• Welcome to Maher's Digital World.

Windows 11

Started by Shadow.97, June 17, 2021, 03:13 AM

Previous topic - Next topic

humbert

As most of you know by now, W11 is scheduled for launch on October 5, 2021. There's a great deal of talk about Windows 11 enforcing TPM 2.0 and Secure Boot. For now it can be disabled with a registry hack, although it's believed M$ might close that loophole.

Here's where I'm confused. Supposedly the whole idea of secure boot is to prevent you from booting anything other than Windows or some other "authorized" operating system. Suppose something nasty happens to my copy of W11 and it refuses to boot. Fortunately I have a backup file on another drive made with Macrium Reflect by using Sergei Strelec's Windows PE. How do I boot Sergei's ISO from a flashdrive in order to restore the backup if secure boot has me locked out?

Vasudev

Quote from: humbert on August 31, 2021, 04:21 AM
Quote from: Vasudev on August 30, 2021, 05:21 PM
It seems Skylake and 1st gen Ryzen are denied entries on based on some virtualisation features slowing it down.

Does that mean they won't run at full potential or what? The article basically says if it runs on W10 it'll run on W11. Now I read someplace that if it's an old CPU M$ won't provide security updates. So far the problem with W11 is you don't know what lie to believe. Be that as it may, it's still way too early to really give any of this serious consideration.

Do I remember correctly or did M$ say W10 would be the last major upgrade?
They won't support it officially and updates are disabled for unsupported hardware due to lack of security features besides TPMs. Some features are HVCI or something that can run apps under virtualization w/o taking a severe perf. hit. MSft just added Surface Studio 2 to compatible list since it has necessary hardware.

humbert

It seems the only thing to do is wait until October 5 -- not to install W11 but rather to see what M$ decided to do and to what extent hackers were able to disable these "features". In the mean time everything is nothing more than speculation. This is especially true when M$ keeps making changes and changes and changes.

Just like the rest of you, I intend to install 11 when all these questions are answered AND I can boot from flashdrive when Windows doesn't boot and requires a full restore. No matter how much I googled it, I can't find an answer to my question about booting from flashdrive when W11 refuses to boot.

Vasudev

Quote from: humbert on September 03, 2021, 04:51 AM
It seems the only thing to do is wait until October 5 -- not to install W11 but rather to see what M$ decided to do and to what extent hackers were able to disable these "features". In the mean time everything is nothing more than speculation. This is especially true when M$ keeps making changes and changes and changes.

Just like the rest of you, I intend to install 11 when all these questions are answered AND I can boot from flashdrive when Windows doesn't boot and requires a full restore. No matter how much I googled it, I can't find an answer to my question about booting from flashdrive when W11 refuses to boot.
That's really an odd issue with flash drive not booting with Win 11.

humbert

Quote from: Vasudev on September 04, 2021, 05:20 PM
That's really an odd issue with flash drive not booting with Win 11.

M$oft has been saying for quite a while that W11 will run only if TPM 2.0 and secure boot are enabled. So far this is easy to disable. I just googled it and found at least 3 ways. The question now becomes whether or not M$oft will close these loopholes by the time the official release is out. With M$ it's more important to listen to what they're NOT saying. They keep insisting about mandatory secure boot with no mention of closing loopholes -- at least not as of this writing.

Here's what I don't understand. As I see it the whole idea behind secure boot is to lock out OS's other than the one registered in the BIOS. The question now becomes: suppose your OS is damaged to a point where it won't boot and the only solution is to restore from an image backup file. This requires booting from a flashdrive. How do you do that when all other OS's are locked out? Could you go into the BIOS, disable secure boot, then re-enable it to boot your primary OS? If so then what kind of security is this when to boot another OS you can simply disable secure boot in the BIOS?

Is all this correct or am I wrong somewhere?

humbert

As you all know by now, everybody keeps talking about Windows 11's restrictions (secure boot, TPM, RAM, etc.). Take a look at this link and you'll see how all restrictions can be easily removed with the latest version of Rufus.

Ever since they opened for business in 1981, Micro$oft's strategy has been to impose restrictions but always leave the door slightly open so we computer geeks can go in and eliminate them. This insures that Windows remains on as many computers as possible while at the same time collecting more money from those who don't know better. It is precisely this sort of thing that has kept them at the very top. Why change it? One thing is for sure: I refuse to believe Micro$oft doesn't know what Rufus has done. They sit back and pretend they don't.

Incidentally, can you burn the original ISO to a flashdrive to remove the restrictions then create a bootable ISO of the flashdrive with PowerISO or some other program?

Vasudev

Quote from: humbert on October 13, 2021, 06:08 AM
As you all know by now, everybody keeps talking about Windows 11's restrictions (secure boot, TPM, RAM, etc.). Take a look at this link and you'll see how all restrictions can be easily removed with the latest version of Rufus.

Ever since they opened for business in 1981, Micro$oft's strategy has been to impose restrictions but always leave the door slightly open so we computer geeks can go in and eliminate them. This insures that Windows remains on as many computers as possible while at the same time collecting more money from those who don't know better. It is precisely this sort of thing that has kept them at the very top. Why change it? One thing is for sure: I refuse to believe Micro$oft doesn't know what Rufus has done. They sit back and pretend they don't.

Incidentally, can you burn the original ISO to a flashdrive to remove the restrictions then create a bootable ISO of the flashdrive with PowerISO or some other program?
They will allow W11 to gain huge market share over W10 and then stop the patch from working, at that time people already got used to W11 features that they will buy a new device or supported older device until W12 comes out in another 5 yrs.

humbert

Quote from: Vasudev on October 13, 2021, 06:51 PM
They will allow W11 to gain huge market share over W10 and then stop the patch from working, at that time people already got used to W11 features that they will buy a new device or supported older device until W12 comes out in another 5 yrs.

You're correct. In all probability that's what they're going to do.

I've asked this many times. I've googled it and have yet to find a satisfactory answer. Suppose you're running W11 with secure boot enabled and your system won't boot? You DO have a backup, but to restore it you have to boot from flashdrive. Is your flashdrive locked out? Could you simply disable secure boot and re-enable it when you're done? What if all you want to do is look at a distro of linux as a live CD?

I'm not too clear on TPM either. I looked at my motherboard's manual. All it tells you is the menu item where you can set the TPM module. Is this just switching it off or on, or is there more to it?


Vasudev

Quote from: humbert on October 14, 2021, 06:08 AM
Quote from: Vasudev on October 13, 2021, 06:51 PM
They will allow W11 to gain huge market share over W10 and then stop the patch from working, at that time people already got used to W11 features that they will buy a new device or supported older device until W12 comes out in another 5 yrs.

You're correct. In all probability that's what they're going to do.

I've asked this many times. I've googled it and have yet to find a satisfactory answer. Suppose you're running W11 with secure boot enabled and your system won't boot? You DO have a backup, but to restore it you have to boot from flashdrive. Is your flashdrive locked out? Could you simply disable secure boot and re-enable it when you're done? What if all you want to do is look at a distro of linux as a live CD?

I'm not too clear on TPM either. I looked at my motherboard's manual. All it tells you is the menu item where you can set the TPM module. Is this just switching it off or on, or is there more to it?
What W11 wants TPM is to enable Disk Encryption, handle password generation/random numbers using discrete TPM used in Business class desktops/laptops. I do have TPM, Secure boot but CPU is 6700 which is unsupported

humbert

Quote from: Vasudev on October 18, 2021, 05:10 PM
What W11 wants TPM is to enable Disk Encryption, handle password generation/random numbers using discrete TPM used in Business class desktops/laptops. I do have TPM, Secure boot but CPU is 6700 which is unsupported.

In your case it's just the CPU. TPM and secure boot have been out for quite a while now.

I'm not too clear about the part regarding password generation. Does this mean every password we use must be generated by the TPM in the motherboard? If in order the enter the BIOS (or UEFI), will we now be forced to use a password to get in, and, will TPM generate it?

Sadly we still don't have an answer to my primary question. Say you have secure boot enabled but your OS won't boot and you must boot from Sergei Strelec's ISO to restore a Macrium Reflect image. If we are prevented from doing that, then how do we rescue our system?