Microsoft patches TPM 2.0 bypass to prevent Windows 11 installs on PCs with unsupported CPUs

News
By
published

Good times for slightly older CPUs are coming to an end.

Windows Wallpaper
(Image credit: Microsoft / Samsung)

Many users with officially unsupported PCs could successfully install Windows 11 using a 'trick' that circumvents its hardware requirement verification process with a '/product server' command line. It gave many older PC owners a new lease of life as they could migrate towards the latest operating system, as the older ones were no longer supported and were prompted to upgrade. However, Bob Pony quickly found that Microsoft had patched this trick in the latest Canary Build, prompting the need for the TPM (Trusted Platform Module) 2.0 protocol.

Pony confirmed that the current Windows 11 24H2 works fine with the bypass, though that may not be the case for long. Alas, the joy of using Windows 11 on officially unsupported PCs may end as Microsoft rolled out a patch in its Windows 11 Insider Build 27686 (Dilithium) that effectively blocks this trick. 

This command has been used for almost a year, enabling many users to upgrade from earlier Windows versions effortlessly. While there are other methods, some were patched- such as the PopCnt restriction implemented a few months ago. Until then, many could use Windows 11 on PCs using a wide range of older CPUs like the obsolete Athlon & Core2Duo. Though the PopCnt restriction was patched, the TPM and Secure Boot check could still be bypassed. This bypass is a simple command line that can be executed only during the OS installation process that permanently skips the hardware check, including the TPM and RAM verification.

(Image credit: Bob Pony via X)

It was helpful as many PCs could efficiently run Windows 11 but couldn't with requirements such as the TPM 2.0 protocol not being available in older systems. Even if one uses an add-on module, Windows 11 CPU compatibility begins from Intel 8th-gen and AMD Ryzen 2nd-gen CPUs. Installing a TPM chip wasn't possible on notebooks. For many users, these CPUs are far from obsolete. However, Microsoft has been quick to phase out older operating systems, and many prefer to move to the latest one.

Not surprisingly, Microsoft hasn't mentioned this patch and removed this bypass ability. Though this was found in the Canary Build, this will likely trickle down to future releases and be implemented for all systems once updated. This would force such users to switch to other operating systems, including Windows 11 LTSC Enterprise edition, whose CPU compatibility list starts from two-core CPUs with 1 GHz clock speed, with TPM 2.0 optional.

While there are other installation methods, it's simply a matter of time before Microsoft patches these bypasses. In this situation, users can switch to older Windows 10 with supported builds, shift to Linux, or make a hardware upgrade.

Roshan Ashraf Shaikh
Roshan Ashraf Shaikh
Contributing Writer

Roshan Ashraf Shaikh has been in the Indian PC hardware community since the early 2000s and has been building PCs, contributing to many Indian tech forums, & blogs. He operated Hardware BBQ for 11 years and wrote news for eTeknix & TweakTown before joining Tom's Hardware team. Besides tech, he is interested in fighting games, movies, anime, and mechanical watches.

32 Comments Comment from the forums
  • USAFRet
    From the article:
    "Windows 11 CPU compatibility begins from Intel 10th-gen"


    From MS:
    https://learn.microsoft.com/en-us/windows-hardware/design/minimum/supported/windows-11-supported-intel-processors"Intel® Core™ i3-8100"

    Fact checking....
    Reply
  • usertests
    The real trick is to install Linux.
    Reply
  • hotaru251
    and MS just made so much e-waste...

    they should remove the req as it is barely any safer than non tpm for home users :|
    Reply
  • thestryker
    Microsoft from day one has indicated TPM is a hard requirement (they allow depreciation to 1.2) so this isn't particularly surprising. They still have the bypass for CPU checks and TPM listed for ways to install Win11. At this point I'd be surprised if they took away the CPU bypass and TPM 1.2 minimum, but you never know.
    Reply
  • rluker5
    TPM =/= whitelist of CPUs.
    There are dTPM tiny cards out there and many motherboards come with an integrated dTPM.

    Sure there are some that don't have an integrated motherboard TPM and don't have a slot for a discrete one, but that isn't all of them.

    The Haswells that I use exclusively for either home office stuff or garage streaming are still fast enough and Windows isn't complaining that they are TPM 1.2 (unlike my Kaby Lake laptop that has an unupdated 2.0 chip) so I think they are still fine.

    But does this mean that Tom's will start testing their Ryzen chips with fTPM enabled?
    Reply
  • russell_john
    All that this will accomplish is having millions of unsupported Windows 10 computers on the Internet
    Reply
  • passivecool
    "It is funny that the EU got their panties in such a twist over the "e-waste" of Lightning cables..."
    weeeeeeeeeell it was more about the other types of usb and legion of other proprietary plug types, of which most were hardwired to the chargers. That was a pain. Now i can load the handyvac by usbc, which is cool. The legislation feels more like the ban on roaming fees for cell data than the decree on the necessary straightness of cucumbers. .... a many edged sword to be sure, much sensible, also much not.
    BUT OT as long as win 10 remains "the last version of windows" ie is not discontinued before 95% of the devices are out of service, I'm guessing the eu will keep the feet still.
    Reply
  • doughillman
    usertests said:
    The real trick is to install Linux.
    :rolleyes:
    Reply
  • palladin9479
    Friends do not let friends install Windows 11.
    Reply
  • USAFRet
    palladin9479 said:
    Friends do not let friends install Windows 11.
    I dunno...I have no issues with it on 2 of my systems. Incl this one I'm using now.
    Reply