Comment by CrossVR
3 days ago
I don't think selling more hardware is the primary motivation. The motivation is ensuring everyone has TPM 2.0 enabled on their device.
This allows Microsoft to protect parts of their software even from the user that owns the hardware it's running on. With TPM enabled you finally give up the last bit of control you had over the software running on your hardware.
Unbreakable DRM for software, such as for your $80 billion game business or your subscription office suite.
As a bonus, it prevents those pesky Windows API compatibility tools like Wine from working if the application is designed to expect signed and trusted Windows.
The mass exodus to Linux gaming is already causing a push back against kernel level anti-cheat.
People who 5 years ago didn't give a hoot about computing outside of running steam games are now actively discussing their favorite Linux distro and giving advice to friends and family about how to make the jump.
As much as I hope it to be mass exodus, and as someone who switched over to CachyOS as my main OS in Nov 2025, I'm not sure that 3% of the steam user base really qualifies as a 'mass' exodus.
https://www.notebookcheck.net/Linux-gaming-growth-SteamOS-sh...
Going back to my Windows install every now and then to do things feels uncomfortable. Almost like I'm sullying myself! The extent of Microsoft's intrusiveness kind of makes it feel like entering a poorly maintained public space...at least compared to my linux install.
I'm not sure that the majority of people feel this way about Windows 11. They just put up with it in the same way as they do YouTube ads, web browsing without ublock origin, social media dark patterns etc. But certainly, never been a better time I think to move to linux for my kind of user, i.e. the only mildly technologically adept.
10 replies →
Unfortunately Linux requires zero effter to create cheats on, might as well run no anti cheat. And the root stuff is overblown as user space programs can already read all your files and process memory of that user. How many bother with multiple users?
6 replies →
it will never be unbreakable, and only needs to be broken once
intel can't even get SGX to work
To the benefit of everyone backing up their media libraries.
Maybe instead Microsoft could allow Windows 11 to install and run on machines that are otherwise capable and just flash red screens at you all the time where otherwise ads would show up that constantly nag that "THIS COMPUTER IS FUCKING INSECURE!" or something. It would be equally as annoying but I'm sure running latest Windows 11 but with TPM 1.0 instead of TPM 2.0 will be more secure than running Windows 10 without bug fixes and security patches.
(But my understanding is there were other things like bumping minimum supported instruction sets that happened to mismatch a few CPUs that support the newer instruction sets but were shipped with chipsets using the older TPM)
We want to delete the fallback code paths... You'll just get failures from bitlocker instead of install failures, or windows hello failures, or ...
And clever people found out the way - https://www.tomshardware.com/how-to/bypass-windows-11-tpm-re...
Registry keys and autoattend.xml config keys are not clever people finding a way, it's people using stuff Microsoft put there to do just this for now. I.e. Windows 11 has not been strictly enforcing these yet, they are just "officially" requirements so when they eventually decide to enforce in a newer version (be it an 11 update or some other number) they'll then be able to say "well it's really been an official requirement for many years now, and over 99% of Windows 11 installs which has been the only supported OS for a while now are working that way" at that time. If they just went straight from Windows 10 to strictly enforced Windows 11 options it'd've been harder to defend.
Windows 12 will close the loophole: your CPU will require a signed code path from boot down to application level code. No option to disable Secure Boot or install your own keys. But there needs to be an installed base of secure hardware for this to happen, hence the TPM 2.0 requirements for Windows 11.
Since Windows 12 hasn't even been mentioned yet, I wouldn't worry about what you're describing at all.
You're missing the point, the TPM 2.0 requirement is there to drive adoption, not to actually prevent you from installing Windows 11.
Hardware key storage is a low level security primitive. Both Android and iOS have mandated it for far longer. It's a low level security primitive that enables a lot of scenarios, not just DRM.
For example - it's not possible to protect SSH keys from malware that achieves root without hardware storage. Only hardware storage can offer the "Unplug It" guarantee - that unplugging a compromised machine ends the compromise.
9front with factotum tells a different story.
If you want to protect keys you get a yubikey or something like that.
And if you want to play sound, you buy a sound card. Computers integrate components that approximately everybody needs. Hardware storage for keys is just the latest example
1 reply →
Ah yes Android and iOS, they have truly become bastions of user freedom since mandating secure enclaves. That really puts my worries to rest. /s
User freedom is not the only axis by which we judge operating systems.
2 replies →
> With TPM enabled you finally give up the last bit of control you had over the software running on your hardware.
The overwhelming majority of users never had any kind of control over the software running on their hardware, because they don’t know (and don’t want to know) how the magical thinking machine works. These people will benefit from a secure subsystem that the OS can entrust with private key material. I absolutely see your point, but this will improve the overall security of most people.
> The overwhelming majority of users never had any kind of control
Uninterested is vastly different than unable, especially when that majority is still latently "able" to use some software that a knowledgeable-minority creates to Help Do The Thing.
The corporate goal is to block anyone else from providing users that control if/when the situation becomes intolerable enough for the majority to desire it.
Most people don't move away from their state of residence either, but we should be very concerned if someone floats a law stating that you are not permitted to leave without prior approval.