New
#20
I have a ramshackle collection of laptops (and the odd tablet) and barely any of them will run it.
It's fair enough that an old Core 2 Duo which came with XP, which will run Windows 10 but not Windows 11 (not least because it's 32 bit) - that's not too unreasonable. But I have much newer devices which fail the TPM test - even those with Secure Boot don't seem to have a TPM.
I also have a Windows 8 tablet (upgraded to Win10) and a cheap Win 10 tablet - I think they do have a TPM... but they fail the memory and disk size requirements.
So I'm quite sad that I'll have a lot of devices which will go out of support in 2025.
Good question there. So far I have found some info.
"Intel’s PTT was Introduced in 2013 on select fourth-generation Intel Core processors and chipsets, including Intel Haswell ULT multichip packages, as well as on Atom-based, system-on-a-chip solutions like Bay Trail. PTT enables low-cost and low-power devices to support the same root of trust concepts enabled by hardware-based TPM. Furthermore, it supports all of Microsoft’s requirements for firmware Trusted Platform Module (fTPM) 2.0. A similar implementation—ARM’s TrustZone scheme—provides TPM capabilities for low-power, ARM processor-based portable devices like tablets."
and
"Intel chipsets that support Intel Management Engine come with a firmware implementation of TPM."
The biggest gotcha is that some mobos and laptops do not have a way to implement TPM even tho the CPU can. I am looking into this and will report more as I find it.
Looks like MS is going to require TPM. I am pretty computer savvy yet it took me a couple of hours to enable it along with a lot of dire warnings about losing the BIOS ROM or the CPU will brick the computer and all of the drives. Just having TPM disabled by default on my relatively new and expensive mobo/CPU was an unpleasant surprise. Having everything in the system encrypted with the CPU/dongle is also a scary thought IF it is actually being done. Who knows?
Last edited by John Pombrio; 24 Jun 2021 at 18:34.
Newegg link: SuperMicro AOM-TPM-9665V (Vertical) Trusted Platform Module with Infineon 9665, TPM 2.0, uses TCG 2.0 - Newegg.ca
Ebay link: Supermicro AOM-TPM-9655V Server Security Add on 20-Pin TPM Trusted Module | eBay
Newegg is way more cost than Ebay, but it is new not used.
Ak
My Optiplex 9020 does have TPM after all, but v1.2. Dell site says it can't be updated to v2.0.
Grrr.
Cheapness has nothing to do with it, the Flagship Asus ROG gaming Mobos from 2013+ did not have TPM or alternatives even though Haswell CPU's support, the far cheaper PRO/WIFI models Mobos did.
Z87 Rog: nope
Z97 Rog: nope
Thanks, edited my post. I was looking through the Maximus Hero V manual that someone posted and I did not see any settings for PCH-FW Configuration. It MAY be firmware enabled by default but I doubt it. I expect that MS will quickly drop the TPM requirement before it goes live. That is a very onerous thing to make people use or have the capability to use.
Asus's excuse was these high end/cost ROG Mobo's are more aimed at gamers/enthusiasts then creators so no TPM header when asked in the forum years back.
The newer ones do have them but not sure when it started, Z170 possibly.
I just verified that the TPM dongle and TPM via the CPU firmware act the same on a Windows machine. From MS:
"Discrete, Integrated or Firmware TPM? There are three implementation options for TPMs:
Discrete TPM chip as a separate component in its own semiconductor package
Integrated TPM solution, using dedicated hardware integrated into one or more semiconductor packages alongside, but logically separate from, other components
Firmware TPM solution, running the TPM in firmware in a Trusted Execution mode of a general-purpose computation unit
Windows uses any compatible TPM in the same way. Microsoft does not take a position on which way a TPM should be implemented and there is a wide ecosystem of available TPM solutions which should suit all needs."