Why very few modern motherboards are equipped with TPM?

4

2

I've heard bitlocker will be so common that microsoft will require every computer to have TPM to run windows 9.

Yet I just called gigabyte. Gigabyte says that not one of their motherboard is equipped with TPM.

One of their motherboards is equipped with a TPM module header, but a gigabyte dealer in Indonesia told me they know nobody that sells TPM modules to plug to that header.

I mean, TPM is very important if we do not want government officials, thieves, or anyone to look at our data. No matter how legal our work is, they tend to find something. If anything, they can know our passwords if they can access our hard disk.

Yet very few motherboards are equipped with TPM. Simply lack of sell.

I find it hard to believe.

Is there an explanation for this?

user4951

Posted 2014-09-11T12:27:12.880

Reputation: 3 015

Question was closed 2014-09-11T14:14:20.343

I'm not sure if you understand what TPM gives. From what I could gather from the Wikipedia page on TPM, it's mostly a hardware-based service set (so, it can be replaced with less cost with a software-based solution). There are several manufacturers that integrate TPM on their products, as noted on the article.

– Doktoro Reichard – 2014-09-11T12:36:17.527

@JimThio - I have found dozens of motherboards with the module already installed. But this does not seem to be on topic here at Superuser. – Ramhound – 2014-09-11T12:43:35.447

Answers

3

My guess would be following:

Very few users know what they want or need these days. In fact average computer user needs to be told what he wants or needs. This is effectively done by advertising. You do not decide that you need a quad-core processor running at 4Ghz, in most cases you are told through clever advertising that this is exactly what you need and that this is the best on the market. So you go and buy it. Same applies to security components like TPM

So basic answer to your question is: TPM is not advertised enough, most average users don't have a clue about what it is and why would they need it. This is why they are not willing to pay money for it. This creates a situation with the lack of demand for such products and obviously MB manufacturers don't find it profitable to include TPM on their devices.

Interesting question that arises is why is TPM not advertised in the world were cyber security has become a major subject? We do get excessive advertising of antiviruses that we don't need, protocol encryption algorithms, that are volnurable anyway etc, but not TPM. My guess on this would be - there is still no reliable way to control the production of TPM modules and develop backdoors for each and every one of them and because of that most governments would not be particularly happy if TPM would flood the market.

Don't worry, as soon as security services of world leading countries will find reliable way to make your TPM useless - it will be advertised all over TV and Internet and everyone will have to buy it.

Art Gertner

Posted 2014-09-11T12:27:12.880

Reputation: 6 417

Hardware encryption adds a layer of protection that would prevent data exfiltration (spying on your data stored on your hard drive by anyone). I think a lot of people, such as law enforcement, governments and criminals have a vested interest in being able to get at your data without you knowing it so it's not heavily promoted. It's a matter of time before public distrust of such entities rises to the level of consumer demand. – atom88 – 2015-10-15T18:30:13.557

2Just to note. I am looking over my new ASUS X99 Sabertooth motherboard, it has a TPM header on it. I ended up here because I was wondering what I could use it for. So... some consumer systems do have this feature. – Steven Lu – 2016-02-05T09:15:12.747

@StevenLu, its been two years since the original post. You're right. More consumer systems have TPM these days. My machine has one too! – Art Gertner – 2016-02-05T11:48:13.693

3

TPM comes with a lot of Enterprise/server motherboards, my HP Elitebook has one built in and comes as standard.

TPM has been sold more to business's and governments as a way to secure their data easily hence its more prevalent in enterprise settings.

Consumer grade kit wont come with it because many people wont know what it is actually for and wont use it, so the manufacturer wont bother wasting the money and time needed to include this is consumer grade motherboards - best you can hope for is a TPM header and buy a module.

Fegnoid

Posted 2014-09-11T12:27:12.880

Reputation: 839

1

It's not there because it adds cost to the motherboard, and gives very little benefit to the average end user. Even if you want to do something that TPM enables (like a very secure boot of encrypted storage) you have to decide whether you can actually trust:

  • That the TPM is necessary and helpful for that application
  • That the TPM doesn't have any bugs
  • That the TPM's manufacturer didn't include any back doors
  • That whatever keys and algorithms that the TPM supports aren't somehow broken in the future.

That's a lot of trust to put in a commodity PC manufacturer.

So, in effect, it doesn't solve many problems for the general end user. A few enterprises can make use of them, but the average user? No benefit, and the average user is VERY price sensitive.

Michael Kohne

Posted 2014-09-11T12:27:12.880

Reputation: 3 808

And as to MS requiring it for Win 9: I doubt it. They may well require it for some features (drive encryption), but given the large number of perfectly good motherboards that wouldn't be able to run Win9, I don't think they'll be able to afford to require it for the OS as a whole. – Michael Kohne – 2014-09-11T13:49:47.543

1TPM will never be required to install Windows. It might be required to enable an optional feature like Bitlocker – Ramhound – 2014-09-11T16:17:04.943

All of the trust issues are already inherent in all software installed anyway. (i.e. do you trust Microsoft not to have bugs or vulnerabilities, etc.) Hardware encryption adds a layer of protection that would prevent data exfiltration (spying on your data stored on your hard drive by anyone). I think a lot of people, such as law enforcement, governments and criminals have a vested interest in being able to get at your data without you knowing it so it's not heavily promoted. To say that a user wouldn't want it or understand it is an insult to the smart consumer of today. – atom88 – 2015-10-15T18:29:00.380

@atom88 - perhaps consumers are smarter, but frankly most of them clearly don't care about computer security in ANY form. How many of them run Windows with no AV software? How many leave the default passwords on their home WiFi routers? Asking them spend even an extra dollar for a security device on their computer is pointless and wasting their money - they mostly won't even set a password on the computer, because they are afraid they'll forget it! They aren't stupid, they just don't CARE, because all they want to do is watch videos on Youtube or whatever. – Michael Kohne – 2015-10-15T19:21:27.880

Asked: 2014-09-11T12:27:12.880

Viewed: 10 032 times

Active: 2014-09-11T13:49:34.623