If you were secretly hoping Microsoft would lower the system requirements for Windows 11 so you could upgrade your or your family’s Windows 10 machines to Windows 11, you’re going to be in for some bad news. In a blog post, Microsoft detailed that its most stringent Windows 11 requirement – the Trusted Platform Module (TPM) 2.0 – is here to stay and crucial to the future of Windows.
By instituting TPM 2.0 as a non-negotiable standard for the future of Windows, we elevate the security benchmark. It allows you and us to better align with the growing need for formidable data protection in the modern digital sphere.
[…]In conclusion, TPM 2.0 is not just a recommendation—it’s a necessity for maintaining a secure and future-proof IT environment with Windows 11. And it’s an important part of the larger Zero Trust strategy, alongside Secure Boot, Credential Guard, and Windows Hello for Business.
↫ Steven Hosking at the Windows IT Pro Blog
So no, if you had the hope Microsoft would lower Windows 11’s system requirements in the face of the oncoming end of support deadline for the 60% of Windows users still using Windows 10, your hope has just been dashed. A more likely outcome here is that as the deadline grows closer, Microsoft will extend the deadline by another year, and if needed another, because leaving 60% of users without security updates and little to no path to upgrade is not going to be a good look for the marketing and legal departments.
If you really do want to upgrade to Windows 11, there’s a few options. There’s the enterprise-focused Windows 11 LTSC 2024 release, which does not require a TPM 2.0, regarding it as an optional feature instead. On top of that, LTSC is much more bare-bones, shipping without much of the stuff many of us more nerdy users aren’t interested in anyway. The big downside is that getting your hands on a legal copy of LTSC will be difficult, as it’s only available to volume licensing customers, which you most likely are not. Of course, you shouldn’t give a shit about Microsoft’s rules, so you can always use unapproved methods of getting a license.
Another option is the one I took for my parts-bin Windows 11 PC which I only use for League of Legends: I bought a cheap TPM 2.0 module from eBay, slotted it into my motherboard, and was on my merry way. Due to League of Legends’ required rootkit, a TPM 2.0 module is needed, so a few euros and days waiting later, I was ready to go. Do make sure you get the right type of TPM 2.0 module for your motherboard, as they’re not universally compatible.
The final option is to use one of the few remaining ways to circumvent Windows 11’s system requirements, which are sadly dwindling with every major update. Right now that means using a tool like Flyby11, which uses the Windows Server installer to bypass Windows 11’s system requirements. We’ll have to wait and see for how long that trick remains possible.
TPM 2.0 is not the real problem with Windows 11, every laptop that has one of the “supported” CPUs that Windows 11 requires also has TPM 2.0 (since it was an OEM requirement for laptops shipping with Windows 10), and every desktop that shipped with Windows 10 has TPM emulation in the UEFI (which is something Windows 11 considers legit). AMD calls their UEFI-emulated TPM “fTPM” and Intel calls it “PPT”, so even that hardware TPM module was probably useless, Thom.
The real problem with Windows 11 is the CPU list. The fact my old laptop’s i7-4930MX doesn’t qualify while random Celeron and i3 garbage does is insane. It’s not even that old, it’s not like we are asking them to support Core 2 Duos or something.
Also, the the really infuriating thing is that Microsoft will offer 3 years of ESU for Windows 10, but non-corporate users will only be able to buy one year of ESU.
Neither of the two big blockers are ACTUAL requirements.
BitLocker, secure boot, etc. can work fine without having TPM at all, though yes there are obvious benefits to more secure key storage. Granted, that was (as acknowledged many places) very much secondary to platform lockdown that manufacturers still haven’t properly bought in on.
Core Isolation / Virtualization-Based Security can work with CPUs older than the 8th-gen Core series, but with greater performance penalty.
All in all, if Microsoft actually gave a single damn about the customers below the enterprise level (except as crash-test dummies for their enterprise customers) this would be pushed as “You could use new hardware to get these benefits” instead of “get it or go away.”
So Microsoft wants the Year of Linux Desktop that bad, huh?
Apparently so. Their unmitigated arrogance hasn’t hurt them too much so far.
The 4930MX is a 11.5 year old CPU… “not that old” … what are you talking about? Also have you paid attention to new CPUs? Heck even cheap 10th gen i3s have 4C8T, and massive IPC improvements etc and that’s already a FIVE year old CPU! And celeron has been killed off for years. It’s time to move on.
Honestly, I don’t expect Microsoft to extend the deadline, just issue some security updates for the worst problems, like they’ve done with SMB2 for Windows XP.
Upgrade to Linux is what some people are choosing, even gamers these days.
I saw Wine (thus Proton at some point and Steam) now has experimental Wayland support as well.
Unfortunately, some of us have very Windows-specific needs. For example, I have some Nvidia 3D Vision laptops (all of them on Intel 4th gen like the 4930MX that I mentioned above) and Nvidia 3D Vision only works with Windows. Then there is various software with anti-cheat and HASP that requires Windows kernel drivers.
So, for those systems, it’s either pirate 3-year ESU or some LTSC version of Windows 10.
nVidia murdered 3d Vision support years ago at this point. Are you running ancient drivers?
I miss my 3d Vision – so many of the current crop of games would be GORGEOUS in 3d Vision.
Short answer: Yes
Long answer: Yes, the 770M and 880M my Nvidia 3D Vision laptops have don’t support any newer driver versions anyway, and I bought an Area-51m from eBay with an RTX 2080 precisely because it’s the last GPU that supports the magic 425.31 driver version (the RTX 2080 SUPER was released after). The Area-51m doesn’t support it on the internal LCD like the older ones obviously, but can do it via HDMI and DP.
There is also a “3D Fix Manager” app from the HelixMods guy that allows you to have more recent drivers, but it didn’t work for me because the Area-51m needs DCH drivers (not the Standard non-DCH).
TPM should be renamed to not-trusted spying plattform.
Not really, hardware-level encryption is a nice thing to have. I don’t want to know how many people out there have set a BIOS-level password on their laptops thinking they’ve secured their private data in case their laptop gets lost, not knowing that all a thief has to do is unplug the hard drive (per the manufacturer’s repair manual), use one of the readily-available harddrive enclosures, and have a bootable drive with all the private data intact and accessible.
But there is a difference between Microsoft making it a requirement for new systems (as they did for Windows 10) and blocking systems from upgrades. I bought my laptop without TPM, which means I have accepted the risk or I have set up a software encryption system. If Windows 11 only complained instead of blocking installation, I would be ok with that, but now that Microsoft gives upgrades “for free” like their envy Apple does, they gotta trigger a “refresh cycle” somehow.
TPM is not a requirement for disk level encryption, it is mostly a convenience aid in implementation systems.
Also, literally nobody sets BIOS passwords or would even know what that is, except for nerds like us, who should know bettter anyway. But I think the scenario you describe would apply well to the Windows login password instead, with equally no security there, and most users being mislead in their assumptions of its protection.
So what’s the bad news here? Part of my own Zero Trust strategy involves not using products by companies I can’t trust, and this decision not only reaffirms my decision but also makes the choice simple.
My laptop has an i7-4700 MQ with a maximum clock rate of 3.4 GHz so that’s sure as hell not the problem, but it only has TPM 1.0 or 1.1.. Windows 11 doesn’t seem to like that, but literally no operating system seems to care as long as Secure Boot remains off like it should be.
I used rufus to make a usb install stick with the over-rides.
Then just copied the patched files off onto a win10 system and was able to do an in-place upgrade on a 6th gen i5.
Actually have 50+ systems I need to upgrade remotely.
Most businesses are not going to override the installer. Then again, by the time this hits, most businesses will have replaced hardware old enough to fail the Windows 11 requirements. I suspect circumventing the install constraints will be quite popular with regular folk. I doubt that Microsoft cares much about that. One more reason not to relax the requirements.