Windows 10: TPM 2.0 must be present and enabled by default for all new Win 10 PC`s

Page 3 of 3 FirstFirst 123
  1.    14 May 2016 #21

    Rocky said: View Post
    I looked at that page and it seems to me that Haswell is listed as having the ability to have a firmware update that would make it TPM 2.0 compliant. That is good because I built this little Haswell based system myself, it has an i5 4690, and I don't want to hassle a bunch of hardware updates.
    You need TPM support in the motherboard firmware or add-on. It is not a processor chip thing.
      My ComputerSystem Spec


  2. Posts : 1,563
    Windows 10 Pro x64 RS 10586.586
    Thread Starter
       16 May 2016 #22

    Microsoft Wants Windows 10 Redstone Devices to Be Super Secure


    Microsoft Wants Windows 10 Redstone Devices to Be Super Secure
    TPM 2.0 will be required on all devices running this version

    One of the reasons Microsoft pushes everyone to adopt Windows 10 is because of the security improvements that the company implemented into this OS version, and it turns out that work in this regard has not yet been completed.

    The upcoming Anniversary Update (also known by Microsoft enthusiasts as Redstone) will require all devices to come with Trusted Platform Module (TPM) 2.0 enabled by default.

    TPM version 1.0 is already being supported in Windows 10, but by advancing the minimum requirement to 2.0, Microsoft hopes to achieve improved security that would help devices running the latest version of the OS to stay protected against the latest type of threats.
    "Many Windows 10 features relying on TPM"

    TPM is essentially a security system implemented at the hardware level that uses a specifically designed chip for cryptographic features. The microprocessorís main role is to work with cryptographic keys that are stored onto devices. Version 2.0 comes with significant updates and supports several new authentication modes, new algorithms, including SHA-1, SHA-256, RSA and Elliptic curve cryptography P256, as well as multiple root keys.
    Read more: http://news.softpedia.com/news/micro...medium=twitter
      My ComputerSystem Spec


  3. Posts : 291
    Windows 10 Pro 64bit 1703 (15063.502)
       16 May 2016 #23

    lehnerus2000 said: View Post
    I'm expecting a big rise in Ransomware attacks.


    Agreed.

    Yet another attempt by MS to claim that they actually own your PC(s).
    It will (probably) make it harder to install a different OS.
    I agree wholeheartedly. This may be a problem for MS in OZ?
    You can't force conditional sale on people here. Our consumer laws
    are VERY much different. Like BIOS passwords, they don't work here
    and we have control over that.
      My ComputerSystem Spec


  4. Posts : 1,830
    Windows 10 Home x64 (Laptop), Windows 10 Pro x64 (Desktop)
       29 May 2016 #24

    I'm confused by this thead. I have a home built 2012 desktop PC using a Gigabyte GA-77X-UD5H motherboard. It has a TPM header but I don't have the module and doubt if I can buy one now.

    I'm running Windows 8.1 Pro and I'm considering upgrading to Widows 10 before the deadline. Do I need TPM support to be able to install and support Windows 10 on this motherboard?

    Also, I'm currently running Windows 10 on my Dell Inspiron 7537 laptop which doesn't have TPM support. What will happen when this laptop is updated at the end of July?
    Last edited by Steve C; 29 May 2016 at 01:41.
      My ComputerSystem Spec

  5.    29 May 2016 #25

    Steve C said: View Post
    I'm confused by this thead. I have a home built 2012 desktop PC using a Gigabyte GA-77X-UD5H motherboard. It has a TPM header but I don't have the module and doubt if I can buy one now.

    I'm running Windows 8.1 Pro and I'm considering upgrading to Widows 10 before the deadline. Do I need TPM support to be able to install and support Windows 10 on this motherboard?

    Also, I'm currently running Windows 10 on my Dell Inspiron 7537 laptop which doesn't have TPM support. What will happen when this laptop is updated at the end of July?
    No you do not need a TPM. This requirement is only for OEMs (Dell, HP) that want to be certified for Windows. I.e. they get a Windows sticker on the machine. This will not affect anyone outside of Dell or HP.
      My ComputerSystem Spec


  6. Posts : 1,830
    Windows 10 Home x64 (Laptop), Windows 10 Pro x64 (Desktop)
       29 May 2016 #26

    logicearth said: View Post
    No you do not need a TPM. This requirement is only for OEMs (Dell, HP) that want to be certified for Windows. I.e. they get a Windows sticker on the machine. This will not affect anyone outside of Dell or HP.
    What about my Dell Inspiron 7537 laptop which has no TPM support?
      My ComputerSystem Spec

  7.    29 May 2016 #27

    Steve C said: View Post
    What about my Dell Inspiron 7537 laptop which has no TPM support?
    Did it come with Windows 10? No? This only applies to NEW OEM computers that want to have the Windows 10 certified (a sticker).
      My ComputerSystem Spec


  8. Posts : 16,489
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu
       29 May 2016 #28

    logicearth said: View Post
    Did it come with Windows 10? No? This only applies to NEW OEM computers that want to have the Windows 10 certified (a sticker).
    Let me expand on this please: This only applies to FUTURE(yet to be made/built) NEW OEM computers that want to have the Windows 10 certified (a sticker).

    TPM 2.0 Compliance for Windows 10

    Windows 10 for desktop editions (Home, Pro, Enterprise, and Education)


    • As of July 28, 2016, all new device models, lines or seriesor if you are updating the hardware configuration of a existing model, line or serieswith a major update, such as CPU, graphic cards) must implement and enable by default TPM 2.0 (details in section 3.7, https://msdn.microsoft.com/library/w...(v=vs.85).aspx)
      Why TPM 2.0?

      TPM 2.0 products and systems have important security advantages over TPM 1.2, including:
      • The TPM 1.2 spec only allows for the use of RSA and the SHA-1 hashing algorithm.
      • For security reasons, some entities are moving away from SHA-1. Notably, NIST has required many federal agencies to move to SHA-256 as of 2014, and technology leaders, including Microsoft and Google have announced they will remove support for SHA-1 based signing or certificates in 2017.
      • TPM 2.0 enables greater crypto agility by being more flexible with respect to cryptographic algorithms.
        • TPM 2.0 supports SHA-256 as well as ECC, the latter being critical to drive signing and key generation performance.
        • TPM 2.0 achieved ISO standardization (ISO/IEC 11889:2015).
        • Use of TPM 2.0 may help eliminate the need for OEMs to make exception to standard configurations for certain countries and regions.

      • TPM 2.0 offers a more consistent experience across different implementations.
        • TPM 1.2 implementations across both discrete and firmware vary in policy settings. This may result in support issues as lockout policies vary.
        • TPM 2.0 standardized policy requirement helps establish a consistent lockout experience across devices, as such, Windows can offer a better user experience end to end.

      • While TPM 1.2 parts were discrete silicon components typically soldered on the motherboard, TPM 2.0 is available both as a discrete (dTPM) silicon component and as a firmware (fTPM) based component running in a trusted execution environment (TEE) on the systemís main SoC:
        • On Intel chips, it is the Intel Management Engine (ME) or Converged Security Engine (CSE).
        • For AMD chips, it is the AMD Security Processor
        • For ARM chips, it is a Trustzone Trusted Application (TA).
        • In the case of firmware TPM for desktop Windows systems, the chip vendor provides the firmware TPM implementation along with the other chip firmware to OEMs.
    TPM recommendations (Windows 10)

    3.7 Trusted Platform Module (TPM)

    As of July 28, 2016, all new device models, lines or series must implement and be in compliance with the International Standard ISO/IEC 11889:2015 or the Trusted Computing Group TPM 2.0 Library and a component which implements the TPM 2.0 must be present and enabled by default from this effective date.
    The following requirements must be met:

    • All TPM configurations must comply with local laws and regulations.
    • Firmware-based components that implement TPM capabilities must implement version 2.0 of the TPM specification.
    • An EK certificate must either be pre-provisioned to the TPM by the hardware vendor or be capable of being retrieved by the device during the first boot experience.
    • It must ship with SHA-256 PCR banks and implement PCRs 0 through 23 for SHA-256. Note that it is acceptable to ship TPMs with a single switchable PCR bank that can be utilized for SHA-256 measurements.
    • It must support TPM2_HMAC command.

    A UEFI firmware option to turn off the TPM is not required. OEM systems for special purpose commercial systems, custom order, and customer systems with a custom image are not required to ship with a TPM support enabled.
    For detailed TPM information, see Trusted Platform Module topic on TechNet and for TPM 1.2 and 2.0 version comparisons, please reference this article here.
    2.8 Trusted Platform Module (TPM)

    Devices that run Windows 10 Mobile must include a Trusted Platform Module (TPM) that implements version 2.0 of the TPM specification. The TPM can be a firmware-based solution integrated into the SoC or included as a discrete component in the device. The TPM 2.0 must meet the following requirements:

    • An EK certificate must be either pre-provisioned to the TPM by the hardware vendor or be capable of being retrieved by the device during the first boot experience.
    • It must ship with SHA-256 PCR banks and implement PCRs 0 through 23 for SHA-256. Note it is acceptable to ship TPMs with a single switchable PCR bank that can be used for both SHA-1 and SHA-256 measurements.
    • It must support TPM2_HMAC command.

    For detailed TPM information, see Trusted Platform Module topic on TechNet.
    Minimum hardware requirements - Windows 10 hardware dev
      My ComputersSystem Spec

  9.    29 May 2016 #29

    Thanks Cliff, couldn't be more clearer tbh
      My ComputersSystem Spec


  10. Posts : 16,489
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu
       29 May 2016 #30

    swarfega said: View Post
    Thanks Cliff, couldn't be more clearer tbh
    You're welcome.
    I prefer to go to the source, follow any links at that source, after reading something in a blog post, written by a writer, that doesn't know the difference between his "BASH and a hole in the ground."
      My ComputersSystem Spec


 
Page 3 of 3 FirstFirst 123

Related Threads
Thanks for helping in advance. I bought my daughter an all in one HP for these things: she wants it for class projects, some gaming (nothing serious.. Minecraft and little things like that), she mentioned some place she wanted to buy games online...
Hey Guys Is there a reason system restore is not enabled as default? Not needed any more/ is there now a better alternative ? Many thanks....
Encryption Enabled By Default or Not? in AntiVirus, Firewalls and System Security
Hello, all! I installed Windows 10 on Wednesday. I remember one of the notifications that came up was asking me if I wanted to back up my encryption key. I'd like to know, is Windows 10 encrypted by default? I read around, and it sounds like...
Hello :) In my Windows 10 Home I have applied the following Registry modification in order to disable (and remove?) OneDrive: 27349 The only visible change is that OneDrive has disappeared from the navigation pane of my File Explorer. I...
Went from upgrade 10130 with both monitors in extended mode to a clean install of 10130. Multiple display selection is not present. Both monitors are in Mirror mode at the present. (both showing the same thing). Connected devices only show 1...

Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 23:03.
Find Us