Qemu already supports TPM pass through and secure boot.
Backdoors only really became a pressing concern due to ubiquitous Internet access. When I first setup a Windows VM and install whatever application software and updates, its Internet access is through a public VPN only. And it contains no information to tie it back to me.
Before I put any sensitive information on it, I kill its Internet access and never reenable it. So there is no way to exfiltrate data that I care about. Any produced information leaves via a local Samba share.
Leaking fixed identifying information about my hardware, or forming a side channel to a new VM instance would violate this security. I doubt the TPM would store persistent personal application data, but I don't need to be the first one to find out.
Edit: autocorrect TPM
I have not found good docs on what TPM exactly does in Windows 11, but people I trust tell me to distrust it, so I do.
> Unlike VMware, which creates a virtual TPM, VirtualBox's new driver will require a host to have a TPM 2.0 processor for this feature to work.
That's the way it'll remain until the hardware fails. Of course, newer hardware runs Linux and replacements will also run Linux.
Microsoft Windows is now so out of kilter with users' actual realworld needs that I don't fully understand why people haven't migrated away from it droves.
But if you think long term, it makes sense for Microsoft:
They dream about having the same control as apple and Google have on their devices. The problem is that nothing prevent users to be the master of their machine and doing whatever they want with it. With the tpm module, they can start to restrict some things to you on your own computer, controlled by the tpm, and as an user you will have not way to do anything about it. Like copy your data to another computer.
This is a very critical milestone.
Password MDL2021
Simple to do, works fine for me. I built the original image using uudump.net
Im not the creator or author of either tool just a satisfied user.
In ways that are more immediate and more costly than anyone was anticipating, and can only get worse in future years.
Looks like the idea of intentionally but unnecessarity requiring only the latest hardware could be just what the hardware makers have been wanting, and they were the majority of the customers paying Microsoft for Windows licenses since the free user upgrades to W10 from W7, W8, & W8.1.
Because for years now most of the end users paying for a Windows license do it only when buying a new W10 computer.
And Windows 11 may not be intended as a free upgrade from W10.
But if W11 is only going to install on the newest hardware anyway, that's going to rule out retail purchases of Windows 11 upgrades for the majority of established users.
So they're really going to try to push as many sales of new PCs as possible
So far it looks like W11 could still end up being shunned no differently than W8, and only be used with disdain by those who have no other choice when purchasing a new PC.
And it may not be possible to get much adoption of W11 unless it is offered as a free upgrade from W10 after all.
In that case you can expect W12 to arrive shortly, not be a free upgrade, and for W11 to have an early EOL.
Hopefully some big corps will get annoyed and start twisting arms to make it optional. To upgrade computers can run to the millions.
Windows 10 can act as a FIDO2 authenticator like a Yubikey, but needs a TPM to do so. They want this to be something that actually happens for the average user in windows 11.
