It brings enormous security benefits to end users. TPMs drastically reduce entropy/complexity requirements for things like passwords/pins since the TPM can rate limit guess attempts. Doing that without a TPM is impossible since an attacker can always read the encrypted password off of the drive/directly from memory and then brute force it.
an who of an average user does need that?
I'm not an average user but I never need that. I also know no one who can't wait to get it or even think about wanting it.
I only read in blogs or HN that one would need it.
I think "you need that because of security" is PR/propaganda from certain companies.
I think that’s a wonderful use case for a TPM, but I don’t think it means all users should be forced to buy a TPM in order to get security patches past 2025.
(I realize this is a slightly different goalpost, but I’m not GP.)
HDD content can be encripted without storing the password anywhere, without a TPM. If the ecryption algorithm is decent, good luck waiting billions of years to bruteforce, even with the next gen hardware.
What secret do you use to encrypt the hard drive? That itself ends up being a password/key file that needs to get stored somewhere whether it is someone's brain or a more secure storage location. I guarantee you that whatever password average users pick will not take billions of years to brute force, more like an hour tops.
I don't think it should have been required for Windows 11, but TPMs are a useful tool for mitigating brute force attacks.
