Security Expert Explains TPM 2.0 & Secure Boot | Ask A PC Expert
Переглядів 195,530
День томуWith the recent announcement that Windows 11 will require TPM 2.0 and Secure Boot to be enabled, many of us are confused and left feeling frustrated. Luckily Adam called up his friend and security professional Mike Danseglio to help explain it all, along with offering practical advice and his thoughts on if Microsoft will keep this requirement.
Buy The Full Nerd merch: crowdmade.com/collections/pcw...
00:00 - Intro
00:57 - What is TPM?
01:36 - The different forms of TPM
02:55 - What is Secure Boot?
04:37 - Why is TPM and Secure Boot important?
06:13 - TPM and Secure Boot vs anti-malware software
07:35 - What does TPM guard against?
08:27 - TPM and Secure Boot requirements in Windows 11
10:45 - Is Microsoft going to keep these requirements?
15:11 - How do you find out if you have TPM
17:05 - How to find out if your PC support Secure Boot
18:15 - What to do if you don't have TPM
21:40 - Does TPM and Secure Boot impact gaming?
Follow PCWorld for all things PC!
--------------------------------
SUBSCRIBE: ukposts.info_c...
TWITTER: / pcworld
FACEBOOK: / pcworld
TWITCH: / pcworldus
WEBSITE: www.pcworld.com
#Windows11 #TPM #SecureBoot
@PimptatoPCs 2 роки тому
TPM is responsible for countless people thinking they had a USB 3.0 header on their circa 2010 mobo.
@SilverAura 2 роки тому
I never asked to be brought up in this comment section, thank you...
@PimptatoPCs 2 роки тому
@Chris *you're
@jamesedwards3923 Рік тому
?
@EagleEye-MJG 2 роки тому
Way too many Tech Channels are overlooking this level of USEFUL dialog & communication.👏👏 They're way too engrossed in the next expensive gadget to push.🙄
@raandomplayer8589 2 роки тому
cough jayztwocents cough
@KubeSquared 2 роки тому
Are there any TPM modules with RGB on them? This is a very important question!
@yumri4 2 роки тому
why would you put RGB onto a PCB with 1 chip? It is that small for serval reasons but most of all to not take up space. IF you wanted to you could buy the TPM module and RGB lights like the ones that flex then use the RGB lighting to go over the TPM module as most if not all of them plug into the motherboard and have very little space between them and the thing the motherboard is on.
@vijaykumar-to5vd 2 роки тому
@@yumri4 every hardware has to be RGB even comodos why would any one want without RGB. RGB is must, even food has to be in RGB only
@photonboy999 2 роки тому
@@yumri4 , UM... it was a joke (did you watch the end of the video?). Plus, obviously a TPM module is far too small to put an LED on, nor would there be sufficient space left in a typical ATX case to hold all the photons it would emit.
@MadsterV 2 роки тому
it would run faster
@dakoderii4221 2 роки тому
Linus: "and water cooled!"
@kristian80au 2 роки тому
Would like to see more of this person in the future, great conversation!
@FreedomForAll2013 2 роки тому
Yeah smart and polite and professional that guy
@ColinTimmins 2 роки тому
I agree, very nice guy and makes for a good "interviewee". Polite and entertaining. =]
@castcrus 2 роки тому
Reminds me of my cyber security unit teacher back in the uni, almost the same age, same down to earth friendly vibe, and definitely a professional. makes me seriously consider if i should pursue a career in cyber security.
@melgibson6240 2 роки тому
lol he's a total sock puppet.
@waynepage8570 Рік тому
guess after 4 years time to buy another pc guess an i 7 with max ram and ssd not pass Bs
@MasterKoala777 2 роки тому
I’m only 5 minutes into the video and already learned a lot. Awesome interview and guest!
@SamsMediaCenter 2 роки тому
This was an excellent video. I didn't expect to enjoy this video as much as I did. 24 minutes just flew by. I never felt the need to move forward in the video manually, which I usually do on other UKposts videos. Excellent & conversation between the two individuals. Both interviewer and interviewee were great.
@SinisterPuppy 2 роки тому
Thing that gets me about this requirement. Even if your keys are secured in the TPM; for say Bitlocker; once you're in userland those keys become memory resident. Most exploits are software based; its not that hard to execute manage-bde -protectors C: -get or various powershell commands to get the recovery key. For me in the past 20yrs maybe only 5% of security breaches have been physical thief. Most are like hafnium; an exploit on an already running (unlocked) system. I 100% get this for HIPPA/PCI compliance, business clients, and mobile devices. For home desktop users though, hmmm.
@user-hk3ej4hk7m 2 роки тому
You need administrative privileges to get the recovery key. With administrative privileges you can also just dump the decrypted drive. Bitlocker can only do so much, Microsoft should consider that most people don't have any idea of what "yes" on a uac prompt means. Only rootkits are impossible to defend against by the OS itself, that's why secure boot is also a requirement. Without rootkits Windows Defender will always be able to scan the system, if there's malware that's able to exploit some privilege escalation vulnerability, to try to get the bitlocker keys, defender will likely kill it before it runs.
@rapiddu6482 2 роки тому
Ever heard of Memory Integrity (HVCI)? Surprise surprise it is only available in processor 8th gen and up using specialised hardware embedded in the CPU. From here you're are intelligent enough about why the 8th gen and up requirement for win11. It not only turns all these security features ON by default but makes it mandatory requirement of the OS. PS: You can simulate software based memory integrity but it really affects system performance by upto 40% depending on memory size and CPU raw power. Definitely not recommended.
@SinisterPuppy 2 роки тому
@@user-hk3ej4hk7m Look current print spooler exploit. There have been ways to bypass UAC in the past and get an elevated powershell prompt. Not saying more security is bad, just forcing it as a requirement on those of us who know how insecure Windows will always be is a sick joke.
@SinisterPuppy 2 роки тому
@@rapiddu6482 Thanks both of you for replying. Gave me some things to read up on. techcommunity.microsoft.com/t5/windows-it-pro-blog/comprehensive-protection-for-your-credentials-with-credential/ba-p/765314 (hopefully YT doesn't delete this link) While I agree this is awesome tech; finally plugging the mimikatz hole; I don't see why they are going to make this a hard requirement. What if I don't want the hyperv roles enabled on my system? I've had issues in the past running other hypervisors (Virtualbox / Vmware workstation) while it's enabled. Hope it ends up being enforced on OEM systems, but optional for those of us who are confident in our computing habits.
@rawhide_kobayashi 2 роки тому
@@SinisterPuppy and in the end none of it matters when your average luser downloads exe and lets it run as admin anyway
@Silent1Majority 2 роки тому
"A+" to the both of you for such a fantastic breakdown of this topic. Much appreciated.
@itsdeonlol 2 роки тому
Great interview! This really explained everything because I was confused. This guy is awesome Adam!
@Trifler500 2 роки тому
16:15 - Note that you do need to be logged in as an administrator for the TPM Console to work. It will say so if you're not.
@MatthewParksSr 2 роки тому
Mike Dan!!! He is a great friend, an awesome person, and fabulous speaker and instructor.
@MEGALITHdotORG 2 роки тому
Great interview, very informative, great tone, delightful guest! Thumbs up!
@jpgarcia7892 2 роки тому
Very informative and enlightening! More content like these in the future.
@anands7371 2 роки тому
This is such a great conversation. 25 mins just flew bye.
@Nurpus 2 роки тому
Gotta love how the expert carefully and clearly explains what those technologies are, just to pull the rug and say with 100% confidence that Microsoft is not gonna require them 😂
@arsonfly Рік тому
I'm from the future and Windows 11 requires them to install. There are ways around it but it's not very secure.
@PaperBagMan884 Рік тому
That didn’t age well lol
@kymberleyanne 2 роки тому
Thank you for your help I was able to located everything you talked about on here it worked :)
@thomaspedersen6442 Рік тому
It looks like Microsoft didn't back down on their requirements for security features after all.
@JusticeGamingChannel 2 роки тому
Great Explanation, well-done PC World!
@benl1612 2 роки тому
thank fk for this video honestly, could not find any viable information whatsoever on any websites or forums about what tpm is what it does and what difference discrete and firmware ones do and the settings you should look for and stuff. super good video. thanks.
@rh4009 2 роки тому
TPM is there to protect Microsoft, Warner Bros, at all, from YOU, making it harder for YOU to make backups of your content, games, etc. It also makes you a tenant on the computer you think you own. It is part and parcel of the Software as service plan. It allows the developer to control when the software you rent stops running.
@topandrun126 2 роки тому
Thanks for making this video this was very helpful.
@bazz4697 2 роки тому
Thanks for the update on tpm as I have the older i7 cpu but have found out my gigabyte motherboard has supported for a tpm module so I Will be looking into that and also checking for secure boot support this was very informative thank you very much
@jamest2861 2 роки тому
Secure boot is going to cause a lot of problems. Once you turn it on, now it might not recognize your your drives, your GPU or even your memory. And you won't even be able to boot into BIOS to turn it back off. In essence rendering your mother board into a paper weight. And the solution by Microsoft will be to replace your computer with one that has windows 11 already loaded! I suggest to anyone trying to make these adjustments in their BIOS to have a dual BIOS board such as gigabyte so when you destroy one BIOS you have another one left to try to run windows 11 or switch back to windows 10.
@briankane7440 2 роки тому
This is not true. You can enter BIOS and turn off secure boot again, or to update the allowed keys. The biggest issue would be if your video driver key is not signed or not permitted then you will not have video, but you can use serial potentially.
@Nnda8731 2 роки тому
Bruh fake news much? Sounds like the hackers are hella pissed off their lives are getting 10x harder
@02091992able 2 роки тому
If it doesn't recognize a OS and the drive its on. That is because its a OS running on what is called Legacy Bios. Windows 10 at least has a command prompt command that can convert a OS and drive from running on Legacy Bios to UEFI or GPT without harming the OS or drive. Disable secure boot and it should come back up.
@charlesm8944 2 роки тому
Very detailed and clearly explained. Thanks!
@adgarza 2 роки тому
If you go to the Advanced or Security options in the BIOS of your DIY computer, and you are using, let's say, 8th Gen Intel, chances are that you will be able to turn on the Intel PTT (Platform Trust Technology, equivalent to TPM) functionality. It depends much more on firmware/BIOS settings than in own processor's settings.
@RizwanZia Рік тому
Great video, complicated terminologies nicely explained! :)
@TSUNAMI17 2 роки тому
This was SO helpful. Thank you!
@lowstryder1022 2 роки тому
Very much looking forward to watching this! Thanks for setting this up Adam!
@randomgeocacher 2 роки тому
TPM also supports authentication, remote attestation etc. so it is a very important building block for WebAuthn TPM variants, Microsoft Azure Attestation, etc. if you want to increase the level of services provided securely, with some percent of clients malware infected, you have to have a trusted computing base to only release keys and attests to correctly booted OS:es.
@waynepage8570 Рік тому
bs when you have a 4 year old hp pc i 7 ssd and wont pass bs
@DangerGnom 2 роки тому
it should be an option, not mandatory. A very good interview, thanks for doing it. Helped me understanding it better.
@markdawson25 2 роки тому
Windows is an option... Linux Mint is a better one
@HTHAMMACK1 2 роки тому
@@markdawson25 Linux is still garbage, and will continue to be compared to Windows or Mac OS no matter how long you Linux fanboys peddle that crap.
@yamilabugattas3895 2 роки тому
This was a really nice interview, you should have him on again!
@PE4Doers 2 роки тому
A shout out to Mike - a fellow CISSP :) Sorry I missed this when it was live (my Day Job can be a pain sometimes), it was very informative and interesting. David Rivera, PE, CISSP, MBA
@ramonlnegron6120 2 роки тому
Awesome video, wow, I feel much better about Windows 11 after watching it. Thanks!!!
@kwl189 2 роки тому
With or without tpm or secure boot, I for one will not be updating to windows 11 no matter what. Nothing ever works properly when released by corporations these days. I’m fed up with paying top dollar for shit that doesn’t work as advertised and to a standard that I agreed to when making my purchasing decision.
@RKelleyCook 2 роки тому
Favorite part of the video: the high end Klein Tool Screwdriver on the peg board. Those of us that do stuff more than just installing a motherboard (putting in a plug, cabling ehternet, etc.) know why high-end tools such as US-made Klein are something we all own.
@tindo 2 роки тому
Fantastic interview, Give me MOAR!!!!!
@Taras-Nabad 2 роки тому
Great video and great guest you had.
@DrorF 2 роки тому
9:48 Windows v-word?! Oh, _Windows _*_Vista_* ... Took me a looong time to figure that one out. Almost forgot about that one for some reason.
@rebornlol Рік тому
Excellent video. Enjoyed the guest speaker!
@davidrobins4025 2 роки тому
VERY helpful information. THANK YOU.
@johnstancliff7328 2 роки тому
right now, TPM modules are extremely hard to buy. I have a MSI motherboard, and when I bought mine in 2011, I added the TPM module at that time. Now 10 years later, windows 11 come out and the module is outdated. I tried to check to see if the newer module was available, and it wasn't. when I enable the existing TPM, windows 10 doesn't see it. can't tell if the module is good or not. for a lot of computers, the TPM module is missing, its was offered as an option and was available until; now. MSI, Asus, and others are having issues with this requirement. a lot of people don't even know what this is all about...this is really causing issues with consumers.
@liaminwales 2 роки тому
There is no panic or rush to upgrade, win 10 will have support for a long time so you dont need to rush out to buy anything. As always wait for other people to test the OS find the bugs and let Microsoft patch them before you make any jump & by then it will be easy to buy a TPM thing.
@jonshadow4052 2 роки тому
@@liaminwales WIN10 ends in 2025
@Ronnysun0788 2 роки тому
depending on if you MB BIOS support the TPM or not.
@Ronnysun0788 2 роки тому
Your MB
@MFMArt 2 роки тому
@@jonshadow4052 not only is that a lot of time, but windows 10 wont stop functioning, it just wont be supported with regular updates. OPs motherboard is older than 10 years (15 by 2025) very much in the range to replace/upgrade. Also TPM modules arent hard to get, you can find them between 25-100 bucks. if upgrading a system is too much, a TPM module is not a big deal.
@Miskatonic-University 2 роки тому
Great guy, very knowledgeable and clear...funny question on FPS btw 😁
@midibenni 2 роки тому
MSI Z390, i run it with i9 9900K If it's for Windows 11 installation, no need to install external TPM 2.0 module for Z390. Just enable "Secury Device Support" in BIOS, and press [win]+[R] key and run "tpm.msc" to check the TPM version in Windows.
@kwl189 2 роки тому
More or less straight to the point. Chapters included? Take my thumbs up 👍🏽
@Garth2011 2 роки тому
One big consideration many might have is...if TPM is enabled and secure boot too, can you still image an OS on the boot drive/SSD and restore it later and can you move that same SSD from one motherboard to another when you might upgrade or replace a motherboard? Or, if you buy a larger SSD, can you still restore the previous OS from the previous SSD to the new larger SSD? I'm thinking no if there are security keys that might be looking for the same motherboard and/or SSD hardware id's.
@justin81981 2 роки тому
Very knowledgeable. Don't forget about DX12 is a requirement also.
@mr.wonderful4307 2 роки тому
Excellent explanation. Thank you !
@RevNicholasJonsson 2 роки тому
Excellent and informative video. Thank you 😊
@eukariootti1 2 роки тому
In your BIOS/UEFI, there might be this kind of options to choose from: * Firmware TPM (with the help of your CPU) * Dedicated TPM (done by external Module on the motherboad) * Nothing. Firmware TPM: * AMD: *fTPM* (at least *Zen+* i.e. 2000-series Ryzen Desktop from 2018) * Intel: *PTT* (at least *8th Gen* i.e. Core ix-8xxx Desktop from 2017 & 2018) One way to check TPM's status: Run > *tpm.msc*
@AdaaDK 2 роки тому
Very good info and explanation . thx pc world. :-)
@swayze240 2 роки тому
Great info, thanks guys!
@d.oconnor4047 2 роки тому
Great video thanks for the info guys :)
@RobertCookcx 2 роки тому
This was a great learning experience. Down to earth and practical feedback on the Windows 11 situation. I have a Ryzen 2400G with secureboot and TPM enabled and yet it tells me the "processor" is not supported. WT Poop?
@FuelrIce 2 роки тому
Love the interview, nice to hear from a security expert just what these technologies actually are; however, I will need to correct him on one point. Windows 10 *did* in fact ship with the mandatory update feature, at least on Windows 10 Home. You can "snooze" or delay the updates -- for awhile -- but you cannot turn them off entirely without third-party software, and eventually Windows will stop letting you snooze the update and just install it without user input or consent. I upgraded from Windows 7 during the free-digital-upgrade period, and this extremely annoying "feature" was very much present on the system. It was also present on my daughter's Windows 10 Home install, 3 years later from physical install media. It is still present on both, as it cannot be turned off on the Home edition. So.. yeah, on that *one* point alone, I'll have to disagree with our esteemed expert. For the rest: Thanks for the new info, I do try to learn something new every day!
@rmt74358 Рік тому
You can turn off updates permanently or until you want it turned on. Turn off the service.
@kevinksb7568 2 роки тому
Very Informative Thank you
@synthwave7 2 роки тому
Yes, no need for a hardware TPM module for Win11. Simply enable TPM in the BIOS [FTPM] - several videos on YT to show you how to do this.
@Nuide.Jabrig89 7 місяців тому
Is it important that the PC should contain it before you can install Windows? What happens then when you click next and next on it? hope can get it thanks
@FrankLeeMadeere 2 роки тому
I think this clearly points to Microsoft having plans to be a bit more iOS like with some sort of "MSpass" that once you're in the system you don't need any passwords (or just one master) for almost anything with the OS handling the "keychain" etc.. This will be marketed as "user friendly" and "more secure" but I highly suggest we wait for version 2 or 3!
@FrankLeeMadeere 2 роки тому
13:00 Exactly my thoughts! They'll just say that "MSpass" (see above) is only available to those with TPM 2.0 and SecureBoot.
@mrtuk4282 2 роки тому
To be honest it is the lock in for Home users to have a MS account that is a big worry aswell as they seem to be trying to create a walled garden like Apple so you are forced to use the MS Store and be unable to install from anywhere else - Even so much as welcoming Steam and Epic to join the MS Store - LOL that would be the end of their business models if the do that, because MS could sell the same software/games and undercut them because the will already be forcing a levy on them !
@haraberu 2 роки тому
That function (internally named CredWriteA and CreadReadA) was added in WIndows XP. You know that little window that pops up when you connect to a \\shared\folder ? Any Windows app can use it. The database is encrypted with your Windows login password. You are correct with the "wait for version 3" because at least originally there was only one database per user, shared across all apps.
@code_elaborated 2 роки тому
awesome and to the point. Thanks for this
@arpinkus 2 роки тому
Great vid. In the future, please discuss Win 11 and the use/effects of using bitlocker.
@SpringerGyrl 2 роки тому
I have an Asus Prime B450M-A motherboard and both TPM and Secure Boot are available but both are disabled. Do I turn on TPM first or is there a proper order to turn them on? Appreciate your time to reply PCWorld ... thanks.
@brenth82 2 роки тому
I thought I would post this as a separate question, assuming the day comes where secure boot is not some thing that is able to be turned off any longer, who is the organization that actually decides which operating systems are allowed to be used? Does each individual distribution of Linux, forsake, have to get certified with each manufacturer of computers, or is there a notion of installing their certificate into your system, and telling it to trust it, sort of like what has been done with TLS certificates inside of companies for a long time now?
@liaminwales 2 роки тому
Cool interview. Id love to see an ABC of security for normal home users. Do I need a password on my home PC? Is there anything I need to change in settings? and all the basic stuff that people forget or dont know.
@dakoderii4221 2 роки тому
That's WAAAAAY too simple. Needs to be more complex for more exposure to more people. Remember, bad press is good press. Then they can raise the prices because of the complexity of the situation. Not saying they are doing that but I wouldn't put it past them to do it.
@alexk4894 8 місяців тому
TPM itself does nothing until you enable disk encryption. It looks fun that MS requires TPM but has Bitlocker turned off by default. There is another reason - DRM protection. Large companies, such as Netflix, want to identify your PC and restrict access to their content if they want to. Checking serial number or similar codes is not effective since a user can bypass these checks easily. But with TPM endorsement certificates and DRM-enabled browser it becomes really hard. They don't care about your security, they care about their money
@Foxtrot1967 2 роки тому
Will physical servers running windows OS's and/or VM Host's need to have a TPM module on the motherboard?
@costond.dorsey4228 2 роки тому
Thanks to Mike D.!
@brenth82 2 роки тому
Good video. One thing this could do, if it does actually go live, and I am with you on the idea that it almost couldn’t without a real train wreck, it will cut off every Intel Mac that was ever used from being able to use Boot Camp with it. Yes, I know the Intel max days might be close to the end, but I just bought one before the pandemic, and it is miles faster than the machines I had before. I don’t tend to upgrade real often.
@randym1954tx 2 роки тому
I have 6 PC, three of them have MB less than a year old, TPM had to be setup at boot bios, then ran mbr2gpt to create secure boot.... once I figured it out set it up was straight forward. The other machines have MB from 2011 or earlier did not have TPM....
@SamuelHollandsh 2 роки тому
Hi, nice video. I'm new to CPU/gpu since about five years or so ago. Thankfully I had recently went amd on this desktop and was wondering since I met the requirements why win 11 wasn't booting( it would loop back to win 10). I believe I finally found the answer; please correct me if I'm wrong:Secure Boot must be enabled before an operating system is installed. If an operating system was installed while Secure Boot was disabled, it will not support Secure Boot and a new installation is required. Thank you sincerely
@jamesedwards3923 2 роки тому
Good call.
@bryanjfe 2 роки тому
You need to address GPT in relation to this i think. I had no idea that MBR is not supported for secureboot and therefore my system i've upgraded over the years needed some tweaking.
@kmcbayne22 2 роки тому
I know my Ryzen 7 1700X has fTPM but also heard that Win 11 would not support 1st gen Ryzen? 👀 I plan to upgrade my rig regardless but wanted to make sure I'm Win 11 ready so this was good information. Thanks
@kmcbayne22 2 роки тому
@@ssaini5028 I'm too vain for that... I got to have the new shyt 😁 just unwilling to pay inflated GPU prices 🤑 so I'll wait it out and upgrade later.
@mhamma6560 2 роки тому
@@kmcbayne22 You gain nothing from win 11, it's for alder lake and zen 5, aka when big.little comes to town.
@Fraaip Рік тому
Are there any security implications from one implementation of TPM to another?
@MrCg006 2 роки тому
Should have mentioned for anyone that gets curious.. if secure boot is currently NOT enabled on your "working" PC's bios, enabling it will prevent your system from booting (will blue screen). Do not enable in bios unless you are performing a clean Windows install. This has to be enabled before you begin the OS install. Turning on fTPM on the other hand does not cause issues.
@ISCARI0T 2 роки тому
but u need secure boot for windows 11, so what am i gonna do? not activate secure boot?
@Vysair 2 роки тому
I turn on Windows 10 WHQL Support and Secure Boot. The PC won't boot at all and enter bios (it's UEFI). Windows 11 fucking sucks. I'm on R3 2200G + 1050 Ti. BTW, I recommend PopOS or DeepinOS if you like Mac theme. I'm so fucking moving to Linux.
@MrCg006 2 роки тому
@@ISCARI0T Secureboot is enabled in the bios. Once your settings are in place, you will boot from a DVD/USB and install windows. If you "have TPM" but no secureboot in your current OS install, you will not be able to just "upgrade" from 10-11 (as it is now). Need to do a clean install from scratch.
@ISCARI0T 2 роки тому
@@MrCg006 it says secure boot is disabled in my systeminfo, so i cant install windows 11 if i dont turn it on but if i turn it on i wont be able to boot up to the current windows version and get to use all my data and stuff? did i get that right
@elecman748 2 роки тому
@@ISCARI0T yep, Microsoft really used his big brain this time
@AndreasElf 2 роки тому
Really good, but I see you missed 1 important question. Q: What happens if you update UEFI with TPM on? I'm guessing you're fine if only TPM is on, nothing else, but screwed if Bitlocker is on..?
@farzadjahanfard 2 роки тому
Thanks to you guys I found out I have it.
@peterchristie1096 2 роки тому
I Have a very low end acer notebook. TPM is present and I was able to install the Windows 11 Dev version with no issues. As it is a very limited computer I reverted back to W10 in the meantime. I can't say that I like W11 very much.
@markusTegelane 10 місяців тому
So, after Windows 11 launch it's possible to bypass TPM requirement on fresh installs with LabConfig registry key, but they say you might not get updates at some point if you bypass those requirements
@MikeSHogan 2 роки тому
Are there any risks to enabling fTPM in my bios for my AMD processor? Is there any chance it might affect my ability to boot if the process doesnt go smoothly?
@stevecurrier2462 2 роки тому
I cannot find this answer anywhere. Is it possible yo put a TPM 2.0 module onto an older MB? Or in place of the one on it?
@TheDrewCrawford 2 роки тому
This was really useful information.
@rayt6867 2 роки тому
Very informative, my mobo has a TPM (Trusted Platform Module Header) to plug it in, but where do I get one?
@petenielsen6683 2 роки тому
As I commented a few moments ago, Newegg is not carrying the ones made by MSI but it does have some of the plug in variety. The question is whether they will only work with the Dell and HP systems for which they were originally intended or will they work on MSI, Asus, and other motherboards.
@MikeJones-bl6lu 2 роки тому
@@petenielsen6683 ASUS has them for their boards also. Really depends on what processor you have. Recent processors have TPM on firmware additional to motherboard support.
@Pugwash. 2 роки тому
My ASRock MB has a TPM header but after checking in firmware I enabled the fTPM in my Ryzen instead. The plug-in modules are, of course, in short supply since MS said they would be required.
@MikeJones-bl6lu 2 роки тому
@@Pugwash. nobody was expecting any such requirement. The motherboard manufacturers were caught off guard. ASUS only had 1 single module at all.
@robertlawson4295 2 роки тому
I was surprised that Mike never brought up Intel PTT which is a firmware TPM built in to Intel chips from the 4th generation and newer. My Win10 computer uses a Core-i5 8th generation chip which has the PTT feature. With the feature off (by default) the TPM.MSC command shows no TPM available but when I enabled the Intel PTT feature then the command showed that I had TPM 2.0 in use. Hope this helps.
@jamesisaac7684 2 роки тому
Exact same thing
@GreggRoberts 2 роки тому
With this secure boot I hope the venders that utilize bootable media conform to it. Also, what about dual boot systems and/or using vm?
@liowyew 2 роки тому
I support the hardware TPM 2.0. I constantly received malwares whenever I visited some sites and that caused me to format my hard disk once every year.
@MrChannel19 2 роки тому
Is the updater possibly affected by computers to ignore the TPM? I see the TPM 2.0 but there must be a feature that blocks the recognition of the TPM from actively moving forward to upgrade. Will I need Microsoft Team turned on or is there a hack that is malicious to prevent the upgrade?
@johnchase9054 2 роки тому
DIY machine. I didn't buy the TPM chip when I built it three years ago. The motherboard supports TPM (which in on order). Secure Boot was already enabled.
@utoobeigiveup 2 роки тому
Just curious if you used a plugin TPM module and enable secure boot in the bios, what's stopping from someone from unplugging the module and resetting the bios making it no longer secure?
@MasicoreLord 2 роки тому
Windows Update would likely block new version/build/feature updates.
@absurdbird3556 Рік тому
FW-TPM (called PPT) has been on intel Core CPUs since Haswell in 2013. Most intel chips less than 8 years old will have it.
@eeemb 2 роки тому
If you enable tpm, will it affect your ability to upgrade your PC hardware in the future? My understanding is that it links to the hardware in your system. I'm running an Intel i7 9700k. If I enable tpm, and years from now I change my motherboard and CPU and ram, am I going to have to do an fresh windows install? Will I lose my copy of windows assigned to my windows account?
@michaelhawthorne8696 2 роки тому
One thing I had to do to enable Secure Boot and fTPM........ I had to change the Boot partion from MBR to GPT. Before I did this, disabling CSM in BIOS, I had no bootable disk for the OS Once I made the change, disabling CSM in BIOS, revealed the OS on the Bootable disk and I was good to go.... I passed the Win 11 check...
@alexilaiho1st 2 роки тому
Funny how TPM not only stands for Trusted Platform Module, but it could also stand for Tamper Proof Module since he explained it's hard to tamper with :p
@chuzzbot 2 роки тому
It's really easy to implement win11 capability unless your computer is ancient. It is highly unlikely that a new PC doesn't have 'some' capability to either add a chip or flick a switch in the bios. Turn on PPT in bios security settings and it's all good.
@ToucH9000 2 роки тому
Microsoft : TPM 2.0 and Secure Boot will provide you the best security Print Exploit : *Bonjour*
@ganeshv6586 2 роки тому
We bought one industrial pc with aptio setup utility BIOS..is there any possibility to enable TPM in the BIOS..
@danethorson7992 2 роки тому
I am confused about one thing - latest Intel chipset - Z590 motherboard from Gigabyte, still has TPM connector. So 11th gen Intel CPUs do not have built-in TPM and i still need to buy a module from Gigabyte for enjoyment of scalpers? Because TPM modules have vanished from most of the regular stores. But you can happily find them on ebay for 100+$
@antonsurviyanto5896 2 роки тому
Best ever review compare to other reviews. Thanks
@johanjacobs9240 2 роки тому
With TPM 2 and secure boot enabled in my PC's BIOS, my NVMe.M2 SDD (which is my boot drive) suddenly have much slower write speeds. 1200 MB/s down to 400 MB/s What can I do to restore the original write speed of my SSD?
@richardblack5710 2 роки тому
Great discussion.
@dennissmith1435 2 роки тому
Question: If you use a hardware TPM module, dTPM, are these, or can they be a security risk. Could someone produce module that would be a security risk as a way to compromise your system? How do you know if a module is legitimate or not?
@davidcole2337 2 роки тому
Good Interview..
Ми - Україна
Переглядів 831 тис.
Middle of Knowhere
Переглядів 41 тис.
LearnCantrill
Переглядів 66 тис.
Claude Ams - Programming Guru 💻
Переглядів 11 млн
notebook-31
Переглядів 994 тис.
Hard Play
Переглядів 134 тис.