buy a new version of windows, raising profits, and locking you into the ecosystem with your very system and data itself held hostage- again, for profits. Since you're a captive audience, they can also start doing things for profits- like mining all your data to sell.
Interesting, thanks! How does TPM stop you from installing Linux? I haven't had any issues with it.
So basically, TPM is a secure bit of hardware on the mobo, that allow it to do data encryption, software signing, integrity checks, etc. All that is fine, good even, and Linux fully supports TPM modules, because there's a lot of good you can do with it, especially the fact that's in a hardware encrypted key store. Those 'secure enclaves' are HUGE for security.
The problem is how windows controls it. Basically, TPM 2.0 can store a bunch of hash values of various parts of your system- bios, bootloader, kernel, etc. It can use this to ensure nothing has been tampered with. it can also enable 'secure boot' which is basically to ensure only signed, confirmed software is loaded as the bootloader. Finally, disk encryption can be run through TPM 2.0.
Again, none of these things are bad... if YOU control the TPM module. But on Windows, you don't, windows or your OEM does. You don't get to boot your system without their permission. You don't get to unlock your hard drive without their permission. You don't get to change OSs without their permission. And finally, you don't even get to change hardware without their permission!
You can see how it's a problem when your OEM or windows itself controls that kind of thing regarding your PC. For right now, these problems mainly seem to occur in enterprise or OEM pcs, not prebuilts or custom-builts... but Windows gets greedier by the day, and frankly so do OEMs.
The goal is to turn away from decades of computer innovation and lock down and control your computer worse than your phone is now. You can already see the effects- Windows has started calling installing your own software 'sideloading,' for example, and making scary noises about how installing anything from outside the windows store inherently dangerous.
tl;dr: Companies hate the idea of you actually owning your pc, and TPM 2.0 is just another thing they're using for stripping that control away from you, bit by bit, in the name of 'security.'
Damn... Can Windows really stop my BIOS from booting on a self built PC with TPM? How would my BIOS even know to not boot before Windows has started?
If windows takes over the TPM module? Yes, because they change the stuff the bios references to boot.
That said, if you self-built, you can probably keep it from taking over the TPM module (I think.)