this post was submitted on 06 Dec 2023
113 points (87.9% liked)
Technology
59374 readers
7834 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The way Microsoft phrases it, it's way more ubiquitous than you make it out:
https://support.microsoft.com/en-us/topic/what-is-tpm-705f241d-025d-4470-80c5-4feeb24fa1ee
"TPM has been around for over 20 years, and has been part of PCs since around 2005. In 2016 TPM version 2.0 - the current version as of this writing - became standard in new PCs.
The odds are that your PC does already have TPM, and if it's less than 5 years old you should have TPM 2.0.
To find out if your Windows 10 PC already has it go to Start > Settings > Update and Security > Windows Security > Device Security. If you have it, you'll see a Security processor section on the screen."
So when they say:
"Important: Windows 11 requires TPM version 2.0."
They're requiring a standard established 7 years ago. Windows 11 launched in 2021, why WOULDN'T it require something from 2016?
You really want to run an OS from 2021 on hardware older than 2016? That's not going to be a good idea, TPM or not.
It's hard to avoid. People here just have been bitching about tpm because Linux distro maintainers don't want to jump through hoops signing their shit. This problem doesn't exist outside of Linux forums and people with absurdly old hardware.
Wrong. Linux has supported TPM2.0 for ages before even Windows and every distro maintainer would gladly sign their shit. The problem is that a shitload of hardware only accepts Microsoft TPM keys by default which can't legally be used by Linux distributions, forcing the work onto the users. It's pure vendor lock-in.
Also, this is going to be a way less of an issue when UKI's become the standard.
As I recall it, and correct me if I am wrong; but Linux and Distros are given keys to use? So if they want to they can revoke those keys and you could only install a Windows operating system?
The the default keys on the hardware, e.g. the keys hardcoded to the motherboard are 95+% of the time only the Microsoft Windows one's.
Even if the distro maintainers & developers had everything configured by default to be signed which is a pain in the ass without UKI's, it still requires the user to add new keys manually. Rarely do you have hardware with a key for a Linux distribution, and even if you managed to get hardware that has them, the majority of the time it's only keys for stuff like RHEL, Ubuntu Enterprise Edition, etc.
That's generally not possible, but I imagine if the BIOS is Internet capable it could be.
Nope. TPM isn't required to be able to install the system, only to take advantage of secure boot and security features of the hardware.