this post was submitted on 29 Oct 2025
380 points (94.6% liked)
Peertube
1357 readers
25 users here now
For Peertube videos, channels, and general discussion. Feel free to share your videos!
Search for videos!
Other communities:
Find your platform!
founded 9 months ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
TPM's entire point is basically to prevent you from using anything but windows on the computer. They want to make it so that you can't change to e.g. linux or anything else, because they know they're going to be bringing in unpopular changes that people want to swap from.
In it's most basic form, it locks you out of modifying your computer how you want it to be, in favor of how microsoft or your OEM wants it to be.
They talk a lot about how it prevents attackers from changing deep, mystical boot level things so it sounds scary, but honestly I can't even think of that last time that was a legitimate attack someone actually did, and frankly encryption at rest already solved that issue a long time ago.
At the end of the day, it's a way to force you to buy a new computer, raising profits, buy a new version of windows, raising profits, and locking you into the ecosystem with your very system and data itself held hostage- again, for profits. Since you're a captive audience, they can also start doing things for profits- like mining all your data to sell.
Interesting, thanks! How does TPM stop you from installing Linux? I haven't had any issues with it.
So basically, TPM is a secure bit of hardware on the mobo, that allow it to do data encryption, software signing, integrity checks, etc. All that is fine, good even, and Linux fully supports TPM modules, because there's a lot of good you can do with it, especially the fact that's in a hardware encrypted key store. Those 'secure enclaves' are HUGE for security.
The problem is how windows controls it. Basically, TPM 2.0 can store a bunch of hash values of various parts of your system- bios, bootloader, kernel, etc. It can use this to ensure nothing has been tampered with. it can also enable 'secure boot' which is basically to ensure only signed, confirmed software is loaded as the bootloader. Finally, disk encryption can be run through TPM 2.0.
Again, none of these things are bad... if YOU control the TPM module. But on Windows, you don't, windows or your OEM does. You don't get to boot your system without their permission. You don't get to unlock your hard drive without their permission. You don't get to change OSs without their permission. And finally, you don't even get to change hardware without their permission!
You can see how it's a problem when your OEM or windows itself controls that kind of thing regarding your PC. For right now, these problems mainly seem to occur in enterprise or OEM pcs, not prebuilts or custom-builts... but Windows gets greedier by the day, and frankly so do OEMs.
The goal is to turn away from decades of computer innovation and lock down and control your computer worse than your phone is now. You can already see the effects- Windows has started calling installing your own software 'sideloading,' for example, and making scary noises about how installing anything from outside the windows store inherently dangerous.
tl;dr: Companies hate the idea of you actually owning your pc, and TPM 2.0 is just another thing they're using for stripping that control away from you, bit by bit, in the name of 'security.'
Damn... Can Windows really stop my BIOS from booting on a self built PC with TPM? How would my BIOS even know to not boot before Windows has started?
If windows takes over the TPM module? Yes, because they change the stuff the bios references to boot.
That said, if you self-built, you can probably keep it from taking over the TPM module (I think.)