Blue Iris OS Options

spuls said:

It currently looks as if the “strict” requirement for TPM 2.0 will be dropped. This would make many older devices an option again. Otherwise, you can book the ESU package for Windows 10 from the Pro version onwards. Then you can at least get security updates for ~$120 per year.

Another option would be virtualization, but then your host should be a bit more powerful.

Click to expand...

From Grok 3: (By the way, if you haven't tried Grok 3, you should give it a go - it's incredible - you can get to it via X on the left-hand menu halfway down or )

Microsoft has not officially dropped the TPM 2.0 requirement for Windows 11. As of the latest updates in December 2024, Microsoft continues to emphasize TPM 2.0 as a "non-negotiable" standard for Windows 11, particularly for security reasons, with senior product manager Steven Hosking reinforcing its necessity for features like Secure Boot and Windows Hello for Business.

There were reports in December 2024 suggesting Microsoft had loosened the TPM 2.0 requirement, allowing Windows 11 installation on systems without it. However, these claims were clarified as misleading. Microsoft updated its support page to warn against installing Windows 11 on unsupported hardware, stating that such systems may not receive updates, including security patches, and could face compatibility issues. The page does not indicate a removal of the TPM 2.0 requirement but rather highlights the risks of bypassing it.

Microsoft has also removed a previously published workaround for bypassing TPM 2.0 checks, indicating a stricter stance against unsupported installations. Despite this, unofficial workarounds like using tools such as Rufus or FlyBy11 still exist, though they come with risks like potential update blocks or system instability.

Recent posts on X reflect ongoing frustration with the TPM 2.0 requirement, with some users noting difficulties upgrading older systems and others confirming workarounds still function. However, these posts are anecdotal and not definitive evidence of policy changes.

In summary, TPM 2.0 remains a core requirement for official Windows 11 support, and Microsoft is doubling down on this for security purposes, especially with Windows 10 support ending in October 2025. Users with incompatible hardware can still force installations using workarounds, but Microsoft strongly discourages this, and such systems may not be fully supported.


All of that said, as @Flintstone61 posted, it's not that expensive (after all) to find a replacement machine with a TPM 2.0 module. It just the pain of transferring to it, etc. just to accommodate a questionable OS requirement.

At least MS is offering extended support for $30/year per machine. Or just do nothing like some have mentioned. Probably better not getting MS updates anyway like was mentioned.

Still, BI running on Linux would be a nice option, but may not be feasible.

Great discussion though, and extremely helpful. Thanks to everyone that chimed in.

Gimmons said:

Sorry to chime in kind of late, but I've been running W11 on older, non-tpm machines without a microsoft account for six months or so without problem. I used Rufus (Rufus - Create bootable USB drives the easy way) to download the correct ISO and create a bootable usb stick, and told the Windows installer I didn't have an internet connection.

I recently tried to use it to install W11 on an hp elitedesk g4, and it refused to download the ISO. I just pulled the operating system ssd, put it in a different computer, installed W11 on it, and moved it back to the first computer.

Microsoft's weirdness about this is difficult to not to read as sinister. W11 clearly works just fine on older machines.

Click to expand...

Fascinating - are you getting updates, etc. as would be expected and do you notice anything that isn't working in W11? Any ill-effects from not having TPM 2.0?

btw, I agree 100% about MS's requirement for TPM 2.0 - it's as if they're intentionally trying to lose customers. Seems like it would be straightforward to provide a legitimate upgrade path for non-TPM 2.0 machines with enough horsepower. They could have made some kind of statement like the customer doesn't have these additional security features without TPM 2.0, or something like that. Instead, it's toss out your old 64Gb I7 and go buy a new one so you can run W11.

I may give your solution a go anyway, but frankly I'm leaning towards keeping W10. Not sure if I'll even bother to purchase the ESP for $30 either.

If it weren't for a couple of applications I need on Windows, I'd move to Linux mint or some other flavor. I have used Red Hat, Ubuntu, mint, etc. and they're all solid as far as that goes.

I also have thought about the exact issue that your comment highlights, @tigerwillow1 - it's a tragic waste of resources to sunset perfectly good hardware for no other reason than W11 "requires" some TPM module upgrade, and as you said, mountains of old hardware shipped to somewhere (China) to be disassembled for any usable materials, then burn the rest? All the crowing that is done by companies about carbon footprints, yet they do things that are completely counter to what they're preaching. Rules for thee but not for me.

Gimmons said:

Yes, it updates normally. Absolutely no strange behavior so far. I have it running on my BI machine among others.

I considered staying with W10 indefinitely, but the prospect of running an internet-connected computer without security patches frightened me. I saw a video about how fast a windows xp system gets hacked if exposed to the internet.

To your point about MS losing customers, I thought about migrating to Linux, and I actually am doing that generally, but until BI comes out with a Linux version, I can't leave completely. A lot of the computers I pick up have an embedded windows key, but if I were building a new computer, I wouldn't buy a windows license. Linux has gotten too good. There's no need for Windows, especially when Microsoft is getting so nosy about your data and clearly wants to move everything to a subscription model.

Click to expand...

No ill effects from running W11 on a "non-compliant" pre TPM 2.0 module machine. Hm. What's wrong with this picture? So then, MS's requirement for TPM 2.0 is bogus, aside from the notion that W11 may make use of it if it's available., which is exactly as it should be, except that MS doesn't "endorse" it. Or facilitate it either, so you must jump through hoops to get around their "requirement".

I'm starting to understand it now. Hardware has outpaced software, and now many of us have powerful machines and we don't need more power. To sell hardware, MS produces this stupid requirement so that hardware vendors will continue to preload their boxes with Windows. Money is spent, unneeded hardware is acquired, profits are made, pollution is generated, and everyone is happy with their TPM 2.0 module and W11. But, as MS is finding out, there is a fly in their ointment. People that have a choice will leave the Windowsphere for another OS. MS might have overplayed their hand. It's April....I'm betting by September MS will announce some kind of accommodation beyond extended support, depending on hardware sales or the lack thereof.

And now, Old Geezer (me) war story time. I'm an old mainframe guy - IBM & MVS/XA, VM, TPF, DB/2, IMS, CICS, etc. When IBM sold a "hardware" upgrade, it would sometimes amount to a CE (hardware guy) simply and only updating firmware on a control unit. We quickly figured out that purchasing a hardware upgrade sometimes simply meant applying code that replaced code with "do nothing loops" to slow it down. It was, in a way, a fraud in that the hardware was already purchased, but their firmware was written to throttle it until more ransom was paid to "upgrade" it. Seems like it's always about money, and nothing has changed in 50 years.

Sorry for palavering.... musings of an old dude on a sleepy afternoon in NC.

Cheers!

Gimmons said:

Wow, sounds like that Apple scandal a couple of years ago where they were throttling older equipment through updates, mumbling something about not wanting to overwhelm the older systems with fancy new software.

I wonder though, why microsoft, which doesn't produce computers, would go to the trouble of obsoleting the older machines of other companies.

Click to expand...

It's a tit for tat - Hardware vendors will continue to license and preload Windows software on their machines IF MS will "do something" (ie, TPM 2.0 requirement) to stimulate hardware sales.

What else could it really be?

tigerwillow1 said:

In the late 70s the company I worked for (not big blue) had two models of a chain printer, one twice as fast as the other, and costing a bit shy of twice as much. The difference was an internal jumper. To people like me who thought this to be a bit dishonest, they had a bit of a justification in that the printers were leased, and running them faster would trigger higher maintenance costs. I'll buy that to a degree, but the price difference was mostly a big cash cow. Fast forward to the next century, an oscilloscope I have now has about a half dozen different versions with varying features and bandwidth. "Upgrading" isn't even new firmware, it's just entering a code that you pay $$$ for.

Having said all that off-topic stuff, a prior post triggered my hope about BI 6 running on linux. That would be fantastic!

Click to expand...

TheWaterbug said:

What make/model do you have?

I bought 4 used Optiplex 7040 SFF computers that originally came with TPM 1.2, and I discovered in late 2024 that Dell had released a TPM 2.0 update utility for this model, despite it was originally released nearly a decade ago.

Prior to doing that I'd also upgraded one of the 7040s using Rufus to bypass both the SecureBoot and TPM 2.0 requirements, and that seemed to work just fine.

So both methods were capable of extended the valid lifetime of these boxes.

Click to expand...

I have two HP Compaq Elite 8300 CMT PCs (among several others running w10 that are pre TPM 2.0), one of them is a dedicated BI machine, both running W10. They both have 32G Ram and are i7-3770 CPU @ 3.40GHz, but it has a TPM 1.2 module that cannot be addressed by a firmware update, according to the HP site. I don't have a great deal of computational-heavy stuff that I do, so what I have is perfectly adequate for what I need at this point. It's only the impending deadline from MS and the dependency on BI software that has me even pursuing this topic.

I'm a bit freaked out by the video posted by @Gimmons above that shows virus attacks for vulnerable Windows systems, but I have some philosophical reluctance to purchase W11 licenses since MS is going to be an asshole about the upgrade.

Maybe the $30 extended support per machine makes sense. Maybe. What doesn't make sense is tossing out perfectly good hardware for no reason.