Microsoft confirms there will be no U-turn on Windows 11 hardware requirements Microsoft is not backing down on the hardware requirements for Windows 11, stating that the Trusted Platform Module (TPM) is essential for the operating system, even if it is not part of the minimum requirements for Windows Server 2025. Microsoft Senior Product Manager Steven Hosking called TPM 2.0 "a necessity for a secure …
Hubris; n.--
"Hubris, or less frequently hybris, describes a personality quality of extreme or excessive pride or dangerous overconfidence and complacency, often in combination with arrogance. The term arrogance comes from the Latin adrogare, meaning "to feel that one has a right to demand certain attitudes and behaviors from other people". To arrogate means "to claim or seize without justification..."--Wikipedia
First, Intel.
Next, for certain: Microsoft.
I also homebuild - and have done so for years. My current build has a modern MSI mobo, an i7 chip and 32 Mb ram. Plus several decent (minimum 2 Tb SSDs) each on switchable sata power supplies, each running different (linux, of course) OSs, so that I can select whichever one I want to play / work with before booting up. So I could easily run M$.xx if I wanted to, but you will already have figured out that I don't. That would be a complete waste of an expensive hard drive! Steam / Proton for the few old Win games I still like to keep. And Wine or Crossover for anything else
I AM NOW TOTALLY MICROSOFT-INDEPENDENT, and intend to stay that way!
... just to be able to run that piece of sh*t they call an O.S. !
Then why bother?
If you gave been on this site for a while you surely must realise that there are options other than MS Windows.
It might take a bit of time and effort but examine what's out there and jump off the MS train.
I decided a while back (AFTER CANCELLING MSDN AS IT BECAME A TOTAL FREAKING WASTE OF $ WITH 11's TPM REQUIREMENT and VBOX NOT SUPPORTING VIRTUAL TPM - YOU ARE F'ing WELCOME, MICROS~1) that if, for WHATEVER reason, I MUST have 11 installed on something, I'd purchase the CHEAPEST PIECE OF CRAP I could find and just use THAT for that ONE PIECE OF CRAP SOFTWARE that DEMANDS 11...
*TOTAL* *BACKFIRE* !!!
(I hope you are happy, Micros~1, and I will LOUDLY recommend Linux and/or BSD solutions to D.O.G.E. while I'm at it!!!)
I look forward to the end of life of W10. My email server runs it and many times it has frozen with the last entry in the system log being the start of an update. It's never failed to apply an update but something about WSUS seems to be locking it solid every now and again. I thought I'd fixed it a couple of years ago by giving it more RAM but it recently started again. So I've now installed a utility that claims to block Windows Update.
It seems to be working but there's always the risk that it somehow fails to block an update so the sooner MS stops making updates available for W10 the happier I will be. The server is behind a firewall and I never use it to browse the internet (I download anything it needs on different PCs and scan them before pushing them across the LAN) so the risk of anything bad sneaking onto the machine is low.
The kind who keeps it behind a firewall (router and of course its own) and understands the minimal risks. It was on Windows 7 for a couple of years after that went EOL. The only time it has failed was a hardware failure that required it to be rebuilt on a cheap PC which is why it can't be upgraded to W11. The real risks come from malicious software installation (typically resulting from careless or ignorant web browsing) from the inside. This server runs headless and I would never browse the internet from it. It's just a box in the corner of my spare bedroom that is ignored for months at a time.
The only way to attack this server from the outside is via one of the open POP3 or HTTP ports. You can't just insert your code via a port like a biological virus can with a cell - you have to follow the protocol assigned to that port. There is a very, very small possibility that some kind of buffer overrun attack might be possible on Windows but:
* Given the age and prevalence of the OS it seems a highly unlikely attack vector.
* The chances of such malformed packets getting past my router firewall are very slim.
The only way anyone can attack my mail server is via SMTP or HTTP and that's a risk that all web servers have to contend with by definition. So far after nearly twenty years (and it started coming under attack almost immediately) my server has never been breached.
The email software I use is only available on Windows. It has a feature that, last time I checked, was not easily available on other systems (Disposable Email Addresses using wildcards). The power consumption of a small desktop PC running nothing other than a personal email server is going to be low anyway. Certainly low enough for me to put forward the biggest argument against your suggestion:
My current setup is as safe and secure as is reasonable for a personal server. It works fine and has done for nearly two decades and is thoroughly understood by me. The hassle of learning something new (an OS I've not used in years and whatever email server I end up on) just isn't worth it. It might even compromise security through my lack of experience with the OS and/or the email server software.
If I was planning a mail server for the first time I might go the route you are suggesting. Probably would in fact for the same reason I built my own email server originally - the fun of it. The hardware that failed was some kit from an Israeli company - very low power but a bit pricey But with an established server already in place and me happily retired it all amounts to change for change's sake and pointless upheaval.
There's nothing wrong with my current setup so I don't feel like rocking the boat just to be part of the cool crowd :)
I have no intention of moving to Windows 11 so don't know what won't work without a TPM, but since you can fudge a Win 11 install on a PC without a TPM, then its clearly NOT a requirement is it?
And if its just bitlocker that won't work without it, i doubt that will both the majority of home users and quire a lot of business would forego it to save having to buy a whole new PC.
Not really.
First, you have to understand what a "Trusted Platform" actually means...
Trusted by whom? Trusted to do what?
IF a TPM were instead labelled as a unique cryptographic identifier that cannot be spoofed, that's a bit closer to the mark. It's like fingerprints for a chipset.
"Shirley, it's about helping certain big companies sell new laptops."
Exactly.
It's been known for years, that UnIntel and Microshaft are always doing the two step dance.
A new faster CPU is released, so people think that software will run faster, and then a new Windoze release/update uses this extra processing power and you are back to square one, except you also now need more RAM. So, a year or two later, a new CPU comes out and then a revised OS follows.
And all the time, we have to scrap older but still functional PCs because of this complete domination by these two companies as the annual user "review and scrappage" schemes take place !
There's been over 40 years of this, since Windows 3.11>95>98>Millennium>W7>W8>W10>W11 and same with 80386>80486>Pentium>Pentium Pro>Pentium !!>Celeron>Itanium>Core (most of which require new CPU sockets so you need new motherboards, new SIMMs, and even new HDDs, since your old MFM/RLL/SCSI/IDE drives cannot be connected directly).
""a necessity for a secure and future-proof Windows 11.""
I've a better way of making Windows 11 "secure and future-proof".
Lock it in a very strong metal box. Weld it completely closed and melt the keys.
Then take it deep into some dark utterly remote woods.... and bury it somewhere utterly forgettable where it will never be found.
Then we never speak of it again.
Dig up the entire burial site to a radius of, oh, say, 20m.
Find a handy nuclear facility to drop it into to fuse the entire thing into radioactive glass.
Sneak it into the next available Starship launch, along with some extra boosters.
Launch it into the Sun.
For good measure, cause the Sun to go nova.
You'd enjoy Mint with Mate Desktop (X-Windows) and maybe an W9x / Server 2003 theme more.
Works well even on i3 with a 5400 rpm HDD.
Super on i5 laptop with SSD + 1T HDD
Unless you have some task that can only be achieved on Windows. I also have XP, W7 and W10 VMs I don't use. The XP and Win7 imaged from real existing computers that are retired using and MS tool.
https://learn.microsoft.com/en-us/sysinternals/downloads/disk2vhd
Instructions not quite accurate, but you CAN make files from existing machines if they used BIOS mode for install/boot even if a UEFI PC (the W7 thus worked). And the default "free" Oracle VM tools can use them.
Do people here realize what a TPM provides in terms of added security?
Do they not realize that every Intel and AMD processor has a built in equivalent for a TPM that meets all the requirements of Windows 11?
You don't need a discrete TPM . Chances are very good you have one built in already! Intel calls theirs Platform Trust Technology (PTT). Make sure it is enabled in your BIOS/UEFI.
Even Linux can take advantage of a TPM.
I for one am not installing Windows 11 natively on my primary PC, even if I could. My CPU supports Intel PTT (what Intel calls the CPU based firmware TPM), but my motherboard vendor would rather charge $200 for a DTPM module to go with the $700 motherboard than allow you to simply turn on what's already in the $2900 processor. The rufus and other bypass methods don't work either on this system for some reason. If and when I ditch Win10 / WSL, it will be to 100% Debian, and no stinking Windows.
It's not just the TPM though. My PC has a Ryzen 7 1700X CPU. It has built-in support for TPM 2.0, but Microsoft considers the CPU "too old" and hence Windows 11 is unsupported on it. Same for the Kaby Lake i5 NUC that I have. Both systems work absolutely fine for everything I throw at them, yet Microsoft considers them "unsupported", despite them having the necessary security capability.
Point is, I'm not going to rush out and buy new hardware I don't need, just because Microsoft and their hardware cronies want me to spend money in order to experience the restricted and ad-laden world of Windows 11.
Weird. I've got a little HP mini PC at home (Elitedesk 800 G2) with a i5-6500T in. HP let you update the BIOS to provide TPM 2.0 support - the Windows 11 upgrade "app" says its not compliant, but a fresh unmodified W11 test install loaded itself on without a murmur and ran just fine. I tired of the chronic notification flatulence pretty quickly however, and swapped the SSD back for the original one running Xubuntu.
This post has been deleted by its author
My Dell Workstation, purchased only a few months before Win11 launched, does indeed have TPM2, all the other requirements and higher specs than the specification but for the high-end CPU which is not on MS's list. I am not able to replace it with a new one as MS wishes as Dell doesn't offer s a box which can take the multiple discs/burners I need for my video editing work. I'll use the holiday break to try an unofficial server-style upgrade. If that fails, I'll keep with Win 10 and, if absolutely necessary, simply detach it from the internet and feed it data from my Mac.
For MS to threaten to block updates places Win 10 and 11 in the same position - you're no worse off with an unsupported Win 11 than you are with an unsupported Win 10! Given Win 11 is a free upgrade from Win 10 and MS does not produce computers anyway, the logic is flawed.
Yes, I too bought my top end PC with all the pre-release requirements mentioned for Win 11 - I made sure of it!
Then Win 11 was released and Micros**t decided not to support some of the top end processors (including mine).
Will be moving to Linux (probably Mint or Elixr).
I still can't shake the feeling that requiring the TPM is a trojan horse tactic. Once every PC is running windows with a TPM, the screws will be turned, signed drivers will be a non-negotiable requirement, and anything not approved by Microsoft can be hard blocked. It feels like a move to be more like Apple where you don't really control your own device any more.
“It feels like a move to be more like Apple where you don't really control your own device any more.”
I got Granny an M2 Mac mini, well, why not, she likes that system.
It’s funny how you have the same computer with the same software, and after a few years it becomes so hobbled you’re forced to upgrade (even though nothing went wrong with the old one other than “updates”, hmm).
Apple gets you though, for an affordable price they give you a tiny storage device that is practically impossible to update!
But for $20 I got an old Drobo 5N, loaded it with 20TB of HDD (plus a decent power supply), established the network link, all of the sudden she has WAY more space than Apple dreamed possible.
They will have to put on their thinking caps to sabotage that system…
Upgraded my motherboard and cpu recently, so I gave Win11 another try.
I could keep win10 but I hate that too. May as well have the new shiny hate
I went into the installation with the knowledge that on first boot, I'd run a debloater app.
Also that the only thing I would use Win11 for is VR.
That debloater works wonders, making the OS STFU and removing heaps of cruft.
The only "noise* I get now is when Microsoft force me to upgrade.
If I could get ALVR working well in Linux I would ditch Win11 in an instant. Sadly after many hours tinkering with ALVR the best I can get is virtual night, which isn't much fun.
If you have to use Win11 and are admin on your PC, search github for debloater.
.....on January 11 2000:
- https://zgp.org/~dmarti/linuxmanship/Comes-3096.pdf
"Microsoft"....."mandatory".....and "Our mission is to establish Microsoft's platforms as the de facto standards throughout the computer industry."
Note: "platforms", "standards" - both plural!
“What's windows again? I could not find it in apt.”
https://linuxconfig.org/setting-up-virtual-machines-with-qemu-kvm-and-virt-manager-on-debian-ubuntu
$ sudo apt update
$ sudo apt upgrade
$ sudo apt install qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils virt-manager
$ sudo adduser $USER libvirt
$ sudo adduser $USER kvm
$ sudo systemctl status libvirtd
$ sudo systemctl start libvirtd
$ sudo systemctl enable libvirtd
$ virt-manager
After all that you can run Windows, macOS, Solaris, Kolibri, etc as Linux apps.
I notice that virtualization platforms like proxmox, vmware, kvm based etc offer virtual TPMs for guests and don't seem to require a host TPM.
I imagine you could install a cut down hypervisor with vTPM support on a TPM less machine and install Win11 as a guest.
On the other hand you might install a proper OS instead. ;)
I’ve not read all 63 posts here, so someone might have covered this already but, while it insists on some sort of TPM, you can install Windows 11 without a TPM 2.
Three years ago, I installed Windows 11 Pro on and old Asus A99X board with an AMD FX8370 processor. A TPM 1.2 is the best the board will support. It needed a bit of a registry hack to get it to accept a 1.2 but, after said hack, the machine has been fine ever since. In fact, I just updated it to 24H2 yesterday.
Similarly, you can get Bitlocker to work without a TPM. You just need to enter the key manually or from a USB stick at boot up.
This post has been deleted by its author
That means Linux Mint will gain substantial market share in the coming 18 months. Probably enough to put it on the map of ISV's now that Mac OS X's market share has dipped below 8%.
The thing I hate about these requirements is that they're being sold as a security measure whilst not making any difference in that space. We'll see Windows computers being pilfered and commandeered by hackers even with TPM 2.0 working as designed. It just doesn't matter that much.
Linux Mint is vastly more secure than Windows, even without Secure Boot. I mean, Windows only recently gained disk encryption as standard for home users. I've been using disk encryption for almost 20 years! And Linux had the technology standard in most distros for at least 10 to 15 years, maybe longer.
I doubt it tbh. You can't take the comments pages of El Reg to be representative of the great unwashed as a whole.
Out in the real world people will either buy new kit out of the fearmongering messages MS is likely to flashup on their screens or simply ignore it since they probably don't do updates anyway. They'll change Windows when they go to currys to buy their next laptop when the old one 'gets slow' or breaks completely. Not many will have the will to switch OS.
Lots of people these days don't have a functional windows device at home anyway, they just use Android/Apple tablets or their phones.
I think you're wrong. Most people own desktop computers. You can't spend your whole day on a tiny smartphone screen.
People will have the choice of chucking their PC in the trash bin (or keep running without updates) or migrating to Linux Mint. By word of mouth the latter will become popular.
MS have a duty to the planet! hundreds of thousands - if not millions - of computers will end up in landfill because THEY get to decide on security.
Microsoft: these are our computers, and if we don't want something on it, we'll vote with our feet!
I'm no fan of W10 or W11 but look at the situation. A huge percentage of corporate and consumer users are still using windows 10. Not because they won't upgrade to W11, but because they CAN'T. And they can't, because of Microsoft's policies. Microsoft have deliberately mismanaged the transition to a newer system. Look, we all know the advantages of a newer system, but Microsoft is strongarming us into replacing hardware when it really isn't necessary.
All they have to do is to say "Look, you can have windows 11, but a) it'll run very slowly on systems lower than an 8th gen intel processor, and b) you won't get the security advantages that windows 11 enforces on compatible machines". It would say a lot for environmental commitment for them to say that their OSes are so good that they'll keep running even on ancient hardware, but in a reduced capacity - after all, it's better than just binning old kit.
Don't get me wrong, I make money off selling new kit, but we can keep old kit running a bit longer in many cases.
MS knows fine well that the majority of compliance standards that business sign up to state that unsupported operating systems must not be used or it classes them as the very highest risk which causes lots of headaches. So that nicely foces the upgrade for them.
MS knows it gets a revenue boost every OS switch up, there is no incentive for MS to play nice.
We know they do. ChatGPT has caused their carbon emissions to increase by 20% and the TPM requirement will me lots of perfectly fine kit will be sent to the land fill.
Although I'll also be watching Ebay for folks not in the know who are selling off their "old kit" really cheaply.
For my personal rig I currently have Windows 11 24H2 very happy inside a Linux hosted VM being spoofed by a software-emulated TPM and a software-emulated Secure Boot, neither backed to real hardware function.
And that's where it's going to stay, sandboxed into a gaming-only VM where it is de-valued with the same contempt that MS has shown for its consumer-level users for the past decade. I'm hoping Steam/Proton gaming on linux will continue to develop until the day comes that I can retire Windows completely at home.
If any readers have similar sentiments then on your next hw upgrade consider buying at least two extra cores and look at embracing KVM or Xen hypervisors. Its very liberating and provides a migration path to start slowing shifting things away from windows to a Linux host, or alternative VM, where YOU get to dictate the terms and pacing.
Got a laptop, which is a neat little machine, quite handy when I'm travelling. Just not eligible for Windows 11, due to the processor it got soldered to the mainboard.
Now when Windows 10 gets unsupported next october, I just switch over to Linux Mint. Which already runs in a dual boot configuration next to Windows.
Maybe I'll keep Win10 as virtual machine with no connection to the internet, just in case.
Here's a post that's since appeared on Microsoft support on how to install Windows 11 on non-supported devices. It says there'll be a watermark, and it's not recommended. Blah, blah. It also goes into a lot of detail on how to revert back to Windows 10
And you have to accept the following disclaimer:
This PC doesn't meet the minimum system requirements for running Windows 11 - these requirements help ensure a more reliable and higher quality experience. Installing Windows 11 on this PC is not recommended and may result in compatibility issues. If you proceed with installing Windows 11, your PC will no longer be supported and won't be entitled to receive updates. Damages to your PC due to lack of compatibility aren't covered under the manufacturer warranty. By selecting Accept, you are acknowledging that you read and understand this statement.
It doesn't go into detail on how to do the upgrade (downgrade?) to Windows 11 but it looks like it's via the PC Health Check application.
Can someone try it and let me know how it went?
https://support.microsoft.com/en-us/windows/installing-windows-11-on-devices-that-don-t-meet-minimum-system-requirements-0b2dc4a2-5933-4ad4-9c09-ef0a331518f1#:~:text=Die%20Installation%20von%20Windows%2011,vertraut%20sein,%20dass%20Kompatibilit%C3%A4tsprobleme%20auftreten.&xcust=2-1-2550265-1-0-0-0-0&sref=https://www.pcworld.com/article/2550265/microsoft-now-allowing-windows-11-on-older-incompatible-pcs.html
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
