Web Analytics

Technically Impossible

Lets look at the weak link in your statement. Anything "Technically Impossible" basically means we haven't figured out how yet.

TPM 2.0 and UEFI for introducing Windows Sun Valley (Windows 11)

Abstract

Install image of the operation system called "Windows 11" was leaked and its installation reports*1 have been posted since June 16.

Aside from their authenticity, it looks credible information because "Windows 11" requires technical elements below as its minimum requirements.

Because Microsoft posted consideration of security before, and these elements are its key factors. Microsoft seems to force users to have TPM 2.0 on their PCs with "Windows 11".
How to Check Windows 10 Computer System Specs & Requirements - Microsoft
Security considerations for Original Equipment Manufacturers (OEMs) | Microsoft Docs

Although the blog article to introduce its avoidance with replacement of ”appraiserres.dll”*2, any official information is not disclosed, and this specification may be modified at the official release., they are now listed as the part of requirements.
www.microsoft.com
At this moment, preparation for 2 factors above would be beneficial. Actually, there is the other way instead of strong arm solution as DLL file replacement. TPM 2.0 can be installed separately later, and MBR installed on BIOS mode can be convert to GPT.

TPM 2.0

TPM is a chip providing following functions.

  • Generate encryption key
  • Generate and verify digital signature

Difference between TPM 1.2 and 2.0 is encryption and function supported. TPM 2.0 is usually provided as following form.

Discrete TPM Modularized TPM
Ex. attaching motherboard
Integrated TPM TPM provided with chipset
Intel ME (Management Engine)
fTPM (firmware TPM) TPM integrated with firmware of CPU or motherboard
Intel PTT (Platform Trust Technology)
AMD fTPM (firmware TPM)
Hypervisor TPM Virtualized TPM
Used in hyper visor
Software TPM Emulation of TPM

"Windows 11" seems to requires TPM 2.0 and its installation demands one of them supporting TPM 2.0.

TPM is international standard, ISO/IEC 11889*3, not a name of product or function. Example, Intel calls it PTT, not TPM. And Intel implements TPM 2.0 on their CPU from the 4th generation Core aka Haswell. In other words, Intel CPU newer than Haswell supports TPM 2.0.

If motherboard has TPM capability, it should be enabled on UEFI. But its version should be clarified whether it is TPM 1.2 or 2.0.

If both CPU and motherboards doesn't support TPM 2.0, motherboard may equip a header for discrete TPM as the next figure. Check a manual whether a motherboard has a header or not.
f:id:espio999:20210619225801p:plain
In this case, discrete TPM supporting TPM 2.0 can be attached, and enable it from UEFI screen. Discrete TPM is a PC parts marketed as this.



www.amazon.co.jp

One thing be aware is a relationship between hardware and OS license. In spite of Intel CPU equips PTT, hardware vendor intentionally set Discrete TPP on UEFI confuguration. This is due to this relationship.
To keep this relationship, such vendor, example Dell provided firmware to upgrade its TPM from 1.2 to 2.0.

In case of DIY PC with OEM license, this relationsihp depends, license is tied with certain parts as mothreboard, CPU, storage unit, etc.
web.archive.org
www.dell.com

UEFI

Probably, PC without UEFI would be minority these days. However, even though PC is equipped UEFI, it is booted in BIOS (Legacy) mode. Due to different partitioning between BIOS mode and UEFI mode, OS installed on BIOS mode doesn't boot on UEFI mode.
Following PCs have possibility that UEFI is equipped but booted in BIOS mode.

To switch to UEFI mode, generally said that Windows 10 should be clean installed in UEFI mode in such case. But clean installation is not always required. If conditions are met, MBR2GPT can convert MBR (Master Boot Record) to GPT (GUID Partition Table).

Although MBR2GPT assumes pre-installed Windows PC, but it can run with option "/allowFullOS".

The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS) by using the /allowFullOS option.

By default, MBR2GPT.exe is blocked unless it is run from Windows PE. This option overrides this block and enables disk conversion while running in the full Windows environment.

docs.microsoft.com
www.intel.com
www.intel.com