These articles cater to the privacy centric, super user type people, which is totally fine, but we should remember that we are not the average user. We represent... basically an insignificant percentage of the user base.
Windows is not actually having a problem getting people to upgrade to Windows 11. There is a small minority of people who see the issues and are loud about it, but I guarantee that 95% will update when their computer tells them they have to update (when it does the "next time you restart we are doing it for you" thing).
For that to happen they'd have to drop the TPM requirement.
Pretty sure my CPU (i5-8400) has it, but for some reason it doesn't show up. Probably disabled in the BIOS, although I've no idea why.
In any case I don't care until I have a good reason to upgrade. Direct Storage was threatening to be Win 11 only, but I've honestly never heard of any games requiring it yet. And the still fucked GPU prices mean I'm more likely to play those on my PS5 than upgrade my PC for it.
It both helps create "random" data for encryption and also stores some cryptographic keys (and undoubtedly some other stuff I'm forgetting). Their old one peobably didn't work because it's off or the older 1.1 version. Latest that Windows requires is 2.0.
If it breaks, your encrypted data is gone (if it was something like Bitlocker that will use the TPM, anyways). That's the same thing that happens any time the encryption key poofs, so it's not too special in that regard.
Can you get the data out of it? It would seem to be fairly pointless if you could (because then any malware you picked up could also do that), but at the same time how do you back your keys up? What if you move the drive to a new PC?
Am I missing something or is it just a case of "that's the neat part, you don't"?
It is a de-phase of strategy. You see, TPM was devised by Microsoft along with Intel at a time when Windows wanted to tie down users to subscriptions. The idea was that an onboard TPM would allow an encrypted BIOS (UEFI secureboot) and a wholly encrypted disk. The upside for MS was that one Windows license would be tied to the hardware. So, you couldn't use a key, however valid, with another piece of hardware. And if anything in your hardware changed, your cryptographic keys would change, then you would have to buy an entirely new Windows license (or migrate your old one to the new one, that was never established) because MS wanted to make W10 the last version and it was all going neatly into a subscription. So you wouldn't be able to move drives to new hardware.
But then Azure happened.
MS got a new CEO and a new strategic vision were an OS wasn't their main driver but B2B cloud sales. That engendered the concept of “W10 is practically free”. At the tail of the 8.0 and 8.1 debacle, MS wanted people out of those versions as soon as possible, so they gave free licenses to anyone who upgraded, even if they upgraded from a pirated copy. So now TPM is everywhere and W11 uses it for encryption, but the main motivation isn't there anymore. And nobody sees the point of secureboot except for very specific use cases with laptops. And TPM can encrypt the whole thing but, as you quickly devised, if anything happens to it, you lose all your data, so why would you unless you work for the government or something.
Essentially the tech is here, but the use case for which it was devised doesn't exist anymore. It's a piece of tech that only few enduser wants. But now it's mandatory for everyone.
TLDR: it's vicious DRM that MS wanted to impose on everyone, but kinda got lax about after backlash and change of strategy.
OK, that would explains why a lot of it seems to make little sense.
I can see the point of it for a laptop that a government employee might leave on a train, where the data should remain secret and have many backups. But the average home user just wants all those photos, videos and game saves to survive going from one PC to another, and we all know most of them never keep backups.
Can't wait for the next relative to bring me their dead laptop and find that they've enabled Bitlocker and all the rest when prompted, and now that "secure" data is now gone.
I have a tablet I only use for surfing the internet. That's it. I don't even use it for email. I never enabled Bitlocker, but it was either enabled by the factory or MS enabled it with an upgrade without asking. One day the machine asked me for a password that I didn't remember ever setting. I was unable to use that machine until a full wipe, because Bitlocker had locked ever bit of data on the harddrive without a password I remember even being asked to set let alone remembering.
I was annoyed because I had to format and reinstall, but I didn't lose anything. If that had been my main machine, though.... holy shit would I have been furious.
I think it uses something in the hardware itself. It does have a master key, but extracting it is something of a headache, it requires a sniffer or something. But if the hardware changes, then the keys change. It was a whole kerfuffle in tech circles when it was announced.
And a large chunk of this 95% would see that their hardware is not supported, sigh and stay on 10, gradually conditioning themselves to ignore the upgrade notifications.
Windows is not actually having a problem getting people to upgrade to Windows 11.
According to this article, they are. It took 2 years for Win10 to overtake Win7 and be more than 50% of the install base. After 2 years of Win11 being available, it only has 23% of the install base.
To be fair (somewhat) Win10 had the dumpster fire that was Win8 between it and Win7, so it had all the people upgrading from Win7 as well as everyone that had Win8. Not defending Win11 here, I'm never going to use it.