It brings enormous security benefits to end users. TPMs drastically reduce entropy/complexity requirements for things like passwords/pins since the TPM can rate limit guess attempts. Doing that without a TPM is impossible since an attacker can always read the encrypted password off of the drive/directly from memory and then brute force it.

an who of an average user does need that? I'm not an average user but I never need that. I also know no one who can't wait to get it or even think about wanting it. I only read in blogs or HN that one would need it. I think "you need that because of security" is PR/propaganda from certain companies.

As someone with executive function and memory issues, being able to use short pins/passwords to access my secured hardware is incredibly useful.

I think that’s a wonderful use case for a TPM, but I don’t think it means all users should be forced to buy a TPM in order to get security patches past 2025.

(I realize this is a slightly different goalpost, but I’m not GP.)

What threat model do you have that has people breaking I using a short password?

HDD content can be encripted without storing the password anywhere, without a TPM. If the ecryption algorithm is decent, good luck waiting billions of years to bruteforce, even with the next gen hardware.

What secret do you use to encrypt the hard drive? That itself ends up being a password/key file that needs to get stored somewhere whether it is someone's brain or a more secure storage location. I guarantee you that whatever password average users pick will not take billions of years to brute force, more like an hour tops.

I don't think it should have been required for Windows 11, but TPMs are a useful tool for mitigating brute force attacks.

A dictionary/cracklib check, password length requirements and good password hashing go a long way to protecting users as well.

Measured boot and secure storage of keys. It's not all bad.

That's good to hear then! So will most computers having a TPM chip lead to easier integration of secure boot with i.e. linux distros as well?

As long as most computers ship in a manner where the owner can adjust the keys in TPM/SecureBoot - you could argue its a good thing.

Eg,like: https://ubuntu.com/blog/how-to-sign-things-for-secure-boot

I had to disable secure boot to get Nvidia's drivers to work. So I guess the end result might be more hardware trouble for distros, with a subsystem that tries to prevent usage of the computer when it is not happy.

You can also enroll your MOK (Machine-Owner-Key) to UEFI and then sign the nvidia driver with it.

That way, you can leave Secure Boot enabled. However, leaving the secret part of MOK on the machine and let the dkms or whatever updater of kernel modules to use it unattended kind of defeats the purpose.

Is the NVIDIA driver already signed? If it is, couldn't you create a certificate signed with the root key that says that the NVIDIA key is trusted?

No, last time I used it, it was object file and source for a shim. You had to build the shim for your specific kernel and link together with the supplied object file. The result is kernel module, that is unsigned because it is you who built it.

> security advantages for end users

I'd say about as much as Intel's Management Engine. /s

There's a practical benefit that it leads to seamless Bitlocker deployment without making users manage keys or do things that would lead them to prefer to not have Bitlocker.

That definitely counts for a lot. It's just a shame that they can't let that stand on its own with their current marketing.