Jump to content
PeterPanettone

Delphi compatibility with Windows 11?

Recommended Posts

9 minutes ago, Der schöne Günther said:

Stupid question: Is it running inside a VM or directly on real hardware? When I installed it inside a Hyper-V machine, it lacked 3D acceleration and a lot of effects (transparency, animations, rounded corners) were missing.

It is a VM running on ESXi, with tools installed. Transparency is visible even through RDP. In general, windows do not have rounded corners, just some special ones (like the Start thingie, dialogs in Settings, etc.)

Share this post


Link to post
3 hours ago, Bill Meyer said:

Many motherboards, such as the Ryzen mobo I am using, have a header for an installable TPM 2.0 module. And as it's only about 18 months old, I would not characterize it as a dinosaur.

 

The note about dinosaurs was from linked https://blogs.embarcadero.com/windows-11-a-beautiful-meteor-will-wipe-out-the-dinosaurs/

I hope there will be an easy way to install W11 without TPM (because my PC is dinosaur 🙂 ).

Share this post


Link to post
6 hours ago, aehimself said:

Seems it works 🙂

Funny thing is that I'm sure that the N45L CPU is not supported (plus there's no TPM in ESXi VMs) but the insider preview installed without complaints.

See update-on-windows-11-minimum-system-requirements

 

Quote

Today, we’re releasing the first preview build of Windows 11 to the Windows Insider community. In support of the Windows 11 system requirements, we’ve set the bar for previewing in our Windows Insider Program to match the minimum system requirements for Windows 11, with the exception for TPM 2.0 and CPU family/model.

My added emphasis.

Share this post


Link to post

I wonder, will the peripheral market pick up on the TPM need?

Is it technically feasible to deliver TPM over USB, PCIe, or even PCI?

Share this post


Link to post
Guest
37 minutes ago, Lars Fosdal said:

Is it technically feasible to deliver TPM over USB, PCIe, or even PCI?

No, in any other interface than its own, it will lose the trusted word.

 

The reason is simple USB, PCIe and PCI you mentioned (can) have intermediary software because the CPU can't interact with it directly.

 

In my opinion the fuss about TPM is marketing stunt, just like Tesla CyberTruck broken window in live show, you got the world see it and hear about it, same here, is hosting industry and it is big, ready to throw their hardware, this will not happen, not for years at least means Server Editions will have the option to work without TPM, means the same will happen to all Windows versions like OEM.

 

Anyway, if you into reading more of what TPM might bring as side effect then there is many resources and articles, like these

https://www.schneier.com/blog/archives/2009/12/defeating_micro.html

https://www.windowscentral.com/german-government-calls-security-within-windows-8-unacceptable-continues-switching-their-machines

 

TPM is complicate subject to discuss in details, but lets simplify the whole thing, is there any 100% guarantee that it will not need to be disabled in the future, or 100% it is not vulnerable, or backdoored !?

No way to tell, then no way to make the whole market wait on its failure to crash into big mess, and one thing to keep in mind, by design TPM should not be programmable means no updates or patch of any sort, faulty means faulty for ever.

Share this post


Link to post
Guest
25 minutes ago, Lars Fosdal said:

VMs can have virtual TPMs.

That is exactly my point if Virtual TPM is acceptable then Software TPM is acceptable, and this will bring what on earth are they talking about when demanding hardware TPM as only way to install an OS ?

Share this post


Link to post
Guest

It is not software for their access, but you are missing the point which is establishing a chain of trust that start on unmanipulable hardware level and build on it, and yes most of these operation will be a problem even with software intermediaries as the keys will be stored in the hardware on the TPM on the host, but when the keys being generated first time, i means the root keys, the most important core of such chain of trust is not secure with any software or virtualized TPM.

 

For Windows as host and TPM the keys will be generated when first installed and this process will be protected with the UEFI boot, but how to do it for virtualized system, compromised host on software level can break the guest once and for ever and manipulate it, and this is not new thing, here TPM is rendered less protective for virtualizing, and this again will leads us to ... is is OK have less protected virtual platform while this platforms have much more impact than single PC, virtual platform are the core of all cloud system out there.

I really don't see Microsoft pushing more than making hype and marketing fuss, but they can't enforce it as most hosting company will simply drop upgrading to any newer Windows and switch to others, the cost will be great for both parties, Microsoft miss on millions of license, and the hosting companies will have huge cost for hardware upgrade, current hardware upgrade is almost all CPUs, motherboards, RAMs, ...

Share this post


Link to post

TPM sucks. Requirement of TPM sucks twice! AFAIU it could be used for DRM stuff so the soft, games and media you bought would be tied to the chip. Once it breaks, you lose all you've paid for. Moreover, it provides a unique identifier of a PC which destroys privacy.

  • Like 1

Share this post


Link to post

What makes sense to me is to let hardware deal with hardware attack. Blocking hardware attack with software will almost always slow thing down a lot.

But, once you get non-updatable hardware attacked the last solution would be to add new non-updatable hardware to avoid that attack. Now you have two problems.
Windows 11 would be a lot of fun to hack. Can MS deliver Windows 11 all over the world before TPM v2.0 is completelly hacked? And then what? Tell everybody to get a new hardware with v2.1?.
IMHO TPM should be optional, if you require more safety, you can buy a secure mobo with an updatable TPM support module. This update should be done offline with a special software.

 

Share this post


Link to post

Parallels support says that the virtual TPM for a Parallels VM is bound to the Mac hardware. For this reason, a Parallels VM with activated virtual TPM cannot be copied and run on another Mac.

Share this post


Link to post

aka.ms is about a decade old, I think 🙂

That is an interesting conundrum with the Parallels VM and the TPM.  The whole point of a VM is that is is portable.  

Share this post


Link to post
Guest
3 minutes ago, Lars Fosdal said:

The whole point of a VM is that is is portable.  

Exactly my point, there is also a bigger problem, VM should allow combining two or more hardware into one virtual machine, now you see the bigger problem, which TPM to use !, once you selected one TPM in one hardware you killed the redundancy of losing one hardware and keep the rest working.

 

There is another one if the guest will be anchored to the host TPM, which is doable by only one or more software layers, or by allowing the guest to reach the host TPM, if you allowed the guest to interact with host TPM this will be huge security risk and wrong on so many levels, because you are risking the host and all of its guests, and if you are doing is by software this means it is virtualized TPM that is anchored to TPM, and no matter how protected that software is, it is virtualized and can be overridden, and here another problem if lets say Microsoft used proprietary software to do this then they can't disclose it, this will render Windows unusable with the open source versions of any VM technology like VirtualBox and QEmu, and if it is not closed and allowed to be virtualized then your literally had put one all your eggs in one basket, and here the risk from bad actor point of view, he need to catch that moment of installation, the result is the system in question is compromised for all its life (the future), and it is unfixable.

Share this post


Link to post
2 hours ago, Kas Ob. said:

Exactly my point

My guess: M$ either looses TPM requirements or loses significant piece of virtualized systems market. Anyway W11 is not so much killer-featured to run and buy it. Some will reject upgrading, some will switch to Linux.

  • Like 1

Share this post


Link to post
46 minutes ago, Fr0sT.Brutal said:

My guess: M$ either looses TPM requirements or loses significant piece of virtualized systems market. Anyway W11 is not so much killer-featured to run and buy it. Some will reject upgrading, some will switch to Linux.

Both AWS and Windows Server Hyper-V VMs can have virtualized TPMs. I would expect VMWare and others to go the same way.

I am curious towards what you would need to do to move a VM from one workstation to another if it relies on a physical TPM. 
Perhaps an export/import thing?

BTW: Currently, Generation 8 of Intel is the CPU cutoff point. For anything older than that, Windows 10 21H2 will be available and patched until 2025.
https://www.theverge.com/2021/6/25/22550376/microsoft-windows-11-tpm-chips-requirement-security

 

Share this post


Link to post
1 hour ago, Lars Fosdal said:

Both AWS and Windows Server Hyper-V VMs can have virtualized TPMs. I would expect VMWare and others to go the same way.

I am curious towards what you would need to do to move a VM from one workstation to another if it relies on a physical TPM. 
Perhaps an export/import thing?

That's good but doesn't software implementation makes whole idea of TPM useless?

Share this post


Link to post
1 minute ago, Fr0sT.Brutal said:

That's good but doesn't software implementation makes whole idea of TPM useless?

Well, every other piece of hardware is virtual in a VM, so why not the TPM?
 

Share this post


Link to post
1 hour ago, Lars Fosdal said:

Well, every other piece of hardware is virtual in a VM, so why not the TPM?
 

Because as far as I understand TPM is a kind like a separate hardware 2FA for the PC, which is maybe good for the people who needs this level of safety (officials, companies, etc.).

I don't like or need it either, but to have TPM virtualized makes not much sense also IMHO.

To serve its intended purpose it should prevent copying machines, so that means also prevent against copying VM.

 

VM vendors of the world unite, and find a hacky workaround for this TPM stuff 👊

 

Maybe best of all TPM would have a switch, to let the user device ( which is always best ).

Share this post


Link to post
3 minutes ago, Rollo62 said:

Because as far as I understand TPM is a kind like a separate hardware 2FA for the PC, which is maybe good for the people who needs this level of safety (officials, companies, etc.). 

Except in case of most newer PC's, that do not have separate TPM chip and instead implement TPM in firmware.  And where firmware update may reset TPM.

Share this post


Link to post
40 minutes ago, Rollo62 said:

VM vendors of the world unite, and find a hacky workaround for this TPM stuff 👊

AWS and Azure already have virtual TPMs for VMs.

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×