I think describing TPM and Secure Boot as "artificial limitations" is unfair. Many Linux distros have no problem working with both of these and they serve a valuable purpose.
The problem is not that they exist or that Windows 11 supports them. It's that Microsoft pretends they are required, when they are not.
Yup, they can give you a secure boot chain that's otherwise hard to prove, and I've worked at places where (for example) disk encryption keys were protected by TPM encryption, using TrouSrS.
They can also often be used as a (slow) source of hardware randomness.
Most modern intel (seris 8 onwards) and AMD Zen onwards have fTPM too. Often these can be enabled in the bios during upgrade then disabled again.
Personally I upgraded to Win11 the moment it became available, but that's because I want to continue my run of free MS windows forever and I only ever boot into it to play games, with even that becoming less common.
I don't use Windows and actually find it kind of insane when I use someone else's computer to see what Windows is like...
But it's kind of MSFT's choice whether TPM and secure boot are requirements for their software. If their software makes security assumptions that the OS has access to trusted hardware then it's a requirement. One could argue that they should create secure and less secure versions of Windows, but I don't think anyone is really going to take that seriously beyond rhetoric.
There are a lot of advantages to assuming the hardware is mildly trustworthy. The downside is you may not want Microsoft to be controlling what counts as trusted on your machine. If so, then you probably don't want MSFT to have root in your machine either and you're better off with a different OS.
> There are a lot of advantages to assuming the hardware is mildly trustworthy. The downside is you may not want Microsoft to be controlling what counts as trusted on your machine.
In an IT security context, "trusted" (example: "trusted computing") means distrusting the users.
I'm no MS fanboy, but don't you think Content Platforms like Netflix or Steam might be applying DRM pressure to Microsoft? And perhaps IP owners also apply pressure to the Content Providers to lock down their platforms, which may include hardware that has access to protected IP
I'd say content platforms absolutely are applying pressure on MS (And Google, and Apple as well). I'd be willing to bet governments are as well, and I'd also be willing to bet that Google's upcoming sideloading/developer ID changes on Android are also from government pressure.
Valve/Steam is definitely not applying any pressure, they've always been against strong DRM. Even the steam deck lacks any hardware locks or fancy DRM.
They have good reasons to be required, though: Secure Boot reduces the ability of malware to infect the bootloader. TPM gives a strong foundation for things like Passkeys.
TPM also enables things that average users care less about like DRM, but Passkeys are a good idea and having them more-secure-by-default is good for the average user (even with accidental vendor lock-in implications).
The reason they are required is that, so far, every platform that has widespread TPM use is completely locked down. Microsoft would very much love for you to essentially rent your computer from them like you do with Apple and Google.
There are security boons, sure, but these are a side effects. They are not what TPM is for.
Microsoft isn't Apple or Google, so assuming their intent here is a bit of an "all your friends are jumping off the bridge so you must want to jump off the bridge" fallacy.
Stated primary intent by Microsoft for TPM is Passkeys (because Microsoft has key incentives to kill Passwords and reduce Phishing) and Netflix-class DRM (because people want to still be able to watch Netflix on their PCs).
Sure, Microsoft has also tried locked down "Store-only" versions of Windows (partly to appease Educators who moved to Chrome OS for that need/compliance requirement), but also has heard loud and clear that isn't the version of Windows that will drive sales from the market at every one of those attempts. At this point there should be no way that Microsoft still thinks they can lock down Windows as much as Apple and Google lock down their phones. If anything Android moving even more locked down seems to be a marketing opportunity for Windows to point out that they generally won't.
Microsoft isn't perfect, and isn't a monolith (I'm sure there are executives that wish Microsoft was in the position of Apple or Google right now), but the flip side, Microsoft is a company with products to sell and the market tells it doesn't want locked down Windows and for the most part Microsoft is incentivized still to not lock down Windows. Basic greed is an easier explanation for their past and future behavior than imagining some conspiracy where Apple, Google, and Microsoft are all in it together to kill the unlocked computer.
All companies are the same, I can safely predict their actions. Intent doesn't matter, money matters.
Microsoft has tried, and failed, before but there is a culture shift here. All platforms are becoming locked down and consumers are being accustomed to being treated like cattle. Some even prefer it, beg for it.
One day, the time will come, and Microsoft will have all the tools. Because you gave them the tools.
The problem is not that they exist or that Windows 11 supports them. It's that Microsoft pretends they are required, when they are not.