Tag: TPM

The Failures of Board manufacturers and Windows 11

Paul

Motherboards Diversity / SML.20120917.164110.IP3

Motherboard BIOS

Don’t try to understand the system but rather see it as a broke system and try to fix it. When Windows 11 came out, you can bet everyone who was wanted the next version of Windows wanted it so they can test it out.  The real problem is Windows 11 made every one get into their BIOS and figure out what needed to be turned on.  Motherboard manufacturers each have their own way of creating the BIOS settings.   They like to call it something you might not know about or even want to try to understand.   Just like enabling TMP can be hard to find since Intel and AMD uses different wording such as PTT (Intel Platform Trusted Technology) for Intel and fTPM (Firmware Trusted Platform Module)  for AMD.  Even this can be frustrating for even the most seasoned IT guy.   There is so many Mother Manufacturers out there, from MSI to ASRock. according to Wikipedia there is at least 7 to 15 different manufacturers of Motherboards.   So each one will make the Bios Menu’s just a little bit different.  It can be quite hard to figure out where you might need to go to enable something or disable something in bios.

The Failure of all parts

It isn’t every time I see Microsoft releases a new OS that I wonder just how much the consumer will suffer from the new systems requirements.    Most of the time the requirements were not that big of a deal but with Windows 11, we now need to enable TPM and Secure boot for systems that may or may not have the requirements to run Windows 11.   This to me just seem an arbitrary requirement because we’ve seen people run Windows 11 on a system that doesn’t  have  a TPM.   Microsoft says this is for security but I can’t see this being for consumers.  I’ve talked about how Windows 11 will fail, and I still think this will happen eventually once people see If Windows is worth upgrading.

The PrintNightmare

With the recent Windows updates the last few weeks has caused more pain for Microsoft.   Since most people who are having problem probably have to buy new printers and those old printers are probably going to the waste side.   Even manufacturers aren’t going to update their drivers for old printers.  Microsoft likes the idea that people will need to buy new printers and maybe even new systems for that Windows 11 OS.   They make their money by people upgrading their systems and getting a new Windows 11 key or even a new system by Dell, or some other OEM.   Every computer technician is having to work harder for people who might want to install Windows 11.  Even then the process of install Windows 11 is not something that can be done very quickly depending on how big the HDD you are going to be converting.

What is to come?

Some people are not going to install Windows and maybe will wait to see what Microsoft does.  We’ve already seen a comparison from Windows 8 to Windows 10 and you know how well Windows 8 didn’t work out well.   Some are probably going to install another OS that won’t require people to have some stringent requirements like Microsoft.   Are you going to Install Windows 11 or are you waiting like I am because you don’t want to worry about all the security requirements to install Windows 11?   I’d like to hear your ideas about Windows 11 and or what your will do in 2025 if they still require all these things.

Is it worth upgrading to Windows 11?

Paul

Windows 11

Windows 11 is now Available

Microsoft releases Windows 11 last week and people all around have had their opinions from it’s good to not so much like I have said.   It just isn’t worth it right now to upgrade.   You have to worry about encryption of the HDD to having a TPM installed on your system.   All these requirements doesn’t mean it is any safer than before.   I know that Microsoft is preaching how this will help increase security in their OS.   I personally think it is just a lot of hot air, any security that they might think will help, will eventually have some hacker or virus get around.   It is a good idea for the short term but maybe no in the long term.    We’ve seen blogs talk about how it isn’t worth it and others where Microsoft talked about all these things that will come along but have yet not even seen anything on Windows 11.

Upgrade Woes

Even if you wanted to upgrade, you still have to go through a lot of system preparation for you to even upgrade to Windows 11.   You’ll need to enable TPM if you have it and also you will then need to make sure you have UEFI enabled.   This also makes you to turn your hard drive partition from MBR into a GPT to be able to use Windows 11.   This a lot of system just to use Windows 11.   I am hopeful that Microsoft will release a good tool to help you with this issue because I am sure most systems don’t even have GPT being used in Windows 10.   Microsoft has said in the past that you can avoid some of this if you install Windows 11 on a new system because you don’t have to encrypt your hard drive or use TPM.   So downloading Windows 11 might work for some of you but I am little hesitant due to Microsoft saying that may not support them in the future but I don’t see this being the issue because of the security risks involve.

Should you upgrade

This has been the question for most people around the world.   I’ve seen people wonder if they should upgrade.   I say probably not right now, due it being so new.   There are still problems and nothing is that compelling to install Windows 11 unless Microsoft brings on something so compelling that you will want Windows 11.   If they supported DDR5 and helped make the system faster, I am sure it would be something that might compel people to upgrade to Windows 11.   I am sticking with Windows 10 ]until I have to consider upgrading or installing a Linux Distro.   I am going to say just wait and see what happens in the near future.   Only you can really know for sure if you should upgrade.   Are you going to upgrade or are you going to wait?  Why Not leave a comment and tell me what your thoughts are about Windows 11.

Security News for this Month and How that affects you!

Paul

tpm chip on imac.png

Hackers get around TPM

According to Arstechnica, a hacker was able to get around TPM in under 30 minutes.  It seems impressive for someone to be able get around something that Microsoft thinks helps secure your operating system.  I’ve been doing some major research into how secure is the TPM and secure boot.

Getting around the TPM in this manner is akin to ignoring Fort Knox and focusing on the not-so-armored car coming out of it.  — Arstechnica

Fort Knox is way better than a TPM, it just means that people don’t realize the vulnerabilities of the the TPM.   It is still relatively new and people just haven’t had the chance to thoroughly test the trusted platform module.

BlackMatter is Reborn

With Revil and DarkSide getting shut down, we now see that BlackMatter could really be just a simple name change from Darkside.

And sure enough, a recent detailed forensic analysis of the cryptographic algorithms being employed by an apparent newcomer named “BlackMatter” suggests that BlackMatter is actually DarkSide 2.0. — Steve Gibson

It seems that they have left the affiliate model and now are looking for the IAB(initial Access Brokers) to be able to infect computers and networks that might bring them some great revenue from ransomware.  Ransomware is getting more and more common and I can guess that they will start to use something like this to infect companies computers.   I doubt they will infect targets that are going to be bring them to much attention.

Print Nightmare is a feature not a bug!

I keep saying this but the Print nightmare that is being talked about last month will probably never truly be fix because Microsoft created this issue in the early days so people could easily print to any system.   Microsoft has been trying to fix some of the issues but I doubt they will ever fix them all.  The idea that it is a zero day, is something that Microsoft didn’t expect but most researchers would have said it was probably possible for several years at the least.  I am sure this will be used with a number of other things such as the Boothole exploit.  Although this has already be patched by most Linux distro, there are some that just won’t update due to not being able to or wanting to.  So there are going always have people who will not see a need to update their systems.  .

The First 6 months

Most researchers have said this but in the past 6 months there has already been more attacks than last year.   Although most of malware and ransomware writers were all just like everyone else watching what is going on in the world and covid19.  They probably weren’t very busy last year and now they need to fix that by showing us how much more they can do.   I am sure it will even be better the next 6 months but I am also hopeful the Russians government will keep putting pressure on the virus writers to keep their acts clean and leave companies alone.  I doubt it but I can only hope.

What’s your thoughts on all that has happened this year?  Do you think it will slow down or get even faster?  Do you think we will see more computers getting compromised even with TPM and Secure boot enabled?  Let me hear your thoughts.

How to Convert your Windows 10 from MBR to GPT

Paul

Securing Windows 10

It’s complicated is what I’ve heard from people all around the world. The idea that We have to figure how to turn our Windows 10 into a secure boot, can seem difficult at best. Just like Unified Extensible Firmware Interface (UEFI) isn’t always labeled right in the bios and that can be hard to find.   It seems that all the motherboard manufacturers wanted to make it extremely difficult for anyone who might want to enable or disable UEFI to be able to do it.   Then add on to the fact that the Motherboard manufacturers also made it hard to figure out how to turn on TPM in the bios also.   Can seem quite maddening to most because each manufacturer didn’t just call it TPM or UEFI.   Some of them Call it PTT (The intel Platform Trusted Technology) or even the AMD which is called fTPM(Firmware Trusted Platform Module).   Although the AMD version is a whole lot easier to understand since it does say TPM.  Intel on the other hand can be hard to find or even know what PTT stands for unless you google it.

Checking your system

The first step you should always do is make sure you can do this in the first place.   If you haven’t read my other post about this, I’d go over there and check to make sure you can do this in the first place.   As of currently Microsoft has stated that the requirements are the same for the previous few weeks.   So I don’t know if they will change when the final release comes out but it could very well change.

Have backups

Before I talk about the upgrading or updating your boot system to allow you to boot into Windows 10 Secure boot.  I’ll make this statement, please consider backing up all your important files that you might want to keep to a USB Flash Drive or even portable HDD or a HD that you can unplug from the bios to keep your important files safe while the upgrading of Windows 10 is being done.    What you do after this is on yourself and no one else.

can you upgrade to secure boot?

If you have checked the previous post and turned on what you can besides secure boot, but you know you have it.  You’re pretty much set to upgrade Windows 10 from Master Boot Record (MBR) to GPT(GUID Partition Table).  The process for converting your Master Boot record is relatively simple but will require you to boot into a Windows 10 on a USB!  Once you have done that you will then want to get to the command prompt the easiest way is to hit Windows+S and type in cmd then right click run as administrator.  Now you’re at the command problem.  Now is where the fun starts.

Type in :  mbr2gpt.exe  /allowFullOS /convert

Let it do it’s conversion and once done you’ll need to reboot but before you try to log into Windows again, you’ll need to go into the bios and enable secure boot.   Depending on how much Windows 10 needs to go through a new startup process will depend on the way GPT was converted.  It may take a few minutes even on the fastest system for Windows 10 to fully boot or it could be just as quick as before.   Once Windows 10 is booted, I suggest verify all your files are there and that everything is working correctly.   You might need to update software but that shouldn’t be to much a problem.   After That if you are on the Windows Insider Program than go check for updates and Windows 11 should be able to install.  If it still says you can’t upgrade I’d go back and check Whynotwin11 and Find out if you haven’t enabled TPM or what version of the TPM it is.   Other than that you should be set to go.

Enjoy Windows 11 Preview builds.   

 

What is a TPM and why do you need to know you have one?

Paul
Photo by TheDigitalArtist on Pixabay

Trusted Platform Module

Everything about TPM screams security and ominous, some would call it.   I am sure everyone is thinking about this and wondering, why Microsoft is doing this.   We’ve heard them say it is  a requirement and thus far it seems to be a sure as gold that it will be a necessity to be able to upgrade to Windows 11.   So what is a TPM.  According to Wikipedia,

“[TPM] is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys

In other words, it basically is a hard encryptions and not a software encryption in your system.   If you have bitlocker without TPM, than your system has to decrypt and encrypt files on the fly and slow your system down.   If you had a TPM onboard it would be much faster and much safer because there would be no way a Man in the Middle attack could work, not saying it will never happen but I think it is far less likely.

Windows 11 Requirement

If you haven’t figure out if you have it on your motherboard.   There are several websites where they talk about how to find out if you already have a TPM on your Motherboard.  The real problem is if you haven’t no TPM and would like to be able to install Windows 11 on your computer.   There are several options you can do.   I’ll list them for you:

  • Install a Motherboard that has TPM
  • Check to see if you can Enable TPM on your current Motherboard
  • Install a TPM chip to be able to use Windows 11. Check out my Affiliate link if you need one!
  • Keep Windows 10 until the end of life which will be Year October 2025.

Scalpers a plenty

Scalping has seen an increase all over the net.   When Microsoft, released the information needed to upgrade to Windows 11.  It seemed to bring out the people who will charge even more than what you should be paying for it.   Obviously they did the same thing with Graphics Unit Processors in the past, they seemed to do the same thing with TPM Chips to install on Motherboards and other such systems.   I’m seeing more places that it cost more than you’d paid normally for a chip.   So that is  problem now with people wanting to get ready for Windows 11, there seems to be more people trying to make a buck out of this.  In the end, they will get out of trying to make a buck because the demand will drop and we won’t have to worry about this anymore.