[osy]

> I'm going to be honest here and say that I don't know what Microsoft's actual motivation for requiring a TPM in Windows 11 is.

It is quite obvious: to force people to buy a new PC. TPM provides no added security value for the vast majority of users[1] but it is a convenient hardware that has only started to become standard (fTPM) in PCs built in the last ~8 years so it provides an excuse for Microsoft to declare computers older than that (which can run Windows 10) obsolete using "security" as an easy scapegoat.

[1]: https://gist.github.com/osy/45e612345376a65c56d0678834535166

[p_ing]

> TPM provides no added security value for the vast majority of users[1]

Yes it does. The vast majority of users aren't going to have their laptop stolen by the CIA/NSA and have their DIMMs popped and cryofreezed.

The vast majority of users aren't going to have the case opened and a special-purpose PCIe device installed to steal keys over DMA.

The vast majority of users aren't going to have a dTPM vulnerable to SPI sniffing as modern and not-so-modern processors have fTPM.

This is to provide some baseline level of protection of the user's data against theft and loss.

Are there attacks against TPM? Yep. In as much as there are attacks against SMS 2FA, but for the vast majority of people, SMS 2FA is an acceptable level of security.

If you're a CEO, well sure, you're going to want to do something better (TPM + PIN). I acknowledge that Windows 11 Home users don't have this specific option.

Everyone needs to level set on the type of attacks that are practical vs. involved and who the targets of those attacks are.

FDE (w/ TPM) is part of defense-in-depth. Even if imperfect, it's another layer of protection.

[AnthonyMouse]

> The vast majority of users aren't going to have their laptop stolen by the CIA/NSA and have their DIMMs popped and cryofreezed.

That's kind of the point. The vast majority of users aren't going to have their laptop stolen at all, if they do it will 99% of the time be by someone who only wants to wipe it and fence it, and attempts to access data are most likely to be by unsophisticated family members who would be defeated by a simple password without any TPM.

Meanwhile there have been plenty of TPM vulnerabilities that don't require anything so esoteric and can often be attacked purely from software, so if a normal user was facing even so much as someone willing to watch some security conference talks, they're going to lose regardless. If the TPM doesn't make them more vulnerable to that, because it contains the secrets and is susceptible to attack, vs. FDE with a boot key stored in some cloud service secured with the user's password instead of a TPM, which can then rate limit attempts without being susceptible to physical access attacks and be revoked if the device is stolen.

Moreover, the more common threat to normal users is data loss, in which case you only want your laptop to be secure against your unsophisticated nephew and not the tech you want to recover your data after you forget your password.

> In as much as there are attacks against SMS 2FA, but for the vast majority of people, SMS 2FA is an acceptable level of security.

The current recommendation seems to be against SMS 2FA because the security of SMS really is that bad, so if you need 2FA, use an authenticator app or similar.

> FDE (w/ TPM) is part of defense-in-depth.

Any snake oil can be painted as defense-in-depth.

[wkat4242]

> That's kind of the point. The vast majority of users aren't going to have their laptop stolen at all, if they do it will 99% of the time be by someone who only wants to wipe it and fence it, and attempts to access data are most likely to be by unsophisticated family members who would be defeated by a simple password without any TPM.

True, any preboot password method (even fully software) will be sufficient to prevent data exposure when a laptop is stolen.

The whole TPM + secure boot thing is more to prevent evil maid attacks where a laptop is messed with (eg installing a bootloader that intercepts the password) and then placing it back in the user's possession so they can be tricked into entering the password.

That whole scenario is extremely far-fetched for home users. Laptops get stolen but then they're gone.

[sidewndr46]

But it doesn't even do that. If I want to perform the "evil maid" attack why would I screw around with the bootloader? I'm just going to replace the entire device with something that captures the password & sends it to me remotely.

[wkat4242]

You could but the user might notice. Most business laptops don't exactly look like new.

I would very likely notice.

[p_ing]

I'm not groking what you're saying. Replace what "entire device"?

[sidewndr46]

You're at an industry conference. I want the data on your laptop's hard drive. You leave your laptop in the hotel room. Which one is easier:

1. Go into your room and screw around with the boot loader to somehow give me unencrypted access to your laptop after you login next time.

2. Go into your room. Take your laptop. Put an identical looking laptop in place that runs software that boots and looks identical. Have it send me all of your password attempts over WiFi to my van in the parking lot.

I'm going with option 2 every time. I have your original device. I have your password. TPM, SecureBoot, or whatever is irrelevant at this point.

[XorNot]

No one wants a preboot password though.

TPM means the system can boot and then do face login or whatever using the user's password in exactly one place.

This is as much as most users will tolerate. And it also means Microsoft account recovery can work to unlock a forgotten password.

The whole point is Microsoft don't want user devices to ever be trivially bypassed, regardless of how unlikely that is (probably more likely then you think though).

These things are everywhere: they're used by small businesses, unsophisticated users etc. but the story which will be written if anything happens because the disk was imaged sometime will be "how this small business lost everything because of a stolen Windows laptop" and include a quote about how it wouldn't have happened on a MacBook.

[mjw_byrne]

"No one wants a preboot password though" - really? Doesn't strike me as particularly inconvenient, especially given the relative rarity of actual bootups these days.

I've been using bog-standard FDE for as long as I can remember. One extra password entry per bootup for almost-perfect security seems like great value to me.

[zinekeller]

It seems that you're looking at the wrong bubble here. Most people actually detests passwords and would rather use a different method if possible (this is why ordinary users turn on biometric authentication despite some here questioning its security). Adding another password will certainly make users - especially enterprises - complain.

Also for technical reasons, Windows can't do the fancy one login/password screen (which assumes a file-level encryption, which is how it is implemented nowadays to support multiple users [1] [2]). This is due to Windows software that are expecting that everything is an ordinary file (unlike Apple which don't care on that aspect and Android which has compartmentalized storage). Even if we have an EFS-style encryption here, it will be incompatible with enterprise authentication solutions.

1: https://support.apple.com/guide/security/encryption-and-data...

2: https://source.android.com/docs/security/features/encryption

[devops99]

The more inexpensive option of the newer Trezor wallets and "login PIN" as an optional alternative to a password that also works, seems to be the best option (that I have seen so far).

The more recently released Trezor wallets are still new, and Yubikey 5C will probably be used in many places anyway just because of the keyring and no need for the usb-c cable.

[whatevaa]

Absolutely. You are an exception. Get your head outside and look around you instead of assuming.

[wkat4242]

Every phone has it these days. Doesn't seem to be a big deterrent? Laptops also need a password to log in.

In fact in many cases a preboot password is safer. Because the comms between the TPM and the OS can often be sniffed. And if the TPM doesn't need validation because it hands off its keys, it can be bypassed that way.

Again not really something that consumers have to worry about, but it's not quite difficult anymore to pull this off.

[andrewaylett]

The phones are using their TPM equivalent to do it securely, though -- there's not nearly enough entropy in a lock screen to provide robust security, but the boot-time unlock depends on both the screen lock and the hardware, and the hardware will rate limit attempts to use it to turn lock screen inputs into usable encryption keys.

[HeatrayEnjoyer]

TPM 2.0 uses encrypted bus. TPMs are also often built into the CPU

[alerighi]

The vast majority of users neither have a password on their computer, or if they have it it's a stupid one (like their name, their birthday, etc) or they have it written on a post-it that is attached on the monitor itself. Why do they need a TPM? Most of the time I setup a computer for a friend or family member they ask me to remove the password since they don't want to remember it.

Vast majority of users neither have that much important data to steal on their computer at all, just some family photos, some movies downloaded from the internet, there is the case of credentials saved in the browser, but the most important stuff (such as banking sites) nowadays requires a multiple factor authentication (such as password + OTP on your phone) to do any operation.

[p_ing]

Why do they need a firewall? Why do they need ACLs?

Let's just go back to single-user operating systems with exFAT drives.

If an individual expressly defeats the point of any particular security mechanism, that's on them. But to paint this broad brush of "I know someone who does X which makes Y pointless, so Y must be meaningless for everyone else" is silly.

[p_ing]

> The vast majority of users aren't going to have their laptop stolen at all

The vast majority of homeowners aren't going to have a house fire. The vast majority of drivers aren't going to have an accident. Etc. etc. etc.

It's insurance.

> The current recommendation seems to be against SMS 2FA because the security of SMS really is that bad, so if you need 2FA, use an authenticator app or similar.

This is correct. But SMS 2FA is better than no 2FA. The attacks you speak of are targeted attacks, where the victim and phone number are known.

> Any snake oil can be painted as defense-in-depth.

It's not snake oil, however.

[hansvm]

> SMS 2FA is better than no 2FA

Depending on the implementation it's occasionally more secure. For me it's never "better."

A significant fraction of banks, retirement accounts, financial web services, ..., can fully reset your password using just the SMS "2FA," sometimes most also requiring an e-mail verification. That turns the device into a single factor much weaker than a password (making physical attacks -- ex-lovers, nosy houseguests, ... much easier). There are a variety of easy methods for taking over a phone number temporarily or permanently for <$15, so for the ones without e-mails it's literally just a cost/benefit analysis for a crook.

Knowing how often SMS 2FA gets screwed up, I'd strongly prefer to avoid services offering it (especially those requiring it) even if there were no other downsides. Toss in the inconvenience of having to drive into town (many rural places I've lived), find a point of higher ground (many taller cities I've visited), or whatever just to get cell service, and the whole concept is a nightmare.

And so on. It's painful to use, usually much less secure, and rarely meaningfully more secure.

[AnthonyMouse]

> It's insurance.

It's rubbish. The circumstances that would make it even theoretically useful are rare and in practice it doesn't even work then. There is no reason to pay good money so you can be insured against alien abductions under a policy whose terms won't pay out even if you somehow actually get abducted by aliens.

> This is correct. But SMS 2FA is better than no 2FA.

The alternatives to SMS 2FA don't just include no 2FA, they also include any of the better 2FA alternatives to SMS.

Choosing SMS is like saying we should all bottle our urine in case we need something to drink later. There's juice and soda in the fridge and a tap full of water right over there, don't be crazy.

> The attacks you speak of are targeted attacks, where the victim and phone number are known.

How do you mean? Anyone who can snoop SMS gets a list of usernames and passwords from a data breach, tries them all against a hundred services, when that user exists on that service the service says "we sent SMS to your phone number at xxx-xxx-4578" so the attacker looks for any SMS code to any phone number ending in 4578 in the last ten seconds. Even if they don't have the phone number from the data breach, most commonly there is only one matching message, if there are two or three they just try all of them, and now they've compromised thousands of accounts on a hundred services because SMS is such rubbish.

On top of that, the targeted attacks also work against SMS. If you know the target's phone number you don't need to be able to capture every SMS to compromise them using SIM swapping or any of the other numerous vulnerabilities SMS 2FA is susceptible to.

> It's not snake oil, however.

It's a proposed solution with negligible or negative benefits over known alternatives. That's snake oil.

[cma]

> The vast majority of users aren't going to have their laptop stolen at all, if they do it will 99% of the time be by someone who only wants to wipe it and fence it, and attempts to access data are most likely to be by unsophisticated family members who would be defeated by a simple password without any TPM.

I've only met one person who's phone was stolen. They grabbed it while it was unlocked and within minutes after began scamming all the person's Instagram and other contacts asking for quick money for an emergency.

[mike_hearn]

That's how it works now exactly because hardware security ("DRM") on phones is so good that grabbing phones whilst unlocked is the only way to beat it. For most of the history of phones, they would be pickpocketed or taken from bags, luggage, hotel rooms etc without you ever seeing the thief.

This is a huge upgrade, and nothing to sniff at. I also had someone try to grab my phone out of my hand and run off whilst walking on the streets in France. Unfortunately for him I can run extremely fast. Once he saw I was catching up and about to beat the crap out of him, he gently placed the phone on the road whilst running and gave it back to me. Before phone security got really good a guy like that would have been using the sneaky approach and then visiting a back room in a phone shop to reflash all the hardware IDs, but secure boots and the mobile security chips have got good enough that this is no longer feasible.

[cma]

Depends which is more valuable, the phone or the potential scams. With no hardware security you'd just have a standard USB stick to root it and get the same access to the logins and contacts, or you'd take it right to an underground shop that did. And you could sell the hardware on top of that, making theft that much better.

[razakel]

At least they weren't logged into their banking apps.

[adgjlsfhk1]

imo sms 2fa is great since it is sufficient to stop automatic mass account stealing.

[AnthonyMouse]

So is an authenticator app.

Also, SMS isn't, because attackers often get access to the SMS network itself (see e.g. Salt Typhoon) in which case they can do automatic mass account stealing because they can see all the totally unencrypted SMS codes.

The security of SMS really is that bad.

[oyashirochama]

Not to mention LTT showed the ability to spoof and steal SMS directly, on specific targets using the international phone system trust, something that is effectively impossible to block due to the inherient trust built into cell companies at the moment.

[dataflow]

> attackers often get access to the SMS network itself (see e.g. Salt Typhoon)

"Often"?

[andy81]

Bit of an understatement, should be "always have access" if state attackers are included in the threat model.

[devops99]

> vs. FDE with a boot key stored in some cloud service secured with the user's password instead of a TPM

Without secure boot (backed by TPM), I can boot a small USB device that has LEDs on it to indicate to me that the target system has been infected to send me a copy of the target's password, after I already imaged the disk (or when I have another team member steal it or take it by force later).

If there's a UEFI password to access UEFI settings, I can reset it in under 20 minutes with physical access. Some tamper-evident tape on the laptop casing may stop me if I haven't already had a resource intrude into the target's home/office to have some replacement tamper-evident sticker material ready. Very very few places, even some really smart ones, make use tamper-evident material. Glitter+glue tamper-evident seals are something I can't spoof though.

It's not that hard to get into a hotel room. Often enough if a business books a hotel for you it's because they want access to your laptop while you're at lunch with another employee who so kindly suggests to leave your backpack in the hotel room.

disclaimer: all above is fictional and for educational and entertainment purposes only

[AnthonyMouse]

> Without secure boot (backed by TPM), I can boot a small USB device that has LEDs on it to indicate to me that the target system has been infected to send me a copy of the target's password, after I already imaged the disk (or when I have another team member steal it or take it by force later).

Which is the same thing that happens with secure boot, because they just steal the whole device and leave you one that looks the same to enter your password into so it will send it to them.

Meanwhile if you're using tamper-evident materials then you don't need secure boot, because then they can't undetectably remove the cover to get physical access to remove your UEFI password or image the machine.

[devops99]

Thank you for prompting attention to the switcheroo.

This angle of attack is generally unheard of, but should be considered. I can think of some mitigations that can work.

Tamper-evident materials are well-known by the crowds that will target users. There are many criminals among us, so many that those who don't have criminal psychology have a hard time wrapping their mind around it. Given this, I am cynical, and every defense within reasonable cost should be leveraged.

[coppsilgold]

> The vast majority of users aren't going to have their laptop stolen by the CIA/NSA and have their DIMMs popped and cryofreezed.

If you happen to have a Pro variant of Ryzen (there may be some Intel variants as well) then you can enable RAM encryption. The RAM will be encrypted with an ephemeral AES key on boot.

[nfriedly]

In my experience, FDE (Full Disk Encryption) is more of a hindrance than help to average users.

It just means that when something goes wrong, such as a forgotten password or a botched update, their data that would have otherwise been recoverable is now lost forever.

I'm not sure I know anyone who's had a computer stolen, but I know lots of people who have lost data.

Edit: I do know one person who had a computer stolen. It was a work laptop while they were in SF, and I'll concede that FDE probably does make more sense on a work-related computer. I was only arguing that it's more of a hindrance on personal devices that mostly stay in the owners home.

[xyzzy_plugh]

I know of at least 10 instances of a company laptop being stolen. From the back of a car, from a coffee shop, from a hotel room, etc. It happens.

Knowing any data on it cannot be recovered by malicious actors can be very reassuring.

[kd913]

Surely this is an issue for there not being an easy mechanism for backing up?

The proper solution should be secure by design and user friendly. We shouldn’t compromise the former for the latter.

[p_ing]

> It just means that when something goes wrong, such as a forgotten password or a botched update, their data that would have otherwise been recoverable is now lost forever.

Not at all. You can get your recovery key back via a few different means (for 11 Home, OneDrive/printed/PDF, for enterprises, various ways) and boot into the Windows Recovery Mode environment to perform the same repair options one would have without BitLocker in place.

[n144q]

> I'm not sure I know anyone who's had a computer stolen, but I know lots of people who have lost data.

That's exactly where you got your priorities wrong.

Yes there is a tradeoff. But backing up your data is easy (especially in a corporate environment), while security is hard.

And computers do get stolen a lot all the time, just not in your circle.

[sidewndr46]

What is the argument here about the CIA / NSA or any other US Federal 3 letter agency? If your device is secured via TPM or some other scheme that relies on an industry to secure your device they aren't going to be doing "DIMM popping". They are just going to get the master keys from whomever issued them and use that bypass whatever they need to on the device.

[p_ing]

You're missing the forest.

The point being is that Microsoft's implementation on Win 11 Home ("device encryption", aka unconfigurable BitLocker) is sufficient for nearly all of their user base. If you're a target of a 3-letter agency, additional security measures are required.

[a1o]

https://xkcd.com/538/

[devops99]

I agree. TPM defends against the most likely threat that typical users are facing. And, where users that are individually targeted, the theft/robbery will more often than not be designed to appear "random".

Because TPM sniffers are now at a material cost of about $15 and can be acquired for a price at under $200, more than a TPM is needed for data encryption, especially for users like a CEO. This is why a firm I used to work for encrypted the key that could unlock user data with both TPM plus Yubikey.

[soerxpso]

Microsoft doesn't sell hardware. Why would they be incentivized to make you buy new hardware? Unless you're alleging that their hardware partners pushed for it, in which case there would likely be logs of communications that are pretty illegal.

[__MatrixMan__]

There's a bit of a gold rush on to be in control of all of a user's auth, and TPMs are a precondition to maintaining that control.

The passkey protocol (i.e. webauthn) has an "attestation object" field which organizations like Microsoft can use to pass extra details about the authenticated users to the authenticating service. Which details will likely depend on that service's relationship with Microsoft. Unlike most channels between these parties, it's expected to be secured via TPM thereby excluding others (e.g. the user, or any pesky researchers) from the conversation.

It's pretty obvious from the recent design choices re: Windows that Microsoft is keen on monetizing user data--and who, in that business, wouldn't like a way to do it exclusively? i.e. to control a channel which neither the user nor your competitors can tamper with.

So they'd be incentivized to make you buy new hardware because new hardware allows them to bind your advertiser id to actual identity much more closely than is possible without that hardware (e.g. via cookies and IP addresses). The sale of details about your actual identity to organizations who only know you by your advertiser id is big business. The TPM helps them protect that business against competitors who don't have such low-level control over your device (Google, Meta, etc).

[BeefWellington]

Microsoft does sell operating systems (and user data from those operating systems). Those operating systems are typically bundled / installed by default on computers.

It's in their best interests to have everyone using the "latest and greatest" for those features that weren't present (at least to the same extent) in prior versions.

[tedunangst]

This is rather contradictory. There's way less friction to selling Windows 11 licenses to existing hardware owners. Requiring a new PC only means fewer people will be running 11.

[baby_souffle]

> This is rather contradictory.

Not necessarily. I'd bet that the fraction of $ microsoft makes from selling windows licenses _retail_ is a rounding error away from zero compared to what they get selling bulk/volume licenses to corporate / OEM.

It's in microsoft's interest to make sure that dell/hp/lenovo ... etc have reasons to keep buying licenses to put on the new computers they're selling.

I suspect that TPM is about making the PC less open than it traditionally has been. For the majority of people on this site, that's going to cause a deathly-allergic reaction. For the majority of the population, there's some security advantages to having windows manage device security from POST.

[p_ing]

> Not necessarily. I'd bet that the fraction of $ microsoft makes from selling windows licenses _retail_ is a rounding error away from zero compared to what they get selling bulk/volume licenses to corporate / OEM.

Corporate customers already have a VLK which will cover Windows 11 [Pro/Enterprise]. The hardware is the only cost for VLK customers -- Windows licensing is already covered under the existing Enterprise Agreement. EAs often have current version and current version - 1 covered, thus a VLK will entitle one to both Windows 10 and 11 as of today.

It would be odd to think that corporate customers haven't been using BitLocker w/ TPM since at least Windows 7, if not Vista. FDE has been a Corporate Security Checkmark(TM) since it became available.

> I suspect that TPM is about making the PC less open than it traditionally has been.

By traditionally, do you mean prior to 2006 as that is when we first saw and started using TPMs?

[jay_kyburz]

I also discovered a few years ago that OEM licenses can't be transferred to another device.

[crtasm]

I'm not sure that a large % of people would pay for a Windows upgrade - most seem to see it as part of the computer they bought.

[BeefWellington]

Not really. The get a cut on both ends, really. If they make you upgrade to keep using up to date Windows because of claimed security issues, they get additional sales they possibly wouldn't have otherwise.

I suspect Microsoft has numbers which suggest people rarely upgrade their OSes anymore; they're more likely to upgrade their hardware. Enthusiasts still will do whatever but these changes aren't targeting or caring about enthusiasts.

[timewizard]

Microsoft makes Xbox and the Surface. They are one of the largest consumer hardware manufacturers in the space.

Anyways Microsoft was clearly very irritated when everyone wanted to stick with Windows 7, perceiving that Windows 8 was worse in every way, and that Windows 10 wasn't a significant enough upgrade to justify the effort especially considering all the added telemetry they added to the product.

It's very reasonable, given this, that they would seek to force the upgrade cycle to occur where it clearly otherwise might not.

[jsnell]

> It's very reasonable, given this, that they would seek to force the upgrade cycle to occur where it clearly otherwise might not.

How is restricting which machines can run Windows 11 "forcing an upgrade cycle" on the software? It's clearly doing the opposite, by making Windows 11 upgrades less likely.

The real motivation people have for upgrading to Windows 11 is Windows 10 going out of support. And the EOL date is totally orthogonal to the TPM requirement.

[timewizard]

On the consumer front, sure, but there are large contractual buyers who have requirements for TPM presence and several software policy systems can enforce it.

[0xbadcafebee]

The OS requires minimum hardware. To force users to upgrade their OS, discontinue the old OS, and make a new OS version, which has greater minimum hardware requirements. Now the user is buying your software again.

They're also buying new hardware which benefits the PC maker. It's a mutually beneficial relationship that forces the user to both buy the software again, and buy new hardware. (You do pay for Windows when you buy a PC, it's a cost the manufacturer absorbs. You can often receive a discount when you order a new PC by not including Windows with it.)

[sidewndr46]

From my experience it's actually the opposite. The PC is sold with Windows on it, purchased by the OEM. The OEM then loads crapware on the new PC before delivery because crapware companies pay the OEM to load crapware. As a result, it'd actually cost more to buy the device without Windows.

I've only ever seen one piece of x86 hardware that was sold with or without Windows in my lifetime. It was $15 cheaper at the time to buy the Windows version and install Ubuntu myself.

[quikthrowaway]

They don't sell hardware, but they get paid when their hardware partners sell you a new laptop with Windows on it.

[jsnell]

Ok, so the theory is that Microsoft is after the revenue from Windows 11 licenses? And the way they're achieving this is by forcing people who want to upgrade from Windows 10 to buy a new machine rather than install Windows 11 on their existing machines? If that was the motivation, there's a far more direct option available. Just charge for the upgrade.

For this theory to work, it would have to be that there's a significant population that a) wants to run Windows 11 instead of Windows 10; b) will buy a new computer to do that; c) would not pay the price of an OEM license for a version upgrade.

[wtallis]

> If that was the motivation, there's a far more direct option available. Just charge for the upgrade.

That's a far more direct option, which also largely doesn't work. Corporate IT doesn't like doing in-place major OS upgrades. Consumers just plain won't, unless it's free and easy.

[jsnell]

Sure, let's say that's true. The obvious implication is that these users actually don't care about whether they're running Windows 11 or not, and thus the Windows 11 TPM requirement is utterly irrelevant in their decision to buy a new computer.

I don't see how this supports the theory that this is all about revenue from Windows OEM licenses from forced hardware upgrades.

[WorldMaker]

The theory, as I understand it, is that the wider ecosystem of OEMs is better at selling new hardware than Microsoft alone is at selling Windows upgrades. The users don't care what makes new hardware "new hardware", just that a dozen different companies are telling them that "new hardware" is exciting to buy for the holidays and "more secure" and "better". The TPM requirement on paper is an easy shibboleth for "more secure", so an easy thing to sell through the multi-channel telephone game of OEMs to ad companies to retail stores to mainstream zeitgeist. They don't have to just take Microsoft's word that Windows 11 is "better", they have "word on the street" and their pal who works "Geek Squad" at Best Buy and all those HP commercials on TV telling them they need a new Windows 11 machine for "more secure" hardware.

(I think it is gross that this is how Microsoft and the PC OEMs think is the best way to increase revenue together, but I think there's enough evidence that this theory is relatively accurate portrait of one of the factors for why Windows 11 is the way that it is.)

[ricktdotorg]

> Sure, let's say that's true. The obvious implication is that these users actually don't care about whether they're running Windows 11 or not, and thus the Windows 11 TPM requirement is utterly irrelevant in their decision to buy a new computer. > I don't see how this supports the theory that this is all about revenue from Windows OEM licenses from forced hardware upgrades.

what on earth makes you think that "what the users actually don't [or do care about]" has any affect on what corporate IT does with their users' devices?

do you think corporate IT is going to say "oh ok" when a user says "i don't want to upgrade to Windows 11 or a laptop that has TPM"

c'mon. lol.

[santoshalper]

They do sell some PCs, but their market share is very low, and I can't imagine it's a significant part of their revenue. They definitely wouldn't bother slowing down Windows 11 adoption to sell a few more Surface Books.

[jasomill]

About 1.9% ($4.706 billion) of Microsoft's FY 2024 revenue was from devices "including Surface, HoloLens, and PC accessories" (and not including Xbox hardware).

About 9.5% ($23.244 billion) was from Windows "including Windows OEM licensing and other non-volume licensing of the Windows operating system; Windows Commercial, comprising volume licensing of the Windows operating system, Windows cloud services, and other Windows commercial offerings; patent licensing; and Windows Internet of Things."

Compared to FY 2023, devices revenue decreased 15% and Windows revenue increased 8%.

Source: https://www.microsoft.com/investor/reports/ar24/

[mike_hearn]

I don't think it's illegal for hardware partners to ask Microsoft to give users reasons to buy new hardware. And of course they do this, they always have. The Wintel alliance has always been a symbiotic relationship between Microsoft and the hardware OEMs:

- Hardware guys make cool new hardware that incentivizes PC sales.

- Windows guys add driver and OS support in a timely manner so apps can utilize it easily.

And sometimes the other way around:

- Windows guys add some cool new feature that incentivizes PC sales.

- Hardware guys drive down component costs to compensate for the OS getting bigger and slower.

The problem for the PC industry is that in the last ~15 years or so this virtuous circle has broken down. Outside of Apple the hardware guys stopped coming up with cool new features that would shift units outside of gaming GPU upgrades, and gaming has anyway been dominated by consoles for a long time exactly because they have hardware DRM that works so game developers prefer it (also gamers when they want multiplayer without wallhackers). Intel struggled and AMD didn't really pick up the slack in any major way. Even Apple has struggled here - other than their proprietary CPU designs and rolling back some Ive-isms by adding more ports again, a modern MacBook isn't substantially different than the models they were selling years ago.

So that leaves the software guys to drive sales. Unfortunately for the PC OEMs Microsoft has well and truly run out of steam here. Their best people all left the Windows team years ago, and Windows isn't even a top level division anymore, being weirdly split between the Office and Azure teams.

A big part of the stagnation is driven by the web. Nobody writes Windows apps anymore except games, so there's no progress to be had by adding new Windows APIs outside of DirectX. Meanwhile the web guys are shooting the PC industry in the face with a policy of never adding features unless it's supported on every piece of hardware from every vendor, more or less, which makes competitive differentiation impossible, so nobody even tries anymore. There is no web equivalent of a driver since the Netscape plugin API was killed. They also move incredibly slowly due to the desire to sandbox everything. In the 90s the success of Windows was driven by some wizard-level hackers but as PC hardware matured clever tricks stopped being an important differentiator, and monopoly profits made them fat and lazy. It's clear that Nadella has zero confidence in the Windows org(s) ability to execute, hence why in the post-Ballmer years the rest of Microsoft has systematically divorced itself from them.

So - no hardware innovation thanks to the web, no major CPU upgrades thanks to Intel/AMD, no software innovation thanks to Microsoft. The PC industry is stagnant and desperate. What have they got left? Well, they have TPMs (really, TPM v2 because TPM v1 was kinda botched). And Windows doesn't really need it, but if Microsoft ties Windows upgrades to TPMv2 they can use the treadmill of security/support expiring on Win10 to drive one last round of hardware replacements that can give the industry an injection of revenue that can then maybe be spent on finding new hardware features to drive upgrades, seeing as Microsoft can no longer do it.

There's nothing illegal in any of this - nobody is price setting and it's not much different to prior eras when new Windows versions required more RAM.

[doctorpangloss]

File deduplication would reduce disk space usage by 40% on a typical consumer laptop, and works well in Windows Server. The reason it is not enabled in client windows is because storage sells.

[pjmlp]

Yes they do, XBox and Surface devices.

[Kwpolska]

Xbox is irrelevant to TPM in Windows 11 (as are Microsoft keyboards and mice). Surface has a fairly small market share.

[pjmlp]

On the contrary, Windows 11 TPM requirements and Pluton security processor were originally designed for the XBox and piracy protection.

The size of market share is irrelevant, doesn't change the hard fact that Microsoft does indeed produce hardware.

[Hilift]

Strategies change over time, including Microsoft's. TPM was previously envisioned as a broader physical storage for secrets, such as virtual smart cards. Microsoft no longer likes virtual smart cards, but TPM is still used for storing data for measured boot attestation. Also, at the time Microsoft was attempting to broaden support for TPM where it is restricted, such as China, which does not allow foreign TPM chips.

https://learn.microsoft.com/en-us/windows/security/hardware-...

[everdrive]

I'm embarrassed to admit that I don't actually understand what a TPM does. My vague and probably incorrect impression is that it performs some sort of encrypted verification of firmware or hardware modules? Can anyone expand on what this does? My impression would be that this is not useful for most users, and would be much of a concern in industrial espionage situations. I have no confidence that I'm correct here.

[rtkwe]

It's a secure storage spot for crypto keys and performing crypto operations for things like bitlocker and validating device or OSs for secure boot. If you know of the Apple Secure Enclave it's a more generic version of that, a place where even the device vendor (in theory, who knows what techniques the secret squirrels of the world have hidden away) cannot extract the actual key material from only request operations performed using that info.

That's my understanding at least.

[Ajedi32]

The simplest and most obvious use-case is allowing you to encrypt your hard drive using a key stored in tamper-resistant hardware rather than having to rely on the user to select a passphrase complex enough to resist offline brute force attacks.

[everdrive]

Oh, that's interesting. So in the TPM case, I could not have a password to have an encrypted volume? And if I removed that hard drive from the computer, there would be no way to recover it? But from the user's perspective, it would be transparent and they might not even know it's encrypted?

[Ajedi32]

Yes, that's very common. In Windows 11 Pro (not sure about other editions) you can enable BitLocker and turn on auto unlock with no PIN. Though if someone steals the whole PC I'm not sure how effective that is. With a PIN set the TPM will enforce rate limiting to prevent brute force attacks, which should be more effective in that scenario. Most modern phones do something similar: user data is encrypted with a TPM key accessed using your lock screen code on boot-up.

[p_ing]

Here is how Windows uses the TPM. Most of this is targeted at enterprises.

https://learn.microsoft.com/en-us/windows/security/hardware-...

[db48x]

It’s just a little cpu and some nonvolatile memory running a program. You can send it messages, and it will send back replies, but you cannot control which program is running on it. Of course this is vague enough that it could implement almost anything you want.

What makes it a TPM is the protocol it answers to. The TPM has a hardware RNG, and you can just ask it for some random numbers. That’s very simple. You can have it create encryption keys for you, since those are primarily just random numbers. You can ask it to _store_ a key for you, to be released to anyone who asks for it provided the TPM is in a certain state. What is this state? This is the really interesting part of the TPM.

The TPM has a number of registers that start off empty when the computer boots. At any point any program running on the computer can send a message to the TPM that asks it to incorporate an input into one of these registers. The input is a number, and the new value of the register is basically just the hash of the current value of the register and the new input.

If the BIOS/UEFI computes a hash of its own code plus the bootloader’s code and measures that into a register on the TPM then the bootloader could check the TPM to make sure that it hasn’t been tampered with before it boots. It’s easier though if the bootloader hashes the kernel (and the kernel command line) that it’s going to run and measures that into the same register. The kernel can then hash the initial ram disk and measure that in. At each step of the process we can measure the next important part of the OS and incorporate its value into the same register and at the very end we will have a number. If that number is the same every time we boot up the computer then we know that the computer and the software have not been tampered with. We can even send that number off over the network as part of a Remote Attestation protocol. You might have all the laptops you supply to your employees do this so that you can know that they haven’t been tampered with. Or all of your cloud instances could do this for the same reason. (Of course the exact number that the TPM ends up storing changes after every OS upgrade, and you need to have some way of knowing what numbers to expect, so this is a fair amount of work.) Remote Attestation is not really of any use to the average consumer, but reliably detecting a hacked OS would be.

Going back to encryption keys, you could store the encryption key for your home directory in the TPM, locked to a specific value of a specific register. You would then not be able to unlock your home directory if the computer has been tampered with. An attacker who boots off of a USB drive can’t possibly arrange for the same value to end up in the TPM, even assuming that they know what value is required. It will do them no good to take the encrypted disk out of the computer and put it in another one, because the key doesn’t go with it. Rubber hose cryptography isn’t useful either, even if there is also a password for your account. This should be quite valuable to many, if perhaps not all, users.

[everdrive]

This was a really useful explanation, thank you.

[db48x]

You’re welcome.

[michaelt]

The TPM is a great thing, from Microsoft's perspective.

Because Microsoft have the Secure Boot code signing keys. And none of their users expect a "free software philosophy" that lets them use their own modified kernel, or DKMS to build new copies of kernel modules on demand - so you don't have to make users jump through any "machine owner key" hoops.

And a lot of your customers are big corporations who barely trust their own employees - and inexperienced users for whom forgotten passwords and suchlike are a big problem.

With the TPM, that corporation's shared PC at the reception desk can have an encrypted disk without all the receptionists needing to know the password, only their own passwords.

With the TPM you can remotely force a reboot to install updates, and the computer will fully boot afterwards - not get stuck at a disk encryption prompt. Ideal if your corporate work-from-home policy is for employees to remote desktop on a PC under their desk.

With the TPM, the PC can boot, unlock the disk and join wifi before any passwords have been entered - so a corporation's employees only need to remember their windows password, and if they forget it, helpdesk can reset it remotely. It's great for the user too, who doesn't lose their non-backed-up data.

With the TPM you can have a short, weak passcode to unlock your PC, without worrying about brute force attacks. That's great if you want a cell-phone-style experience - or if you find long passwords an inconvenience, rather than a badge of honour.

With the TPM a corporation can give a laptop to a service engineer, who'd really like to install some games to play when he's stuck in a hotel over night for a service call, and who has unsupervised physical access - secure in the knowledge it's very difficult for them to install unapproved software.

For a corporation that wants hardware-bound keys, the TPM is superior to things like Yubikeys, precisely because of its inflexibility. Why give people a second factor that keeps working when they move PCs and that's compatible with different platforms, if you never want them to move PCs or change platforms without going through you?

It just so happens that the majority of these only benefit large corporations and forgetful users, while most Linux users are quite happy remembering long unique disk encryption passwords thanks very much.

[dingnuts]

> while most Linux users are quite happy remembering long unique disk encryption passwords thanks very much.

Which brings something up: how do you get back in if you suffer a traumatic brain injury or something like that? I feel like a lot of software assumes the operator can do things like remember unique passwords for a long time.

Sure, I can do that NOW, but will I still be able to in my seventies?

[michaelt]

Well, you could write down your password and give it to a trusted friend, a lawyer, or whatever so people can get into your documents if the worst should ever happen.

Personally I choose not to do that. My girlfriend sent those nude photos to me, not to my heirs or the executor of my estate. It's impossible to "get back in" without the password, and that's how it's meant to be. Of course if you've got no sexy photos, and lots of treasured photos of your family growing up, you might feel differently!

[p_ing]

> TPM is superior to things like Yubikeys, precisely because of its inflexibility

TPM also offers PIN or Password options. It is flexible.

[michaelt]

Yubikeys offer PINs and passwords, a physical user presence button, finger print sensors, NFC, and you can use one key on different PCs, you can deal with PC hardware failures by moving the key and deal with key failures with a backup key, and and it's compatible with Windows, Linux, OS X, Android and iPhone.

So they're a heck of a lot more flexible.

But in a corporate environment, you might not give a shit about Linux support, and you might think it's better if the user can't unplug the key and plug it into another PC, because corporate workers should only connect to corporate systems with their corporate-issued laptops, and corporate helpdesk will sort out any hardware problems.

[m463]

Microsoft is just trying to match features with apple which does the sorts of things with the T2 chip. Home users probably don't care that much, but corporate users do.

That said, the root of all DRM is not the TPM or the GPU or whatever... it is hollywood.

[p_ing]

You mean Apple matched features with Microsoft.

Devices with dTPM were released in 2006. BitLocker leveraging dTPM released with Windows Vista. Corporations have been using BitLocker w/ TPM for nearly two decades at this point.

[zamadatix]

You're referring to first usage but I think the above is about first guarantee of what ALL products in the platform will have. Corporate purchases or BYOD, you can assume an Apple product has a reasonably secure way of storing the user's VPN key or whatever.

[bitwize]

I'm convinced Microsoft is prepping to make Windows as locked down as the Xbox, so that they can have final approval over apps that run on the platform and skim the top off app sales.

Apple has shown that the game console model can work for non-gaming software, and Microsoft wants in on that third-party app cheddar.

[red_admiral]

My guess is that the b2b sales of Windows outnumber b2c, if not in volume then certainly in revenue.

Suddenly, enforcing company security policies centrally without the client (laptop) being able to change then and still attest to connect to the corporate VPN, becomes a feature.

After all, it's not your computer, it's the company's.

I think inTune already uses the TPM for that kind of stuff, so "install this before we let you into outlook web, and also we'll check you're not a year behind with windows updates" is a thing.

[iforgotpassword]

But then you can already use tpm as a business. No need to force it upon end users.

[Rohansi]

Requiring TPM can actually benefit multiplayer video games because it introduces a secure way to identify hardware being used by cheaters. Right now everything being used by games is easily spoofed by cheats so cheaters just need to get a new account to continue cheating after being banned.

[watermelon0]

Such restrictions usually mean that you can't play games via Windows VM or on Linux directly.

Additionally, there are cheats using video capture cards, which cannot practically be prevented.

[Rohansi]

Anti-cheat software is usually blocking playing in VMs or on Linux anyway.

Some monitors [1] have cheats like that built in now, too. They are much more limited than what cheats do today because they only have access to information visible on your screen (can't see other players through walls).

[1] https://www.tomshardware.com/monitors/msis-ai-powered-gaming...

[bjoli]

Wait what? I don't game, so this is new to me. Do you have more info? That seems pretty cool.

[botanical76]

There are cheats that give you more information than you should have. These typically require access to the game process's memory space.

If you're cheating with a video capture card, this likely means you're allowing a program to rewrite your inputs to more accurately target player models. You will likely be banned if you do this on the same machine via screen capture. A video capture card can process the information on a separate computer, e.g. location of enemies by searching for specific colours, then write into a virtual USB mouse on the gaming rig to keep the player's crosshair on the enemy model. I'm not sure about specifics, but this kind of cheat is almost undetectable; it is only really mitigated by the cost and effort involved to do it.

Players can add additional mitigations on top of this, like only activating aim assist while the shoot button is pressed, to make it entirely undetectable.

[HeatrayEnjoyer]

Video capture cards can be countered with encrypted video from GPU to monitor. That's why you can't screencap 4k Disney+ movies.

[alex7734]

Encrypted monitors can be countered by a high quality video camera mounted on a tripod behind your chair or on a wall or ceiling

Expensive, yes, but at that point you're already spending real money on a second computer with a GPU to do computer vision on the game video stream, so...

[watermelon0]

HDFury devices allow stripping of HDCP 2.2, and vast majority of users currently don't have HDCP 2.3 compatible monitors/TVs, so that's not an option yet.

[jasomill]

While I have no idea how (or even if) it's being used, League of Legends requires TPM 2.0 to be present and enabled on Windows 11 PCs:

https://support-leagueoflegends.riotgames.com/hc/en-us/artic...

[__MatrixMan__]

Anti-cheat is a lousy cover for something that's going to be much more lucrative when used to correlate the accounts of journalists and whistleblowers such that they can be silenced. It's censorship tech.

[devops99]

This here is a stronger motivator than any other motivator mentioned in all other comments posted. And "journalist" will include anyone who has the "wrong" memes on their machine.

[blibble]

then you just sit on the unencrypted pci bus and sniff the interesting stuff out of it

(e.g. display lists)

already some hacks doing this

[Rohansi]

Anti-cheats are already detecting DMA devices like this.

[blibble]

this doesn't require DMA, just pcie sniffing/proxing

I don't see how you can detect it if it's done properly

[BlueTemplar]

This only matters for a tiny minority of video games, and even a small minority of multiplayer video games : for instance this is not going to be something I'm worried about if I play couch co-op / split screen multiplayer with friends only.

[elorant]

Whatever their motivation is, disabling TPM from Bios is the safest way to avoid upgrading to Win11.

[santoshalper]

If you're going to run Windows 11 anyway, why would Microsoft care if you do it on a new or older PC?

[z3phyr]

Most of the people using Microsoft have OEM licence. When people buy new hardware, people are buying a new license of Windows as well.

[jasomill]

Customers are typically unhappy when Microsoft refuses to fix critical bugs that only arise when running Windows on older hardware.

To the average user, "Windows installs without error and hardware appears to work" = "Microsoft supports running Windows on this hardware", even if the hardware is EOL and requires drivers that haven't been updated since Windows Vista.

[quikthrowaway]

Windows 10 to Windows 11 upgrades are free. You know what's not free? The Windows license on a brand new computer if it's bundled with Windows. And here's a friendly reminder that the vast majority of users don't know how to build their own computer and install an operating system, even if it truly has been made extremely simple nowadays.

[sidewndr46]

I'm relatively certain one of the motivations is to avoid people using Windows on virtualization without their consent.

[2OEH8eoCRo0]

I thought it was to DRM media?

[andrewaylett]

As the article points out, the TPM is not in a good place, architecturally, to use for DRM: there's no path from the TPM to the screen that's not under OS (and thereby user) control.

[alex7734]

The whole point of TPM is that the OS is not under the user control anymore.

If you modify it thanks to remote attestation you can no longer prove that it is unmodified using the TPM.

[2OEH8eoCRo0]

Do they mean that no OS modification is necessary to read the decrypted media from memory?

[alex7734]

Currently, no. But once (undetectable) OS modification is no longer possible, making the undecrypted media unreadable is just a few API restrictions away.

In Android phones for example you cannot screenshot banking apps. And if you root (modify the OS of) your phone, banking apps refuse to work.

[andrewaylett]

However, for the question at hand, that's irrelevant: a better (for DRM) solution exists today, and they're already using it.

I'm not saying that the TPM is incapable of being abused by manufacturers and OS authors, but the FSF really weakens their argument when they predicate it on something that's not actually true. Ex falso quodlibet (you may prove anything if you rely on a falsehood).

[torginus]

hard disagree. All security requires a root of trust. If you don't have that, how can you ensure you're not running on a mailicious hypervisor, you've not loaded any bad drivers etc.

You can only guess, and badly at that.

Because we don't have it, that's why we get crap like kernel-level anti-cheat, various 'security' solutions made by companies of dubious reputation and technical ability, just because you refused to trust Microsoft.

And even if these companies are somehow not malicious, and can be trusted, they still often compromise the stability and security of the OS.

The amount of crap Riot's anti-cheat and Crowdstrike has caused is well documented.

It's the computer security equivalent of not trusting Big Pharma, and taking a random assortment of herbal medicine coming from god knows where, and containing god knows what.

[HeatrayEnjoyer]

Trusting microsoft is a deal breaker.

[BlueTemplar]

And trusting Microsoft is the equivalent of thinking the Earth is flat.

See, I can make insulting comparisons too...