I will finally get a new PC after quite a few years, and am wondering about the title question. Not planning on using Win 11 any time soon, which I believe requires it. I will probably still use the same high seas win 10 for the foreseeable future.
I have heard quite a few people suggesting to check if TPM is enabled in the BIOS, and to disable it if it is because of privacy concerns.
Thoughts?
TPM afaik isn't much of an issue. Basically enables key generation and storage outside of the OS so they can't be messed with as easily. Has been around since decades, like in business notebooks. However, TPM is sometimes required for DRM or anti-cheat solutions.
That being said, if you are worried about privacy, the likes of IME (Intel Management Engine) are much worse. Some setups allow disable them, but it usually involves a lot of tinkering.
As for Win11, Rufus allows to make a Win11 installation stick with the TPM and online account requirements (for Win11 Home and Pro) disabled. I would still install Win11 with TPM however, since otherwise it can mess with the major updates windows gets every 12 months.
I would say the answer is maybe, or perhaps more accurately "it depends on how far down the rabbit hole you want to go."
Intel processors come with Intel Management Engine, AMD's with their Platform Security Processor, and even ARM has TrustZone. All are ostensibly for security or more dubiously DRM, but they're also all black boxes and they are deliberately made as difficult to disable by the user as possible. Intel's runs MINIX, a whole operating system with a networking stack. AMD's is more recent and not as well documented, but it seems to run its own OS as well.
Which is to say that even if you disable TPM, the far more concerning backdoor remains. From this perspective you're better off using an older PC that lacks these "features," or one where IME or PSP can be disabled (which would also be older).
This is part of the reason that the high-end-for-the-time AMD FX-9590 still sells for >$100 on eBay while you can get a much more powerful processor for a lot less.
For a gaming rig where having modern performance is important, the best option might be to just go with Windows 10 LTSC and disable the TPM.
AFAIK there’s nothing for AM5. Some AM4 motherboards have an option to disable PSP, but it’s basically on the honor code that it’s actually disabled. PSP is necessary for the CPU to even start due to the way it’s designed so it’s not like it can be completely disabled.
There are also some ways to get rid of parts of the PSP code on some older CPUs.
If you want both modern and free of this shit you’re looking at either expensive and underpowered POWER architecture machines or RISC V SBCs.
I probably would if you're going to be using saltwater software, just for ease of use and not having your computer decide you can't do something. It's really trivial to disable in any BIOS I've ever seen.
I mean there's some useful things in a TPM like a hardware RNG but I'm not sure what software ever actually uses that anyway. I don't believe there's any sort of hardware spying platform within TPM. Generally, the part everyone hates about TPM is it's use in DRM.
Recent versions of the Linux kernel can use it (or any hardware RNG) to seed the software random number generator, to speed up its initialization and improve the quality of random numbers early in the boot process.
Not sure if Windows does something similar.
I bet tons of stuff in Linux uses it then since I think most random stuff just uses the kernel RNG. That's one of my favorite things about Linux, everything works together so well. I guess until it doesn't and that's another story. But when it does it's so low maintenance.
From personal experience: when something doesn't I usually fucked it up. Retrace my steps and fixing it is always an option thankfully. Last time I messed up my drivers to get Starfield going(nvidia gpu currently has issues), I rolled back but that didn't jive well with my other packages(and thus no image outside of terminal prompt). Easy fix.
One benefit to disabling the TPM is that Windows will stop bugging you to update to Windows 11
A system with a TPM can't boot with it genuinely disabled (like if you remove the chip). Even if it's "disabled" in the BIOS it's still needed to boot and is always powered on.
Your only option is to buy systems built without a TPM. They do exist and are increasing in number, but I can't remember names atm.
I would, and if I knew how to crack the ime or psp, I would do that too. Anyone know high level cracking here? You'd need a quantum computer for that, right? Sheesh!
Since you have PC money, I'd go a step further and set up your own network. There's SBC's you can use to make a router, which will be your best friend. Go ethernet only.