Microsoft, at this time, eliminated one other Home windows 11 24H2 compatibility block which suggests the characteristic replace is now accessible for obtain to those that had been affected.

Talking of Home windows 11 24H2, the corporate at this time additionally shared a brand new TPM verification device known as the “attestation readiness verifier device” which is able to assist to examine for and establish varied compatibility, safety, and reliability points on the {hardware} and firmware stage.

Neowin has coated attestation-related bugs prior to now and Microsoft has additionally beforehand labored on a “TPM troubleshooter” choice contained in the Safety app.

With this new device, Microsoft says that customers will have the ability to higher perceive the extent of TPM attestation readiness utilizing newly offered info within the Occasion Viewer.

If you’re not acquainted, the (Home windows) Occasion Viewer helps Home windows hold logs of the varied “occasions” carried out by the apps and drivers. Microsoft recommends it as a helpful utility to assist troubleshoot points.

Microsoft explains:

Attestation readiness verifier signifies three potential well being states. You may discover them within the Occasion Viewer Log at each boot and hibernate–resume, as follows:

• Attestable: All checks handed. Attestation is predicted to report an correct state.
• Presumably attestable: A platform configuration register (PCR) problem was detected throughout boot. PCRs are up to date by elements like UEFI firmware and securely saved within the TPM. Correctness of PCRs impacts the well being of safety features like BitLocker and attestation. Observe: Attempt restarting your machine first. If it does not assist, you may must work together with your system or UEFI vendor.
• Not attestable: A vital examine has failed. The system booted in an unhealthy state.

An in depth information about it has additionally been revealed by Microsoft on the announcement weblog put up which you’ll be able to learn right here.

This announcement comes scorching on the heels of Microsoft including “enhanced” hardware-backed attestation for Home windows 11 on Intune. The Microsoft 365 roadmap entry below ID 387499 describes the brand new characteristic:

Microsoft Intune: {Hardware} backed attestation – enhanced for Home windows 11

It will improve the Home windows compliance coverage – system well being by including 5 extra {hardware} attestation settings particular to Home windows 11 utilizing superior platform safety features like Reminiscence Integrity and Entry Safety, firmware safety, virtualization-based safety, and Early Launch Antimalware safety.

For these questioning, TPM attestation is form of just like how UEFI Safe Boot works. The distinction is that Safe Boot’s perform is to examine for safe bootloaders whereas TPM attestation ensures TPM authenticity by testifying that the corresponding RSA (Rivest, Shamir, Adleman) keys are trusted by the CA (certificates authority).