[gtvwill]

Errr they want real TPM functionality. Emulation kinda nerfs the whole point of it. It's a hardware key. If you could just emulate it what would stop you spoofing it?

Edit: autocorrect TPM

[murgindrag]

Well, modules can be designed to protect my security, or to harm my security (e.g. to enforce DRM). I'm unclear on how "real TPM" functionality helps me. If it helps secure Microsoft, and hurts my security, that's a good reason to not use Windows.

I have not found good docs on what TPM exactly does in Windows 11, but people I trust tell me to distrust it, so I do.

[easton]

It’s used to store BitLocker (Full Disk Encryption) keys so you don’t have to type a password for the system to boot. If you don’t use BitLocker, it’s not used for much else.

One could conclude that they are requiring TPM so they can eventually turn on BitLocker by default.

[hulitu]

This is really stupid. So you can use your hard drive only in the first computer.

[mrlonglong]

If VirtualBox takes the pass though approach, will we be able to migrate Windows 11 VMs between computers?

[tinus_hn]

How would they detect the difference?

[scintill76]

Probably built-in crypto keys signed by Intel/AMD keys.

[tinus_hn]

That would be unfortunate for Infineon who create the majority of TPM chips. Who’s going to be the gatekeeper who decides who can create TPM chips and what’s going to happen when a new manufacturer wants to enter the stage?

[scintill76]

I should have said TPM manufacturers, but it’s the same basic idea. Here’s Infineon’s key: https://www.infineon.com/cms/en/product/promopages/optiga_tp... I guess new manufacturers have to beg people to recognize their root key as legitimate.