[EpochTimesOctober092021]US Microsoft Corporation launched a new personal computer (PC) operating system Windows 11 this Tuesday (October 5). Microsoft said that Windows 11 will bring users a smoother experience.However, manyChinese usersHowever, the upgrade was not possible because their system did not support or did not activate a “TPM” chip that was banned from import by the Chinese government.
When Windows 11 was officially launched on October 5, a wave of upgrades around the world, manyChinese usersBut when downloading, I saw the sentence “This computer can’t run Windows 11” and the inability to experience Microsoft’s latest operating system made Chinese users complain.
“I want to update as soon as possible, but unfortunately the CPU doesn’t support it, and the TPM doesn’t support it, so I don’t have enough energy. I’ve blinded my sixth-generation god U for nothing.”
“Just because there is no TPM 2.0??? Microsoft is forcing me to change my computer. I can’t even experience Windows 11, and I’m tired.”
The key to the problem lies in a small chip TPM.
Microsoft:TPM chipCan improve system security
The full name of TPM is “Trusted Platform Module” (Trusted Platform Module), which is an international standard for secure cryptographic processors.TPM chipIt can be integrated on the motherboard of the computer or added separately to the central processing unit (CPU). The mainstreaming of TPM hardware standards has been the focus that Microsoft has been advancing for many years. Unlike other security protection software, TPM chip can provide users with hardware-level data protection.
However, on the grounds of national security, the Chinese government has promulgated regulations since 1999 to prohibit the import of mainstream foreign cryptographic technologies and promote domestically-made cryptographic technologies. This has affected the production and popularization of TPM chips in China. At present, many personal computers in China are not equipped with TPM chips.
The updated and enabled TPM is a powerful measure to prevent firmware attacks. In recent years, attacks on firmware have attracted the attention of Microsoft. Microsoft released a survey report in April this year that 83% of interviewed organizations had suffered at least one firmware attack in the past two years. Data published this year by the National Institute of Standards and Technology (NIST) also show that in the past four years, attacks on computer firmware have increased more than five times.
David Weston, Microsoft’s director of corporate and operating system security, said on the company’s security blog that the purpose of promoting TPM is to “protect sensitive data such as encryption keys and user credentials, so that malware and attackers cannot access it. Or tamper with these data.”
TPM encounters obstacles in China?The penetration rate is not high
A Microsoft spokesperson told VOA: “We are not aware of any resistance to TPM-equipped devices sold in China. Windows 11 personal computers and Surface devices from original equipment manufacturer (OEM) partners will Available for purchase by Chinese customers.”
The spokesperson also said in the statement: “Personal computers equipped with TPM 2.0 have existed in China for many years. Existing personal computers that meet the minimum system requirements can be upgraded to Windows 11 for free.”
However, TPM chips obviously have not reached the level of popularity in China that Microsoft hopes.
Liu Yuwei, deputy chief analyst on the EETimes China website, wrote in an article that the PCs currently sold in the Chinese market either do not carry TPM chips, or can only use locally produced and certified by the National Cryptography Bureau. Domestic chips. He said, for example, domestic Microsoft Surface book products and Lenovo models are equipped with TPM chips certified by the Chinese government.
China hopes to control the development, sales, and use of cryptographic products in China. China’s “Regulations on the Administration of Commercial Encryption” issued in 1999 stipulated that “no entity or individual may sell overseas cipher products”, “Any entity or individual can only use commercial cipher products approved by the national encryption management agency, and not use self-developed or self-developed or Cipher products produced overseas”.
Around 2005, China began to push its own TCM system (Trusted Cryptographic Module), which also allowed domestic TPM modules, but did not allow computers to load foreign-produced TPMs.
For some time, foreign brand computers equipped with TPM systems-such as HP and Dell-have had to cover up their marketing and promotion in China because of the legality of TPM. Although some computer models previously sold by Hewlett-Packard in China contain TPM chips, the factory mode selection allows this feature to be turned off by default.
A report in Hong Kong’s South China Morning Post this week mentioned that the U.S. International Trade Commission criticized China’s “alternative” approach to the implementation of the national standard TCM in a 2015 report. The report said: China’s motivation for developing TCM is to reduce patent royalties related to TCG (International Trusted Computing Group) technical standards, which will have a negative impact on interoperability and global integration of the supply chain. “
There are many TPM chip manufacturers, mainstream manufacturers include Infineon (Infineon), Broadcom (Broadcom), Atmel (Atmel), STMicroelectronics (STMicroelectronics) and so on. Nuvoton, a subsidiary of Taiwan’s Winbond Electronics, is also one of the main manufacturers. PC manufacturers that support TPM include Dell, Lenovo, Hewlett-Packard, Toshiba and Fujitsu.
China’s Lenovo launched the “Hengzhi” security chip that complies with the TPM 1.1/1.2 standard of the TCG organization in 2005, becoming the fifth at that time in addition to Atmel, National Semiconductor, Infineon, and STMicroelectronics. A manufacturer with independent intellectual property rights for TPM security chips.
In April 2005, China’s National Commercial Password Management Office stated that foreign companies cannot sell PCs with TPM security chips without authorization, but they can cooperate with domestic companies.
Users can still bypass TPM asking whether Microsoft will produce a castrated version of Win 11, attracting attention
There are reports that Microsoft may allow OEMs to launch “special edition” Windows 11 models without TPM chips for China.
After analyzing Microsoft’s Windows 11 hardware requirements file in June this year, American technology website Tom’s Hardware found that Microsoft allowed some computer OEMs that cooperated with it to ship some computers that do not load TPM chips. The website analyzed that this may be for Products tailored to markets such as China and Russia that ban Western encryption technology.
Spanish programming expert and tech industry observer and analyst Alex Barredo agrees with this analysis. He told VOA: “I think the most likely scenario is that Microsoft will allow original equipment manufacturers (OEMs) to pre-install Windows 11, even on machines made for the Chinese market without TPM. After all, China The market accounts for one-third of all computer sales (in the world).”
Barredo said that as China stepped up production of TPM-compatible or TPM-equivalent chips, Microsoft’s measures may be temporary.
The official answer to the Windows 11 installation problem on the Microsoft China website emphasizes that the user’s computer must meet the basic requirements for installing the Windows 11 operating system, especially the “Trusted Platform Module TPM Version 2.0” item. If the computer does not meet the relevant requirements, it may not be able to run the Windows 11 operating system smoothly. It is recommended that users consider purchasing a new computer.
After Microsoft announced the minimum hardware requirements for Windows 11 in June, there have been teaching methods on the Internet to bypass the TPM requirements and load the new operating system “privately”.
Earlier this week, Microsoft announced that it still recommends upgrading to Windows 11 on officially supported systems, but began to acquiesce in upgrading to computers that do not support the minimum system requirements, and published an “official guide”, that is, registration through adjustments. Table to bypass the CPU’s TPM check, which is consistent with the method circulated among netizens before.
The Microsoft website said that users are required to bear the potential risks of modifying the registry, saying that improper modifications may lead to system reinstallation.
Baredo said that it is possible to run Windows 11 without enabling TPM, and users are at increased risk of network attacks. “After all, this is the main reason why Microsoft requires this chip.”
From Voice of America
Editor in charge: Liu Ying#