I will finally get a new PC after quite a few years, and am wondering about the title question. Not planning on using Win 11 any time soon, which I believe requires it. I will probably still use the same high seas win 10 for the foreseeable future.
I have heard quite a few people suggesting to check if TPM is enabled in the BIOS, and to disable it if it is because of privacy concerns.
Thoughts?
I would say the answer is maybe, or perhaps more accurately "it depends on how far down the rabbit hole you want to go."
Intel processors come with Intel Management Engine, AMD's with their Platform Security Processor, and even ARM has TrustZone. All are ostensibly for security or more dubiously DRM, but they're also all black boxes and they are deliberately made as difficult to disable by the user as possible. Intel's runs MINIX, a whole operating system with a networking stack. AMD's is more recent and not as well documented, but it seems to run its own OS as well.
Which is to say that even if you disable TPM, the far more concerning backdoor remains. From this perspective you're better off using an older PC that lacks these "features," or one where IME or PSP can be disabled (which would also be older).
This is part of the reason that the high-end-for-the-time AMD FX-9590 still sells for >$100 on eBay while you can get a much more powerful processor for a lot less.
For a gaming rig where having modern performance is important, the best option might be to just go with Windows 10 LTSC and disable the TPM.
AFAIK there’s nothing for AM5. Some AM4 motherboards have an option to disable PSP, but it’s basically on the honor code that it’s actually disabled. PSP is necessary for the CPU to even start due to the way it’s designed so it’s not like it can be completely disabled.
There are also some ways to get rid of parts of the PSP code on some older CPUs.
If you want both modern and free of this shit you’re looking at either expensive and underpowered POWER architecture machines or RISC V SBCs.