{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果你最近一直在關注科技新聞的話,可能已經聽說微軟最新一代Windows 11操作系統列出的"},{"type":"link","attrs":{"href":"https:\/\/www.microsoft.com\/zh-cn\/windows\/windows-11-specifications","title":"","type":null},"content":[{"type":"text","text":"最低硬件要求"}]},{"type":"text","text":"引發了不小的騷動。新的基礎硬件要求之一是TPM 2.0芯片。但究竟什麼是TPM 2.0呢,爲什麼微軟需要它來運行新一代Windows?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"TPM(Trusted Platform Module,可信平臺模塊),它是一種安裝在計算機主板上,用來提升安全性的芯片。在這篇文章中,我們深入研究了這個鮮爲人知的組件,給出了一些常見問題的答案,例如它的用途、如何查看你的計算機是否已安裝它,以及在哪裏獲取它。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"什麼是TPM芯片?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"TPM是計算機主板上的一個微型芯片,在硬件級別上提供與安全相關的一些特性。它本質上是一個加密安全處理器,能夠執行生成加密密鑰、以防篡改方式提供基於軟件和硬件的混合身份驗證等操作。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"現在的計算機通常都在主板上安裝了一個獨立的TPM芯片。如果你要組裝自己的PC,你還可以單獨購買一個附加模塊,安裝在支持它的主板上。但並非所有主板都支持TPM芯片或配備相應的連接器,這塊我們將在後面討論。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"除了獨立的物理芯片之外,TPM還可以採用其他形式來實現,但普通用戶就不用深入研究了。有些TPM實現可以作爲固件或物理附件集成到主CPU中,也存在完全運行在軟件中的純虛擬TPM,上述兩者都不如獨立芯片那麼安全,不過前者還是兩者中更可行的選項,因爲同容易被黑客入侵和更改的環境相比,前者使用了離散且可信的環境。"}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"TPM芯片的用途是什麼?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"簡而言之,TPM芯片完全是爲了安全而生的。它們最常用於保護和加密數據,並且可以在硬件保護下存儲密碼、加密密鑰和安全證書等敏感信息。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果TPM芯片在你的設備上檢測到惡意軟件或病毒,它可以自我隔離(進而隔離存儲在芯片上的任何數據)。在某些情況下,這種芯片可以在計算機重新啓動時掃描計算機的BIOS,並在自身運行之前運行一系列條件測試以檢查是否存在不需要的程序或訪問。這些芯片還能夠檢測到是否有人篡改了你的計算機驅動器(比如驅動器是否被盜),並在檢測到某些異常情況時阻止你的計算機啓動和鎖定系統。這些芯片還可以存儲生物識別登錄信息,比如用於Windows Hello的信息。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"而最常見的用途是,這些芯片可以生成唯一的加密密鑰。芯片會將密鑰的一部分留給自己(字面意思——這一部分只存儲在TPM中,永遠不會存儲在你的硬盤上)。這些密鑰可以用來加密你的硬盤驅動器,於是沒人能在偷走你的硬盤後把它連接到自家的計算機主板上來獲取硬盤數據。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"此外,有經驗的用戶經常使用這些芯片來處理電子郵件客戶端中的加密、密鑰簽名消息。這些芯片還經常被瀏覽器(如Chrome)用來維護SSL證書等高級功能。"}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"誰在使用TPM芯片?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"過去,TPM往往只被那些需要保護組織信息的大公司使用。你一般會在公司的筆記本電腦中看到這種芯片,因爲它們被用來確保電腦硬件或軟件不會被員工或其他人搞亂。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"使用機頂盒提供服務的媒體公司經常使用這種芯片來確保他們的內容在分發時不會被盜版。現代智能手機(如Pixels和iPhone)最近也採用了類似的安全芯片。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"儘管微軟沒有具體解釋原因,但他們還是選擇將這種芯片作爲即將推出的Windows 11更新的一項核心硬件要求。這一舉動將這個相對小衆的組件推到了聚光燈下,因爲想要運行新操作系統的用戶都需要了解它。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"爲什麼Windows 11需要這種TPM芯片"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"當微軟在6月24日的活動中發佈Windows 11時,他們給出了計算機運行新版操作系統時需要滿足的硬件需求。在文檔中,微軟最初將TPM 1.2列爲“Hard Floor”要求,將TPM 2.0列爲“Soft Floor”要求,並表示“不符合Hard Floor條件的設備無法升級到Windows 11,符合Soft Floor的設備會收到不建議升級的通知。”是的,這非常令人困惑。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"幾天後,微軟從網站上刪除了這條信息。他們在更新的博客"},{"type":"link","attrs":{"href":"https:\/\/blogs.windows.com\/windows-insider\/2021\/06\/28\/update-on-windows-11-minimum-system-requirements\/","title":"","type":null},"content":[{"type":"text","text":"文章"}]},{"type":"text","text":"中表示,他們已暫時移除了PC健康檢查應用(該應用可讓用戶查看他們的計算機是否與新的硬件要求兼容)。目前,微軟將TPM 2.0列爲唯一的硬性最低需求。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/91\/b4\/9109yy9beeaae7e4638e4a34dd9ca5b4.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"迄今爲止,微軟從未對以前版本的Windows提出過如此嚴格的硬件要求。他們沒有對這種要求給出相應的理由、又移除了PC健康檢查應用,很多聲明還自相矛盾,難怪這家公司引發了強烈的不滿。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"鑑於TPM芯片的性質及功能,微軟可能只是更加註重安全性了。事實上,這些芯片將爲Windows 11提供一個硬件安全的基準。幾個月來,微軟也一直在分享有關固件攻擊的警告,對於我們所看到的所有勒索軟件攻擊(更不用說物聯網和供應鏈漏洞或網絡釣魚攻擊了),做出更多努力來確保更好的安全性,這顯然沒有什麼壞處。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"但是,雖然TPM芯片將在很大程度上阻擋這些攻擊(這些攻擊主要針對運行Windows系統的設備),但微軟也需要考慮用戶的感受。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"有些人可能會說,更高的硬件要求是出於財務動機。他們說這個想法是爲了幫助推動計算機的計劃淘汰,並迫使更多人購買擁有所有必需硬件的新電腦。這樣人們可能就沒法繼續使用那些還在運行Windows 8的舊電腦,堅持下一個十年了——在過去人們經常這樣做。鑑於微軟是一家企業而不是慈善組織,這個觀點有其合理性。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"然而,微軟過去的歷史證明,它在推動軟硬件技術革新方面的表現並不算出色。自Windows 10發佈以來,該公司實際上已經要求新生產的PC上都啓用TPM了,OEM廠商都被要求提供支持TPM的設備。但微軟從未強迫自己的設備合作伙伴在運行Windows時啓用TPM。值得一提的是,即便是隻有五年或更短歷史,運行着Windows 10的筆記本電腦和臺式機,也可能無法運行Windows 11。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"微軟給出了這麼強硬的升級策略,又不肯提供任何解釋說明,難怪用戶會感到困惑、沮喪甚至憤怒。一方面,公司採取措施確保自己產品(進而確保用戶)的安全性是很合理的,甚至是符合期望的;另一方面,突然提升產品的需求可能會限制可獲取產品的用戶羣,並且絕對是令人困惑的,這並不是最明智的商業舉措。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"黃牛也顯然已經囤積了很多組件,準備在eBay上高價銷售,這讓問題變得更嚴重了。"}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"TPM 1.2和TPM 2.0有什麼區別?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"儘管外界仍不清楚微軟是會採用TPM 1.2標準,還是最終選擇TPM 2.0,但瞭解兩者之間的區別還是有用的。"}]},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/99\/fb\/999f3ffffabcb910e249cffc92fbb3fb.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"微軟"},{"type":"link","attrs":{"href":"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/information-protection\/tpm\/tpm-recommendations#tpm-12-vs-20-comparison","title":"","type":null},"content":[{"type":"text","text":"表示"}]},{"type":"text","text":",“TPM 1.2規範只允許使用RSA和SHA-1哈希算法。”“TPM 2.0在加密算法方面更加靈活,從而實現了更強的加密敏捷性。TPM 2.0支持更新的算法,可以提高驅動器簽名和密鑰生成性能。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"簡單來說,TPM 2.0技術比TPM 1.2更新,後者自2011年就已出現。前者的加密能力更強大,更安全,並且能夠更好地支持更新的算法。與技術領域的大多數事物一樣,越新的通常會越好。"}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"如何檢查你的計算機是否有TPM芯片"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"首先,如果你的PC是在2016年7月28日之後購買的,它很可能已經啓用了TPM 2.0芯片。但如果你的設備比這個時間還老,或者你是自己組裝的機器,情況就可能不一樣了。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"不管怎樣,How-to-Geek網站分享了一些自我檢查的"},{"type":"link","attrs":{"href":"https:\/\/www.howtogeek.com\/287737\/how-to-check-if-your-computer-has-a-trusted-platform-module-tpm-chip\/","title":"","type":null},"content":[{"type":"text","text":"方法"}]},{"type":"text","text":",例如檢查TPM管理工具或UEFI固件設置頁面。你也可能需要聯繫計算機制造商來進一步瞭解,或查看他們的網站上是否有常見問題解答列出了搭載該芯片的設備列表。"}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"如何啓用計算機的TPM芯片"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果你是自己組裝的PC,它可能會說自己沒有搭載TPM 2.0,或者它雖然有但未啓用。如果是後面這種情況,你需要進入UEFI或BIOS設置界面並在那裏啓用它。此外,有時計算機可能會說它沒有正確安裝TPM 2.0,但是當你在設置中查看它時,它實際上只是被禁用了;如果需要,你仍然可以啓用它。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"你需要尋找名爲“TPM Support”、“Trusted Platform Module”、“Intel PTT”、“PSP fTPM”或類似內容的選項。找到選項後,只需啓用它、保存你的設置,然後重新啓動你的計算機即可。請注意,你的PC的TPM芯片也有可能在你的設備管理器中列出並處于禁用狀態(雖說不太可能),因此如果你無法在其他地方啓用它,請務必檢查設備管理器。"}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"在哪裏可以買到TPM芯片?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果你確實需要爲自己的設備購買TPM芯片,請搜索芯片附加模塊。在購買之前,請仔細檢查要買的模塊是否支持你的計算機的主板型號,還要檢查其他硬件組件需求,看看自己是否符合。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"正如我們之前提到的,黃牛在聽說了微軟最初的Windows 11硬件要求後立即開始囤積TPM芯片了。你最好的選項是嘗試直接從PC銷售商或零件網站購買。它們的零售價一般在20-30美元之間,因此可以的話儘量不要花冤枉錢。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果你安裝了這種芯片,請務必在你的筆記本電腦或臺式機的BIOS中啓用其加密功能。大多數計算機制造商提供了可幫助你訪問TPM功能的軟件。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"有這麼多事情需要處理的確是很讓人頭疼的,特別是考慮到TPM芯片一直都是一種小衆組件,微軟以前從未這麼重視過它們。但不要擔心,這家科技巨頭還是完全有"},{"type":"link","attrs":{"href":"https:\/\/www.reviewgeek.com\/90480\/microsoft-might-lower-the-windows-11-hardware-requirements\/","title":"","type":null},"content":[{"type":"text","text":"可能降低"}]},{"type":"text","text":"Windows 11的硬件要求,或者決定完全放棄TPM的需求。至少這種可能性是存在的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"原文:"},{"type":"link","attrs":{"href":"https:\/\/www.reviewgeek.com\/90877\/what-is-a-tpm-chip-and-why-does-windows-11-require-it\/","title":"xxx","type":null},"content":[{"type":"text","text":"《What Is a TPM Chip and Why Does Windows 11 Require It?》"}]}]}]}
不含TPM芯片?抱歉,你的電腦不能升級Windows 11
{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果你最近一直在關注科技新聞的話,可能已經聽說微軟最新一代Windows 11操作系統列出的"},{"type":"link","attrs":{"href":"https:\/\/www.microsoft.com\/zh-cn\/windows\/windows-11-specifications","title":"","type":null},"content":[{"type":"text","text":"最低硬件要求"}]},{"type":"text","text":"引發了不小的騷動。新的基礎硬件要求之一是TPM 2.0芯片。但究竟什麼是TPM 2.0呢,爲什麼微軟需要它來運行新一代Windows?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"TPM(Trusted Platform Module,可信平臺模塊),它是一種安裝在計算機主板上,用來提升安全性的芯片。在這篇文章中,我們深入研究了這個鮮爲人知的組件,給出了一些常見問題的答案,例如它的用途、如何查看你的計算機是否已安裝它,以及在哪裏獲取它。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"什麼是TPM芯片?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"TPM是計算機主板上的一個微型芯片,在硬件級別上提供與安全相關的一些特性。它本質上是一個加密安全處理器,能夠執行生成加密密鑰、以防篡改方式提供基於軟件和硬件的混合身份驗證等操作。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"現在的計算機通常都在主板上安裝了一個獨立的TPM芯片。如果你要組裝自己的PC,你還可以單獨購買一個附加模塊,安裝在支持它的主板上。但並非所有主板都支持TPM芯片或配備相應的連接器,這塊我們將在後面討論。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"除了獨立的物理芯片之外,TPM還可以採用其他形式來實現,但普通用戶就不用深入研究了。有些TPM實現可以作爲固件或物理附件集成到主CPU中,也存在完全運行在軟件中的純虛擬TPM,上述兩者都不如獨立芯片那麼安全,不過前者還是兩者中更可行的選項,因爲同容易被黑客入侵和更改的環境相比,前者使用了離散且可信的環境。"}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"TPM芯片的用途是什麼?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"簡而言之,TPM芯片完全是爲了安全而生的。它們最常用於保護和加密數據,並且可以在硬件保護下存儲密碼、加密密鑰和安全證書等敏感信息。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果TPM芯片在你的設備上檢測到惡意軟件或病毒,它可以自我隔離(進而隔離存儲在芯片上的任何數據)。在某些情況下,這種芯片可以在計算機重新啓動時掃描計算機的BIOS,並在自身運行之前運行一系列條件測試以檢查是否存在不需要的程序或訪問。這些芯片還能夠檢測到是否有人篡改了你的計算機驅動器(比如驅動器是否被盜),並在檢測到某些異常情況時阻止你的計算機啓動和鎖定系統。這些芯片還可以存儲生物識別登錄信息,比如用於Windows Hello的信息。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"而最常見的用途是,這些芯片可以生成唯一的加密密鑰。芯片會將密鑰的一部分留給自己(字面意思——這一部分只存儲在TPM中,永遠不會存儲在你的硬盤上)。這些密鑰可以用來加密你的硬盤驅動器,於是沒人能在偷走你的硬盤後把它連接到自家的計算機主板上來獲取硬盤數據。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"此外,有經驗的用戶經常使用這些芯片來處理電子郵件客戶端中的加密、密鑰簽名消息。這些芯片還經常被瀏覽器(如Chrome)用來維護SSL證書等高級功能。"}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"誰在使用TPM芯片?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"過去,TPM往往只被那些需要保護組織信息的大公司使用。你一般會在公司的筆記本電腦中看到這種芯片,因爲它們被用來確保電腦硬件或軟件不會被員工或其他人搞亂。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"使用機頂盒提供服務的媒體公司經常使用這種芯片來確保他們的內容在分發時不會被盜版。現代智能手機(如Pixels和iPhone)最近也採用了類似的安全芯片。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"儘管微軟沒有具體解釋原因,但他們還是選擇將這種芯片作爲即將推出的Windows 11更新的一項核心硬件要求。這一舉動將這個相對小衆的組件推到了聚光燈下,因爲想要運行新操作系統的用戶都需要了解它。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"爲什麼Windows 11需要這種TPM芯片"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"當微軟在6月24日的活動中發佈Windows 11時,他們給出了計算機運行新版操作系統時需要滿足的硬件需求。在文檔中,微軟最初將TPM 1.2列爲“Hard Floor”要求,將TPM 2.0列爲“Soft Floor”要求,並表示“不符合Hard Floor條件的設備無法升級到Windows 11,符合Soft Floor的設備會收到不建議升級的通知。”是的,這非常令人困惑。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"幾天後,微軟從網站上刪除了這條信息。他們在更新的博客"},{"type":"link","attrs":{"href":"https:\/\/blogs.windows.com\/windows-insider\/2021\/06\/28\/update-on-windows-11-minimum-system-requirements\/","title":"","type":null},"content":[{"type":"text","text":"文章"}]},{"type":"text","text":"中表示,他們已暫時移除了PC健康檢查應用(該應用可讓用戶查看他們的計算機是否與新的硬件要求兼容)。目前,微軟將TPM 2.0列爲唯一的硬性最低需求。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/91\/b4\/9109yy9beeaae7e4638e4a34dd9ca5b4.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"迄今爲止,微軟從未對以前版本的Windows提出過如此嚴格的硬件要求。他們沒有對這種要求給出相應的理由、又移除了PC健康檢查應用,很多聲明還自相矛盾,難怪這家公司引發了強烈的不滿。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"鑑於TPM芯片的性質及功能,微軟可能只是更加註重安全性了。事實上,這些芯片將爲Windows 11提供一個硬件安全的基準。幾個月來,微軟也一直在分享有關固件攻擊的警告,對於我們所看到的所有勒索軟件攻擊(更不用說物聯網和供應鏈漏洞或網絡釣魚攻擊了),做出更多努力來確保更好的安全性,這顯然沒有什麼壞處。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"但是,雖然TPM芯片將在很大程度上阻擋這些攻擊(這些攻擊主要針對運行Windows系統的設備),但微軟也需要考慮用戶的感受。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"有些人可能會說,更高的硬件要求是出於財務動機。他們說這個想法是爲了幫助推動計算機的計劃淘汰,並迫使更多人購買擁有所有必需硬件的新電腦。這樣人們可能就沒法繼續使用那些還在運行Windows 8的舊電腦,堅持下一個十年了——在過去人們經常這樣做。鑑於微軟是一家企業而不是慈善組織,這個觀點有其合理性。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"然而,微軟過去的歷史證明,它在推動軟硬件技術革新方面的表現並不算出色。自Windows 10發佈以來,該公司實際上已經要求新生產的PC上都啓用TPM了,OEM廠商都被要求提供支持TPM的設備。但微軟從未強迫自己的設備合作伙伴在運行Windows時啓用TPM。值得一提的是,即便是隻有五年或更短歷史,運行着Windows 10的筆記本電腦和臺式機,也可能無法運行Windows 11。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"微軟給出了這麼強硬的升級策略,又不肯提供任何解釋說明,難怪用戶會感到困惑、沮喪甚至憤怒。一方面,公司採取措施確保自己產品(進而確保用戶)的安全性是很合理的,甚至是符合期望的;另一方面,突然提升產品的需求可能會限制可獲取產品的用戶羣,並且絕對是令人困惑的,這並不是最明智的商業舉措。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"黃牛也顯然已經囤積了很多組件,準備在eBay上高價銷售,這讓問題變得更嚴重了。"}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"TPM 1.2和TPM 2.0有什麼區別?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"儘管外界仍不清楚微軟是會採用TPM 1.2標準,還是最終選擇TPM 2.0,但瞭解兩者之間的區別還是有用的。"}]},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/99\/fb\/999f3ffffabcb910e249cffc92fbb3fb.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"微軟"},{"type":"link","attrs":{"href":"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/information-protection\/tpm\/tpm-recommendations#tpm-12-vs-20-comparison","title":"","type":null},"content":[{"type":"text","text":"表示"}]},{"type":"text","text":",“TPM 1.2規範只允許使用RSA和SHA-1哈希算法。”“TPM 2.0在加密算法方面更加靈活,從而實現了更強的加密敏捷性。TPM 2.0支持更新的算法,可以提高驅動器簽名和密鑰生成性能。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"簡單來說,TPM 2.0技術比TPM 1.2更新,後者自2011年就已出現。前者的加密能力更強大,更安全,並且能夠更好地支持更新的算法。與技術領域的大多數事物一樣,越新的通常會越好。"}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"如何檢查你的計算機是否有TPM芯片"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"首先,如果你的PC是在2016年7月28日之後購買的,它很可能已經啓用了TPM 2.0芯片。但如果你的設備比這個時間還老,或者你是自己組裝的機器,情況就可能不一樣了。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"不管怎樣,How-to-Geek網站分享了一些自我檢查的"},{"type":"link","attrs":{"href":"https:\/\/www.howtogeek.com\/287737\/how-to-check-if-your-computer-has-a-trusted-platform-module-tpm-chip\/","title":"","type":null},"content":[{"type":"text","text":"方法"}]},{"type":"text","text":",例如檢查TPM管理工具或UEFI固件設置頁面。你也可能需要聯繫計算機制造商來進一步瞭解,或查看他們的網站上是否有常見問題解答列出了搭載該芯片的設備列表。"}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"如何啓用計算機的TPM芯片"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果你是自己組裝的PC,它可能會說自己沒有搭載TPM 2.0,或者它雖然有但未啓用。如果是後面這種情況,你需要進入UEFI或BIOS設置界面並在那裏啓用它。此外,有時計算機可能會說它沒有正確安裝TPM 2.0,但是當你在設置中查看它時,它實際上只是被禁用了;如果需要,你仍然可以啓用它。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"你需要尋找名爲“TPM Support”、“Trusted Platform Module”、“Intel PTT”、“PSP fTPM”或類似內容的選項。找到選項後,只需啓用它、保存你的設置,然後重新啓動你的計算機即可。請注意,你的PC的TPM芯片也有可能在你的設備管理器中列出並處于禁用狀態(雖說不太可能),因此如果你無法在其他地方啓用它,請務必檢查設備管理器。"}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"在哪裏可以買到TPM芯片?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果你確實需要爲自己的設備購買TPM芯片,請搜索芯片附加模塊。在購買之前,請仔細檢查要買的模塊是否支持你的計算機的主板型號,還要檢查其他硬件組件需求,看看自己是否符合。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"正如我們之前提到的,黃牛在聽說了微軟最初的Windows 11硬件要求後立即開始囤積TPM芯片了。你最好的選項是嘗試直接從PC銷售商或零件網站購買。它們的零售價一般在20-30美元之間,因此可以的話儘量不要花冤枉錢。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果你安裝了這種芯片,請務必在你的筆記本電腦或臺式機的BIOS中啓用其加密功能。大多數計算機制造商提供了可幫助你訪問TPM功能的軟件。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"有這麼多事情需要處理的確是很讓人頭疼的,特別是考慮到TPM芯片一直都是一種小衆組件,微軟以前從未這麼重視過它們。但不要擔心,這家科技巨頭還是完全有"},{"type":"link","attrs":{"href":"https:\/\/www.reviewgeek.com\/90480\/microsoft-might-lower-the-windows-11-hardware-requirements\/","title":"","type":null},"content":[{"type":"text","text":"可能降低"}]},{"type":"text","text":"Windows 11的硬件要求,或者決定完全放棄TPM的需求。至少這種可能性是存在的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"原文:"},{"type":"link","attrs":{"href":"https:\/\/www.reviewgeek.com\/90877\/what-is-a-tpm-chip-and-why-does-windows-11-require-it\/","title":"xxx","type":null},"content":[{"type":"text","text":"《What Is a TPM Chip and Why Does Windows 11 Require It?》"}]}]}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章