Microsoft's Hidden Agenda?

Microsoft's Dirty Secret: Your Old PC is Now Trash!

Estimated read time: 1:20

    Summary

    Microsoft's latest operating system, Windows 11, has stirred controversy due to its stringent hardware requirements, especially the mandatory TPM 2.0. Many users are frustrated as this renders their still functional PCs obsolete, leading to increased e-waste. While the inclusion of TPM 2.0 aims to bolster security, some suspect it's a ploy to drive new hardware sales, benefitting Microsoft and its hardware partners. This situation has sparked debates around security, economic implications for users, and environmental impact.

      Highlights

      • Dave explores Microsoft's requirement for TPM 2.0 in Windows 11, which impacts older PCs. 💻
      • The TPM is a security microcontroller that boosts protection by managing cryptographic keys. 🔒
      • Secure boot processes are designed to prevent malicious code from entering the boot sequence. 🚀
      • The requirement is seen by some as a means to push hardware sales, benefiting Microsoft. 🏭
      • Users face a dilemma: stay with Windows 10 or risk installing Windows 11 through unofficial methods. 🎭

      Key Takeaways

      • TPM 2.0 is now mandatory for Windows 11, leading many older PCs to be deemed obsolete. 😲
      • TPM enhances security by establishing a hardware root of trust, but its implementation is controversial. 🔐
      • There are environmental concerns as older, functional PCs may become e-waste due to these new requirements. ♻️
      • Microsoft's push for TPM 2.0 may inadvertently support hardware sales and subscription services like Microsoft 365. 💼
      • Many users feel pressured to upgrade hardware prematurely, raising economic and environmental concerns. 💸

      Overview

      Dave, a retired software engineer from Microsoft, delves into the newly introduced hardware requirements for Windows 11 that mandate the use of TPM 2.0. This decision by Microsoft renders many older PCs obsolete even though they may still function perfectly for daily tasks. Dave explains the role of TPM as a security microcontroller that strengthens system security by managing cryptographic keys and ensuring trusted boot processes, but he questions if this is a genuine need or a strategic push for new hardware sales.

        The TPM requirement has broad implications. It enhances security drastically by establishing a hardware root of trust which was previously impossible with software alone. However, this hardware mandate leads to massive e-waste as countless functional PCs are now deemed inadequate for the latest operating system purely on the absence of this microcontroller. Environmental concerns loom large as the technology industry faces criticism for its role in contributing to electronic waste.

          Dave raises pertinent questions about Microsoft's motivations. Could the enforced adoption of TPM 2.0 and recent CPUs be a clever masquerade to stimulate the market for new computers? It appears to align with the interests of both Microsoft and its hardware partners, potentially boosting sales and aligning with subscription-based services like Microsoft 365. Users are left in a bind between upgrading hardware or holding onto older systems, raising discussions on corporate strategy versus consumer impact.

            Chapters

            • 00:00 - 00:30: Introduction and PC obsolescence The chapter 'Introduction and PC obsolescence' discusses the impact of Microsoft's new TPM and security requirements on the lifespan of PCs, which are being deemed obsolete prematurely. Dave, a retired software engineer from Microsoft, challenges the necessity of these requirements and questions whether they are genuinely for security or merely a sales tactic. He draws from his extensive experience, dating back to the MSTOS and Windows 95 days, to delve into the implications of making TPM mandatory.
            • 00:30 - 01:30: TPM and Windows 11 requirements This chapter discusses the Windows 11 requirement for TPM (Trusted Platform Module), which is causing frustration because it potentially turns a generation of PC hardware into e-waste. It explains that the TPM is a security microcontroller embedded in the computer's motherboard, functioning as a secure crypto processor for cryptographic operations.
            • 01:30 - 02:30: Secure boot and UEFI The chapter titled 'Secure boot and UEFI' discusses the function and importance of the Trusted Platform Module (TPM) in modern security systems. TPM acts as an isolated environment for securely generating, storing, and managing cryptographic keys, which is critical for encryption features like BitLocker Drive encryption. This system makes it challenging for unauthorized individuals to access files, even if they manage to physically remove the drive. Additionally, the TPM is integral to the secure boot process, ensuring that the system starts with trusted software.
            • 02:30 - 03:30: Chain of trust and software restrictions The chapter discusses the concept of chain of trust and software restrictions in computing. It starts by explaining the workings of early computers like the original IBM PC, which utilized a simple ROM chip on the motherboard. Upon resetting, the CPU would execute code from the ROM, known as the BIOS ROM, which served as the basic input and output system. The BIOS contained code for basic operations like writing text to the screen or reading from a disk. The bootloader within the BIOS was responsible for fetching and loading the initial MS DOS binary, enabling the system to start up and run.
            • 03:30 - 05:30: Security vs. user convenience The chapter explores the evolution of computer boot systems, highlighting the transition from BIOS to UEFI systems. Initially, in older computers, Windows operated on top of a DOS-based system which was necessary for loading the OS. As technology progressed, the reliance on DOS was eliminated with the advent of modern Windows systems based on the Windows NT system, which allowed the BIOS to load Windows directly. This was further developed with the introduction of UEFI systems, which are more advanced than BIOS, offering features like graphical setup support to replace old text interfaces. This evolution illustrates the balance and sometimes the conflict between enhancing security through advanced system firmware like UEFI and maintaining user convenience. The chapter suggests that UEFI's additional capabilities, such as graphical support and possibly other implicit security enhancements, aim to provide a balance between technical sophistication and user accessibility.
            • 05:30 - 07:30: Impact on users and hardware obsolescence The chapter discusses the role of TPM (Trusted Platform Module) in enhancing security by verifying the integrity of system binaries before loading the operating system. This process involves checking cryptographic signatures to ensure that the binaries are original and unaltered. The foundation of this security measure is a master platform key, which can be managed and updated by vendors using a key exchange key (KEK). A signature database is maintained to store the public keys or hashes of trusted binaries such as drivers and bootloaders. This system helps in establishing a chain of trust that ensures uncompromised security even when hardware becomes obsolete.
            • 07:30 - 10:00: Environmental impact and business implications The chapter covers the secure boot process in computer systems, driven by motherboard manufacturers using their trusted keys, and a forbidden signature database that identifies and revokes access to malicious software. It describes the method of securely starting a system from scratch, leveraging a helper chip, UFI, and TPM to ensure security and integrity.
            • 10:00 - 13:00: Historical context and future outlook The chapter discusses the process by which a computer system securely verifies its startup sequence, starting from the boot entry to the loading of the operating system's core, typically the kernel. It explains how each component, from the bootloader to the kernel, is signed and verified to ensure security. The trust verification can extend to programs and applications, depending on system configuration. This process is essential for preventing unverified or malicious code from executing during startup.
            • 13:00 - 14:30: Community engagement and conclusion The chapter discusses the concept of a highly secure computing system where all code must be trusted and cryptographically verified as safe to operate. In such a system, traditional concerns about Trojans or viruses are eliminated, as any new, altered, or unauthorized code is automatically rejected. This approach bypasses the need for traditional virus signature checks by refusing to load anything not guaranteed as secure.

            Microsoft's Dirty Secret: Your Old PC is Now Trash! Transcription

            • 00:00 - 00:30 Hey, I'm Dave. Welcome to my shop. Microsoft is consigning millions of PCs to the ash heaps of history well before their time. All because of new TPM and security requirements. And today we're going to look at the reasons why to see if they actually hold up or if it's all just a clever sales ploy in disguise. I'm Dave Plameumber, retired software engineer from Microsoft going back to the MSTOS and Windows 95 days. And this is a topic that has really resonated with many of you. the whole situation surrounding the trusted platform module or TPM and making it a mandatory
            • 00:30 - 01:00 requirement for Windows 11. More to the point, however, an entire generation of PC hardware will be turned into e-waste before its time is truly done. And this is frustrating for a lot of people. This all starts with that mysterious TPM module we keep hearing about. So, let's take a quick look at what it all means. To recap, the trusted platform module or TPM is essentially a dedicated security microcontroller embedded within your computer's motherboard. It acts as a secure crypto processor designed to perform cryptographic operations. Its
            • 01:00 - 01:30 functions are varied but crucial for modern security. It's basically a black box that runs independent of your system and the outside world as a whole. It can securely generate, store, and manage cryptographic keys. This is vital for features like Bit Locker Drive encryption, where the keys needed to unlock your data are protected by the TPM, making it that much harder for unauthorized individuals to actually access your files, even if they physically remove the drive. Beyond encryption keys, the TPM also plays a role in what's known as secure boot.
            • 01:30 - 02:00 Let's take a general look at the idea behind it. In a classic computer like the old original IBM PC, there was a simple ROM chip on the motherboard and when the CPU was reset, it would start executing code and a knowing address inside that ROM. And that's about all there was to it. The ROM was known as the BIOS ROM for basic input and output system. It contains code to do things like write text to the screen or read blocks from a disk. And so the bootloadader built into the BIOS code would fetch the initial MS DOS binary and load your system. And that in turn
            • 02:00 - 02:30 would load 16-bit Windows on top of it. if you desired. And by the time modern Windows came along based on the Windows NT system, the MS DTOS middleman was then eliminated and the BIOS would actually load a Windows binary itself. Soon enough, the BIOS chips in our PCs would be replaced by more sophisticated UEFI systems or unified extensible firmware interface. Like a BIOS on steroids, UEFI brings a number of features to the table, including graphical setup support to replace the old pure text interface. But the new UEFI goes one step further. It provides
            • 02:30 - 03:00 security by using the TPM. That's because before it loads your operating system, it checks the actual bits of the system binaries to make sure they were securely signed with a cryptographic signature that guarantees those bits are original and unmolested. That route of trust starts with a master platform key and can be modified by vendors with a key exchange key or a kek. There's a signature database that holds the public keys and/or hashes of bits of binaries like drivers and bootloadaders and so on that are known to be trusted. It's
            • 03:00 - 03:30 ultimately up to the motherboard manufacturer whose keys are included in the trusted list. There's also a forbidden signature database that can be updated that holds the hashes of software known to be tainted or malicious, which provides a mechanism for revoking or rolling back previously granted access. These mechanisms are all combined to securely boot the system from a cold start. The CPU, or more accurately a helper chip of some kind, invokes the UFI, and the UFI looks at the boot entry. It then uses the TPM to
            • 03:30 - 04:00 securely verify that the boot entry is from an accepted vendor like Microsoft or Auntu. And if it is, it then loads the digitally signed and secure bootloadader. The bootloader then loads the core of the operating system, normally in the form of its kernel. And of course, that part must be signed and verified as well. So the UFI checks the bootloader and the bootloader checks the kernel and the kernel checks any drivers or services that get loaded into kernel space. And depending on how your system is configured, this trust might be enforced all the way down such that you can only run programs and applications
            • 04:00 - 04:30 that are also trusted and cryptographically verified as safe. In a system like that, you don't worry about Trojans or viruses because they simply can't operate at all. Any code that is new or different or modified is automatically rejected as insecure. So, it's not a case of checking each component for virus signatures. You simply refuse to load anything that's not guaranteed to be secure. Now, that's going to be overkill for most people. Beyond the components actually included and signed with the base operating system, all of your apps would then have to be signed as well and likely have to
            • 04:30 - 05:00 come from an official app store of some kind. It would dramatically reduce the number of tools and apps that you'd be able to run. Now, if this sounds a bit like the Apple iPhone, it's because it is. And it's one of the reasons that the iPhone has traditionally been harder to attack. That chain of trust extends all the way down to the store apps so that only official apps blessed by Apple could even be executed. We all know that from time to time even the iPhone can be jailbroken, allowing unsigned code to be loaded. Couldn't people just do this with their UEFIPCs, negating the entire
            • 05:00 - 05:30 value of the security stack? Well, while jailbreaking a PC to bypass the TPM and secure boot requirements for Windows 11 is theoretically possible, it's significantly more complex and less likely than just jailbreaking an iPhone. While all iPhones are pretty much the same, the PC is a wildly diverse beast with an almost infinite combination of CPUs, motherboards, TPMs, and UEFI implementations, bypassing it requires either exploiting UEFI vulnerabilities or disabling secure boot entirely. While disabling secure boot is possible on
            • 05:30 - 06:00 most systems still, there's no guarantee that the code you're trying to jailbreak and run, like Windows itself, will cooperate with you. It could conceivably one day refuse to run in an untrusted environment. But while Microsoft could mandate this ultra seccure approach, it would simply be too limiting at this time. The compromise they've struck then instead is to ensure that the operating system itself is safe and secure and that everything in kernel mode is fully trusted. This in turn guarantees the integrity of the operating system itself. You might still encounter a malicious payload or download that tries
            • 06:00 - 06:30 to do harm, but the amount of harm and the types of things that it can do will be vastly limited. It would never be able to rootkit your system or install drivers or anything highly invasive as long as the system is working as designed. It can't run around and ransomware your system files. But now that we have a handle on some of the benefits of having a working TPM in every system, perhaps it's no surprise to learn that Microsoft's decision to mandate TPM 2.0 for Windows 11 has been a point of major contention. In their view, the TPM provides a hardware route of trust, something that software alone
            • 06:30 - 07:00 simply cannot achieve. By requiring this modern security chip along with relatively recent CPUs, Microsoft argues that Windows 11 can offer a significantly more secure computing experience better equipped to handle the evolving threats of today's digital world. They emphasize the increasing sophistication of cyber attacks and the need for a layered security approach where hardware plays a fundamental role. The TPM in this context is seen as a critical building block for future security innovations within the operating system. However, this focus on security through hardware has a very
            • 07:00 - 07:30 real and tangible impact on a large number of PC users. Despite having machines that are in many cases still performing admirably for everyday tasks, content creation, and even gaming, these users found themselves unable to directly upgrade to Windows 11. The lack of a TPM 2.0 chip, or in some cases, an older generation CPU that didn't meet Microsoft's current requirements, became an absolute barrier. This hardware exclusion has affected a significant portion of the PC user base, leaving many users feeling like their perfectly good technology has been prematurely
            • 07:30 - 08:00 relegated to the sidelines. This brings us to the core of the user frustrations that we've been hearing about. It's not just about getting the latest features of Windows 11. For many, it feels like a forced march towards new hardware. These are machines that just months or years prior were considered perfectly adequate. To be suddenly told they were just incompatible with the newest operating system, not due to performance limitations in the traditional sense, but due to a specific hardware security feature feels unfair to many. The cost of replacing an entire PC, especially
            • 08:00 - 08:30 when the existing one is still functional, is not insignificant. For users on a budget, students, or those who simply don't see value in upgrading when their current machine already meets their needs, this requirement has been a major source of annoyance and some financial pressure. The feeling of being stuck on Windows 10 while it's still supported carries the underlying knowledge that eventually that support will end, potentially leaving these users in a less secure position down the line. And this situation naturally leads us to a critical question. Is the mandatory TPM 2.0 and modern CPU
            • 08:30 - 09:00 requirement truly solely about enhancing security for the end user? Or could there be other factors at play such as a desire to stimulate new hardware sales? It's a debate with valid points on both sides. On the one hand, the security benefits of a TPM are well documented, and we just went through them. In an increasingly interconnected and threat-filled digital world, bolstering security at the hardware level makes logical sense. However, the seeming abrupt exclusion of so many still capable machines does raise eyebrows. Could this be a way to encourage
            • 09:00 - 09:30 consumers and businesses to invest in new PCs, thereby benefiting both Microsoft and their extensive network of hardware manufacturing partners? It's a suspicion that many users have voiced, and it's a legitimate area of inquiry. The timing of this requirement, coupled with the fact that many of these older machines likely could run Windows 11 smoothly in terms of raw performance, fuels this line of thought. Now, for those of you who found yourselves with perfectly good machines blocked from the official Windows 11 upgrade, you might have explored some of the unofficial workarounds. These typically involve
            • 09:30 - 10:00 modifying the Windows 11 installation media with Rufus or similar to bypass the checks for TPM and CPU compatibility. While these methods can indeed allow you to install and run Windows 11 on unsupported hardware, it's absolutely crucial to understand the potential downsides and the risks involved. Microsoft has explicitly warned that devices installed in this matter may not receive updates, including critical security updates. Running an operating system without regular security patches is a significant risk. And as it leaves your system vulnerable to newly discovered
            • 10:00 - 10:30 exploits and malware. While the allure of running the latest OS on your existing hardware is strong, you need to carefully weigh that against the potential security implications of not receiving updates if it comes to that. It's a trade-off that each individual user has to consider. Furthermore, this situation has se environmental ramifications. By essentially rendering millions of PCs incompatible with the latest operating system, even if they're still perfectly functional for many tasks, we contribute to the growing mountain of electronic waste or e-waste. The production of new computer hardware has a considerable environmental
            • 10:30 - 11:00 footprint. From the mining of raw materials to the energy consumed manufacturing, discarding perfectly usable machines prematurely exacerbates this problem. These devices, instead of having their useful lifespans extended, might end up in landfills where their unused bits can leech out into the environment. The environmental cost of this forced obsolescence is a serious consideration that often gets overlooked in discussions about software upgrades. When we look at Microsoft's broader business objectives, it's also worth considering the potential ties to their hardware partners. The PC ecosystem is
            • 11:00 - 11:30 vast, and Microsoft collaborates closely with numerous hardware manufacturers. A push towards newer hardware driven by operating system requirements could indirectly benefit those partners through increased sales. Additionally, Microsoft's growing emphasis on subscriptionbased services like Microsoft 365 might also play a role. These services are generally designed to work best on modern supported operating systems. By encouraging users to upgrade to newer hardware capable of running Windows 11, Microsoft could be indirectly promoting the adoption of
            • 11:30 - 12:00 their subscription services. While these are just speculative ramblings, there are plausible factors to consider when analyzing the motivations behind such a significant hardware requirement. To put this in historical context, we can look back at previous instances where Microsoft has previously ended support for older operating systems. The discontinuation of support for Windows XP and then later Windows 7 are prime examples. In those cases, the primary rationale was usually the increasing difficulty and cost of maintaining security and ensuring compatibility with
            • 12:00 - 12:30 modern hardware and software on aging platforms. However, the Windows 11 situation feels somewhat different. Many of the PCs excluded by the TPM and CPU requirements are not necessarily old or underpowered. They simply lack a specific relatively recent security chip or a sufficiently new processor architecture. This feels less like a natural progression of technology, leaving older systems behind due to performance limitations and more like a specific trendy hardware gate being erected. Looking ahead, what does this mean for the next Windows, Windows 12 or
            • 12:30 - 13:00 whatever the next operating systems to be? Well, if the trend continues, it's quite conceivable that future versions of Windows could impose even stricter hardware demands, potentially leaving an even larger number of currently functional PCs unable to upgrade. This could lead to a cycle of more frequent hardware replacements being necessary simply to stay on the latest version of Windows, raising concerns about affordability, sustainability, and the overall user experience. Ultimately, the mandatory TPM 2.0 and modern CPU requirements for Windows 11 have opened up a significant discussion about the
            • 13:00 - 13:30 balance between enhanced security, the economic implications for users, the environmental impact of potentially forced hardware obsolescence, and the broader business strategies of a major software company. It's a complex issue with no easy and obvious answers, and it has directly affected a large portion of the PC user community. So, for this week, I really want to hear from you. Have you encountered the situation with your own hardware? Do you have a perfectly capable machine that was deemed ineligible for the official Windows 11 upgrade? Did you explore any of the unofficial workarounds, and if
            • 13:30 - 14:00 so, how did it go? Or are you content to remain on Windows 10 for the time being? Share your personal stories, your frustrations, and your perspectives in the comments below, cuz I do read them all. Your experiences and insights are also incredibly valuable to this conversation and helped drive our weekly podcast called Shop Talk on the Dave's Addict channel. I'll put a link to a recent episode in the video description, and I hope you'll check it out. Remember, I'm mostly in this for the subs and likes, so I'd be honored if you consider subscribing to the channel, and it'll help push us over that 1 million subscriber mark. If you assume that
            • 14:00 - 14:30 you're probably already subscribed to my channel, double check below, as you may not ever have been. Thanks for joining me out here in the shop today. In the meantime, and in between time, I hope to see you next time right here in Dave's