Page 3 of 3 FirstFirst 123
  1.    14 May 2016 #21
    Join Date : Dec 2014
    Posts : 437
    Windows 10 Pro x64

    Quote Originally Posted by Rocky View Post
    I looked at that page and it seems to me that Haswell is listed as having the ability to have a firmware update that would make it TPM 2.0 compliant. That is good because I built this little Haswell based system myself, it has an i5 4690, and I don't want to hassle a bunch of hardware updates.
    You need TPM support in the motherboard firmware or add-on. It is not a processor chip thing.
      My ComputerSystem Spec
  2.    16 May 2016 #22
    Join Date : Jul 2015
    Posts : 1,563
    Windows 10 Pro x64 RS 10586.586
    Thread Starter

    Microsoft Wants Windows 10 Redstone Devices to Be Super Secure


    Microsoft Wants Windows 10 Redstone Devices to Be Super Secure
    TPM 2.0 will be required on all devices running this version

    One of the reasons Microsoft pushes everyone to adopt Windows 10 is because of the security improvements that the company implemented into this OS version, and it turns out that work in this regard has not yet been completed.

    The upcoming Anniversary Update (also known by Microsoft enthusiasts as Redstone) will require all devices to come with Trusted Platform Module (TPM) 2.0 enabled by default.

    TPM version 1.0 is already being supported in Windows 10, but by advancing the minimum requirement to 2.0, Microsoft hopes to achieve improved security that would help devices running the latest version of the OS to stay protected against the latest type of threats.
    "Many Windows 10 features relying on TPM"

    TPM is essentially a security system implemented at the hardware level that uses a specifically designed chip for cryptographic features. The microprocessorís main role is to work with cryptographic keys that are stored onto devices. Version 2.0 comes with significant updates and supports several new authentication modes, new algorithms, including SHA-1, SHA-256, RSA and Elliptic curve cryptography P256, as well as multiple root keys.
    Read more: http://news.softpedia.com/news/micro...medium=twitter
      My ComputerSystem Spec
  3.    16 May 2016 #23
    Join Date : Sep 2014
    Sydney NSW Australia
    Posts : 291
    Windows 10 Pro 64bit 1703 (15063.502)

    Quote Originally Posted by lehnerus2000 View Post
    I'm expecting a big rise in Ransomware attacks.


    Agreed.

    Yet another attempt by MS to claim that they actually own your PC(s).
    It will (probably) make it harder to install a different OS.
    I agree wholeheartedly. This may be a problem for MS in OZ?
    You can't force conditional sale on people here. Our consumer laws
    are VERY much different. Like BIOS passwords, they don't work here
    and we have control over that.
      My ComputerSystem Spec
  4.    29 May 2016 #24
    Join Date : Jun 2015
    UK
    Posts : 2,166
    Windows 10 Home x64 (Laptop), Windows 10 Pro x64 (Desktop)

    I'm confused by this thead. I have a home built 2012 desktop PC using a Gigabyte GA-77X-UD5H motherboard. It has a TPM header but I don't have the module and doubt if I can buy one now.

    I'm running Windows 8.1 Pro and I'm considering upgrading to Widows 10 before the deadline. Do I need TPM support to be able to install and support Windows 10 on this motherboard?

    Also, I'm currently running Windows 10 on my Dell Inspiron 7537 laptop which doesn't have TPM support. What will happen when this laptop is updated at the end of July?
    Last edited by Steve C; 29 May 2016 at 01:41.
      My ComputersSystem Spec
  5.    29 May 2016 #25
    Join Date : Mar 2015
    Posts : 234
    Windows 10 Pro (x64)

    Quote Originally Posted by Steve C View Post
    I'm confused by this thead. I have a home built 2012 desktop PC using a Gigabyte GA-77X-UD5H motherboard. It has a TPM header but I don't have the module and doubt if I can buy one now.

    I'm running Windows 8.1 Pro and I'm considering upgrading to Widows 10 before the deadline. Do I need TPM support to be able to install and support Windows 10 on this motherboard?

    Also, I'm currently running Windows 10 on my Dell Inspiron 7537 laptop which doesn't have TPM support. What will happen when this laptop is updated at the end of July?
    No you do not need a TPM. This requirement is only for OEMs (Dell, HP) that want to be certified for Windows. I.e. they get a Windows sticker on the machine. This will not affect anyone outside of Dell or HP.
      My ComputerSystem Spec
  6.    29 May 2016 #26
    Join Date : Jun 2015
    UK
    Posts : 2,166
    Windows 10 Home x64 (Laptop), Windows 10 Pro x64 (Desktop)

    Quote Originally Posted by logicearth View Post
    No you do not need a TPM. This requirement is only for OEMs (Dell, HP) that want to be certified for Windows. I.e. they get a Windows sticker on the machine. This will not affect anyone outside of Dell or HP.
    What about my Dell Inspiron 7537 laptop which has no TPM support?
      My ComputersSystem Spec
  7.    29 May 2016 #27
    Join Date : Mar 2015
    Posts : 234
    Windows 10 Pro (x64)

    Quote Originally Posted by Steve C View Post
    What about my Dell Inspiron 7537 laptop which has no TPM support?
    Did it come with Windows 10? No? This only applies to NEW OEM computers that want to have the Windows 10 certified (a sticker).
      My ComputerSystem Spec
  8.    29 May 2016 #28
    Join Date : Feb 2015
    Bamberg Germany
    Posts : 18,026
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu

    Quote Originally Posted by logicearth View Post
    Did it come with Windows 10? No? This only applies to NEW OEM computers that want to have the Windows 10 certified (a sticker).
    Let me expand on this please: This only applies to FUTURE(yet to be made/built) NEW OEM computers that want to have the Windows 10 certified (a sticker).

    TPM 2.0 Compliance for Windows 10

    Windows 10 for desktop editions (Home, Pro, Enterprise, and Education)


    • As of July 28, 2016, all new device models, lines or seriesor if you are updating the hardware configuration of a existing model, line or serieswith a major update, such as CPU, graphic cards) must implement and enable by default TPM 2.0 (details in section 3.7, https://msdn.microsoft.com/library/w...(v=vs.85).aspx)
      Why TPM 2.0?

      TPM 2.0 products and systems have important security advantages over TPM 1.2, including:
      • The TPM 1.2 spec only allows for the use of RSA and the SHA-1 hashing algorithm.
      • For security reasons, some entities are moving away from SHA-1. Notably, NIST has required many federal agencies to move to SHA-256 as of 2014, and technology leaders, including Microsoft and Google have announced they will remove support for SHA-1 based signing or certificates in 2017.
      • TPM 2.0 enables greater crypto agility by being more flexible with respect to cryptographic algorithms.
        • TPM 2.0 supports SHA-256 as well as ECC, the latter being critical to drive signing and key generation performance.
        • TPM 2.0 achieved ISO standardization (ISO/IEC 11889:2015).
        • Use of TPM 2.0 may help eliminate the need for OEMs to make exception to standard configurations for certain countries and regions.

      • TPM 2.0 offers a more consistent experience across different implementations.
        • TPM 1.2 implementations across both discrete and firmware vary in policy settings. This may result in support issues as lockout policies vary.
        • TPM 2.0 standardized policy requirement helps establish a consistent lockout experience across devices, as such, Windows can offer a better user experience end to end.

      • While TPM 1.2 parts were discrete silicon components typically soldered on the motherboard, TPM 2.0 is available both as a discrete (dTPM) silicon component and as a firmware (fTPM) based component running in a trusted execution environment (TEE) on the systemís main SoC:
        • On Intel chips, it is the Intel Management Engine (ME) or Converged Security Engine (CSE).
        • For AMD chips, it is the AMD Security Processor
        • For ARM chips, it is a Trustzone Trusted Application (TA).
        • In the case of firmware TPM for desktop Windows systems, the chip vendor provides the firmware TPM implementation along with the other chip firmware to OEMs.
    TPM recommendations (Windows 10)

    3.7 Trusted Platform Module (TPM)

    As of July 28, 2016, all new device models, lines or series must implement and be in compliance with the International Standard ISO/IEC 11889:2015 or the Trusted Computing Group TPM 2.0 Library and a component which implements the TPM 2.0 must be present and enabled by default from this effective date.
    The following requirements must be met:

    • All TPM configurations must comply with local laws and regulations.
    • Firmware-based components that implement TPM capabilities must implement version 2.0 of the TPM specification.
    • An EK certificate must either be pre-provisioned to the TPM by the hardware vendor or be capable of being retrieved by the device during the first boot experience.
    • It must ship with SHA-256 PCR banks and implement PCRs 0 through 23 for SHA-256. Note that it is acceptable to ship TPMs with a single switchable PCR bank that can be utilized for SHA-256 measurements.
    • It must support TPM2_HMAC command.

    A UEFI firmware option to turn off the TPM is not required. OEM systems for special purpose commercial systems, custom order, and customer systems with a custom image are not required to ship with a TPM support enabled.
    For detailed TPM information, see Trusted Platform Module topic on TechNet and for TPM 1.2 and 2.0 version comparisons, please reference this article here.
    2.8 Trusted Platform Module (TPM)

    Devices that run Windows 10 Mobile must include a Trusted Platform Module (TPM) that implements version 2.0 of the TPM specification. The TPM can be a firmware-based solution integrated into the SoC or included as a discrete component in the device. The TPM 2.0 must meet the following requirements:

    • An EK certificate must be either pre-provisioned to the TPM by the hardware vendor or be capable of being retrieved by the device during the first boot experience.
    • It must ship with SHA-256 PCR banks and implement PCRs 0 through 23 for SHA-256. Note it is acceptable to ship TPMs with a single switchable PCR bank that can be used for both SHA-1 and SHA-256 measurements.
    • It must support TPM2_HMAC command.

    For detailed TPM information, see Trusted Platform Module topic on TechNet.
    Minimum hardware requirements - Windows 10 hardware dev
      My ComputersSystem Spec
  9.    29 May 2016 #29

    Thanks Cliff, couldn't be more clearer tbh
      My ComputersSystem Spec
  10.    29 May 2016 #30
    Join Date : Feb 2015
    Bamberg Germany
    Posts : 18,026
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu

    Quote Originally Posted by swarfega View Post
    Thanks Cliff, couldn't be more clearer tbh
    You're welcome.
    I prefer to go to the source, follow any links at that source, after reading something in a blog post, written by a writer, that doesn't know the difference between his "BASH and a hole in the ground."
      My ComputersSystem Spec

 
Page 3 of 3 FirstFirst 123


Similar Threads
Thread Forum
Illiterate old mom trying to buy Christmas Present for 12yo... Help!
Thanks for helping in advance. I bought my daughter an all in one HP for these things: she wants it for class projects, some gaming (nothing serious.. Minecraft and little things like that), she mentioned some place she wanted to buy games online...
General Support
Solved Why is system restore not enabled as default?
Hey Guys Is there a reason system restore is not enabled as default? Not needed any more/ is there now a better alternative ? Many thanks....
Backup and Restore
Encryption Enabled By Default or Not?
Hello, all! I installed Windows 10 on Wednesday. I remember one of the notifications that came up was asking me if I wanted to back up my encryption key. I'd like to know, is Windows 10 encrypted by default? I read around, and it sounds like...
AntiVirus, Firewalls and System Security
How can I check if OneDrive is still present and available
Hello :) In my Windows 10 Home I have applied the following Registry modification in order to disable (and remove?) OneDrive: 27349 The only visible change is that OneDrive has disappeared from the navigation pane of my File Explorer. I...
Customization
Solved Multiple display selection not present
Went from upgrade 10130 with both monitors in extended mode to a clean install of 10130. Multiple display selection is not present. Both monitors are in Mirror mode at the present. (both showing the same thing). Connected devices only show 1...
Drivers and Hardware
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 08:18.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums