WW 730: The New Windows 11

Beep boop - this is a robot. A new show has been posted to TWiT…

What are your thoughts about today’s show? We’d love to hear from you!

The TPM thing bothers me only because it’s so unnecessary. TPM and such features should be totally optional. I have no reason at all to encrypt disks on my desktop gaming rig. It flies in the face of Satya’s final words about agency of the user.

Eventually TPM will become standard for custom builds but that’s not the case now and it’ll hurt for the first year or so.

I like the UI look for the most part. Hoping they allow us to move the taskbar at some point, I like mine on the top.

The store redesign looks nice, jives with their other modern apps. Holding my breath on UX performance though. If it’s anything like the current incarnation of the Xbox app it’ll be atrocious.

1 Like

They could have included a feature in the Home edition, such as bringing down BitLocker from Pro to Home, as an “enticement”. I suspect it has more to do with them trying to find a new way to do DRM (like for content) than it has to do with anything beneficial for any customer.

1 Like

@thurrott said that it was released in 2017, so most modern PCs should have it. Unfortunately, that is not the case.

It was released a few years ago, yes. But, as it is an additional cost item, it was reserved for high-end business PCs that actually needed it.

My Ryzen motherboard doesn’t have a TPM module, because it wasn’t sold as a business PC.

This will change from now on, but I’d guess a majority of home PCs at the moment don’t have a TMP module - the main use, until now, was for BitLocker, which was reserved for business class PCs, so it was a “useless” addition to the BoM of home machines.

It will be interesting to see how many current motherboards for self-builds already have a TPM module - looking at the current Asus motherboard, over a third do not include a TPM module.

I’m guessing, most low-end PCs and laptops won’t have the module, so will need to be replaced. By Delll, I’d expect Optiplex, Latitude, Precision and possibly XPS laptops to include a TPM module, but the cheaper and consumer models probably not.

Likewise, I’d expect HP Elites to have it, but possibly Sprectre and below not. The same with Lenovo the Think… ranges have them, but, probably not many of the Idea… ranges. The other question is, how long have Microsoft and manufacturers been planning this? Do 2020 and 2021 models of lower end and consumer devices already have TPM modules, in readiness for this change?

2 Likes

between tpm 2 and directx 12 compatible graphics card this really suggests an attempt to stimulate people to buy new PCs. seems clear to me.

3 Likes

I had a switch for TPM in my BIOS on my Asrock ITX, which I built 3 years ago with a Ryzen 2000 chip.

Here’s some other fun Windows links I found today:

Loos like they didn’t obsess over every pixel…

3 Likes

I love the look of Windows 11 but my PC was purchased in 2016 so before the TPM chip was on the market. It’s a consumer class PC so doesn’t really have the need for it either. But I’m sad that even though I’ll beta test it, it won’t be commercially available for my PC. Which stinks because it’s a perfectly functioning computer. That being said my primary computer now is a Macbook Pro so I’ll put Monterey on it and live blissfully in the Apple world.

3 Likes

so I disagree that most recent PCs will be compatible. in laptops, tpm is frequently found but only recent gaming laptops would have the directx-12 graphics. how many are out there with just the built-in intel video?

in the desktop area tpm 2.0 is not that common and remember that the crypto folks have been soaking up the supply of gaming video cards…

so how can this not be a play to boost the purchase of new PCs which seem to be the only way you can get a decent video card these days?

I believe one reason your Ryzen motherboard did not come with a TPM module (perhaps not even a TPM header) is because Ryzen CPUs come with an “embedded” TPM known as fTPM (firmware TPM).

In the UEFI, it’s often disabled by default. I believe AMD calls their fTPM as "PSP fTPM, while Intel it its infinite marketing mumbo-jumbo calls it “Platform Trust Technology / PTT”.

//

Agreed on the OEMs. Any TPM requirement can by bypassed by OEMs, even according to Microsoft (source; warning: a direct PDF download)

Upon approval from Microsoft, OEM systems for special purpose commercial systems, custom order, and customer systems with a custom image are not required to ship with a TPM support enabled.

1 Like

To be clear, it is DirectX12 compatible, which includes all Intel iGPUs since Haswell.

DirectX 12 Compatible GPUs

Intel: Intel Haswell (4th gen. Core) and Broadwell (5th gen. Core) processors [and newer]

AMD: Radeon HD 7000-series graphics cards, Radeon HD 8000-series graphics cards, Radeon R7- and R9-series graphics cards, and the following APUs (which meld CPU and GPU on a single chip): AMD A4/A6/A8/A10-7000 APUs (codenamed “Kaveri”), AMD A6/A8/A10 PRO-7000 APUs (codenamed “Kaveri”), AMD E1/A4/A10 Micro-6000 APUs (codenamed “Mullins”), AMD E1/E2/A4/A6/A8-6000 APUs (codenamed “Beema”) [and newer]

Nvidia: GeForce 600-, 700-, and 900-series graphics cards, GTX Titan series [and newer]

EDIT: WDDM 2.x means it has a Windows 10-compatible driver. WDDM is the driver model for Windows 10 GPU drivers, so as long as it’s ever had a Windows 10 compatible driver, the driver will work in Windows 11.

2 Likes

Yes, supposedly the TPM is part of the AGESA, and was, for some time, horribly broken and insecure. AMD doesn’t let anyone see the source code for AGESA, they send it out to MOBO manufacturers as a binary blob, so who knows how reliable it actually is as a security device. It may, however, be sufficient to satisfy this bogus Windows 11 requirement.

2 Likes

With all these new requirements, will Win 11 install in non-Hyper-V virtual environments?

VMWare supports/emulates a TMP 2.0 according to a friend of mine who uses it.

2 Likes

Mary Jo mentioned, and it wasn’t really discussed, that using the Amazon App Store means no Google Play Services. I have 2 Fire tablets and I have to sideload a few apps that Amazon doesn’t have. On occasion, I hit the ‘won’t run without Google Play Services’ issue and I delete it.

(Yes, I know I can load Google Play Services. The one time I’ve tried that with a previous Fire tablet it seemed to adversely affect battery life.)

So, will we be able to “sideload”? Or will the apps HAVE to come from Amazon?

2 Likes

My desktop PC is home built back in the Win 7 era. It’s quite happy running Win 10 21H1. I haven’t checked, but I’m assuming I’ll be stuck at Win 10. (It also duel boots to Manjaro, so if worse comes to worse I’ll just switch more to Linux.)

I prefer my taskbar on the right since widescreen real estate is more available on the sides and (I’ll assume) since I’m right handed it makes more sense for my brain.

3 Likes

Oh, wow. Seems like proper TPM has not been a priority. Let’s hope the patches have gone through. Intel has had its own terrible security with ME. Sigh, these things should’ve been figured out by all years ago.

And, yes: it does seem rather arbitrary. What does Windows 11 need to do that requires TPM? No explanation thus far.

//

Mary Jo mentioned, and it wasn’t really discussed, that using the Amazon App Store means no Google Play Services. I have 2 Fire tablets and I have to sideload a few apps that Amazon doesn’t have. On occasion, I hit the ‘won’t run without Google Play Services’ issue and I delete it.

(Yes, I know I can load Google Play Services. The one time I’ve tried that with a previous Fire tablet it seemed to adversely affect battery life.)

So, will we be able to “sideload”? Or will the apps HAVE to come from Amazon?

In a recent Verge interview, Satya claims Microsoft is open to Google bringing the Play Store to Windows 11. That might be “never” or “years” or “weeks” if Google is extremely eager. Seems like Google vs Amazon vs Microsoft compete when it’s advantageous and work together when it’s mutually beneficial,

The Verge:
You’re a partner with Amazon to distribute Amazon apps. You said at the event other Android app stores are welcome to participate in delivering to Windows. The Amazon Appstore right now is pretty focused on Amazon’s own Fire tablets and products.

It’s… fine. I would not call it great. It certainly doesn’t have the volume that the Google Play Store has for Android apps. Are you expecting that it’s going to get better? Do you think it’s good enough now? Tell me about that partnership.

Satya Nadella:
I think it’s a good place for us to start, and I hope that more developers even look at Amazon Appstore as a way to go reach more users. I’m hoping that benefits them and us. And as I said, if this works, I would hope that even Google will take a look at it, right? If they feel like this is a way that they can increase the usage of Android apps, we’ll welcome any other app store.

Emphasis mine.

1 Like

I guess I should have looked at my feeds before asking this.

According to @ohthatflo
https://gizmodo.com/windows-11-will-let-you-sideload-android-apps-no-amazo-1847175094

Of course, the one app that’s mentioned in this article, Twitter, is available from the Amazon Appstore, and it’s kept (mostly) updated, so it’s a bad example of a need to sideload.

1 Like

EDIT: ninja’d by @puzzledfiggjo, heh

Miguel de Icaza on Twitter: “@ajonoguy Yes!” / Twitter

Miguel, a “Distinguished Engineer” at Microsoft, has confirmed Windows 11 will allow Android APKs sideloading. Standing question on Google Play Services still in the air, as many apps still rely on these.

//

Microsoft has provided a blog post explaining TPM requirements on Windows 11:

[clip]

Our Security Signals report found that 83 percent of businesses experienced a firmware attack, and only 29 percent are allocating resources to protect this critical layer.

With Windows 11, we’re making it easier for customers to get protection from these advanced attacks out of the box. All certified Windows 11 systems will come with a TPM 2.0 chip to help ensure customers benefit from security backed by a hardware root-of-trust.

The Trusted Platform Module (TPM) is a chip that is either integrated into your PC’s motherboard or added separately into the CPU. Its purpose is to help protect encryption keys, user credentials, and other sensitive data behind a hardware barrier so that malware and attackers can’t access or tamper with that data.

PCs of the future need this modern hardware root-of-trust to help protect from both common and sophisticated attacks like ransomware and more sophisticated attacks from nation-states. Requiring the TPM 2.0 elevates the standard for hardware security by requiring that built-in root-of-trust.

TPM 2.0 is a critical building block for providing security with Windows Hello and BitLocker to help customers better protect their identities and data. In addition, for many enterprise customers, TPMs help facilitate Zero Trust security by providing a secure element for attesting to the health of devices.

@MaryJo, they mention Pluton briefly. I’ll chalk it up a miss: looks like TPM is the real driver for Windows 11’s public security focus (at least from what we know so far):

Innovation like the Microsoft Pluton security processor, when used by the great partners in the Windows ecosystem, help raise the strength of the fundamentals at the heart of robust Zero Trust security.

This next level of hardware security is compatible with upcoming Pluton-equipped systems and also any device using the TPM 2.0 security chip, including hundreds of devices available from Acer, Asus, Dell, HP, Lenovo, Panasonic, and many others.

Here’s some information from The Verge.
https://www.theverge.com/2021/6/25/22550376/microsoft-windows-11-tpm-chips-requirement-security

But the tl:dr;

Hidden away on Microsoft’s site is what’s really happening here. The true minimum requirements are TPM 1.2 and a 64-bit dual-core CPU that’s 1GHz or greater. TPM support can be enabled through practically any modern CPU in the BIOS settings of a machine. You shouldn’t need a separate module unless your CPU is very old.

Plus, just today they updated the Windows 11 PC Health Check App to be more helpful. I installed this app this morning and was confused by it output. Installed the new version and I’m told that I don’t support Secure Boot. I haven’t gone into BIOS to see what’s what.

We just made updates to the Windows 11 PC Health Check App. It now provides more detailed info on requirements not met. This should help in cases where folks assumed CPU compat issues were TPM related https://aka.ms/GetPCHealthCheckApppic.twitter.com/eZLTZMOdjT

— DWIZZZLE (@dwizzzleMSFT) June 25, 2021

This Ars Technica article is quite useful. It talks about the hardware requirements for Windows 11, including the TPM, and ways you may be able to “make due” for a few scenarios, including running virtualization on Linux.

1 Like