It's no secret that PC owners have been sticking with Windows 10 and one reason for this has been the TPM 2.0 requirement, preventing older PCs from being compliant. However, there have been several ways to circumnavigate this—but in a recent beta version of Windows, Microsoft has shut the door firmly on one of the more popular methods.
The method in question was remarkably simple—just apply a /product server argument to the setup execute file to trick Windows 11 into thinking the PC was a server and thus bypass the TPM 2.0 requirement. But as X user Bob Pony found out (via Tom's Hardware), Microsoft has now blocked that method in an Insider build of Windows.
If you delve into the hardware requirements for Windows 11, you'll see that you really don't need much, just a basic dual-core CPU, 4 GB of RAM, and a GPU that has WDDM drivers. Oh, and the PC needs to have TPM 2.0 (Trusted Platform Module), but what exactly is that?
Basically, it's a tiny security chip on the motherboard and it's typically used to create cryptographic keys, which in turn are used to encrypt the contents of the PC's storage drives. If you've bought or built a new PC within the last eight or so years, then it'll almost certainly have a TPM chip, but the older the hardware, the less likely it'll be present or the right version.
That meant when Windows 11 appeared with its TPM 2.0 requirement, an enormous swathe of perfectly viable PCs were left without the chance to upgrade to the latest version of Windows. That hasn't been a problem because millions of people have just stayed on Windows 10 or found ways to bypass the requirement.
Microsoft has been steadily chipping away at those bypass methods, although it is a little surprising that it's taken so long for it to nix the incredibly simple 'product server' method. In previous blocks, Microsoft added a check for a modern CPU instruction during the Windows 11 installation process, so even if one could sneak past the TPM 2.0 check, if it was a really old CPU, then you were stuck.
As this new block is only in a Windows Insider program version of the operating system, if you're currently using Windows 11 on 'non-compliant' hardware then you'll still be fine. But it's probably only a matter of time before Microsoft rolls it out in a normal Windows update, at which point you could well find your system no longer functional—assuming you've used the product server method to bypass the check.
One thing that I'm not sure about at the moment is whether Rufus, the best Windows installation tool around, uses this method for its option to bypass Secure Boot and TPM 2.0.
Even if it does, I should imagine there will be some clever folks out there who know of a sure method to avoid the whole TPM issue, but I also reckon that over time, Microsoft will find a way to kill them off one by one. But given how slow it's been at doing all of this so far, I don't think one needs to be concerned just yet.
Image: Microsoft/ pcworld