Microsoft's official response to requiring TPM 2.0 and secure boot is security, which could be true, although, I think there's a bigger goal in forcing TPM 2.0 and secure boot on the user.
All the way back in 2013, the German government had some concerns regarding TPM 2.0 and Windows 8.
Some highlights from the article are:
What's being said is TPM can be used to lock down what software can run on a machine and lock down what OS a user can choose. Microsoft didn't act upon this at the time because it would have just caused even more backlash. Now TPM 2.0 and secure boot have had 8+ years to find itself included in modern hardware, usually enabled by default. Most people have either forgotten about this, never knew about it, or no longer have any hardware that doesn't have TPM 2.0+, and that's if they even care."The tech is designed to stop the use of software and files which do not contain the correct digital rights permissions (thus protecting the property of vendors behind the protocols), including "unauthorised operating systems" (a specific function of the much-maligned Secure Boot)."
Windows 10 was filled to the brim with telemetry, and plenty of it can not be disabled no matter what, some of it even bypassing the hosts file. Microsoft has also made Windows Defender treat a hosts file meant to block telemetry as malware, but that's another topic for another time. TPM 2.0 can help Microsoft collect even more identifiers and data from users, if not already being secretly used in Windows 10 for this same goal."A machine that contains a Trusted Platform Module and runs software adhering to the Trusted Computing specifications is, arguably, under the control of the vendor – in this case Microsoft. It also identifies the machine to the vendor, meaning that users' identities can be linked to their machines as well as their online activities. As Redmond is a US firm, opponents to the protocols argue, users' data is theoretically accessible to US spooks in the National Security Agency via the Foreign Intelligence Surveillance Act, as Die Zeit points out."
They're warning of the user losing full control over their computer(s) with decreased security on top of that. If Microsoft gets a(nother) backdoor, someone may find a spare key (to any one) at any point. There's also government agencies as well as whoever Microsoft may be selling the data to also worry about."It warned of "the loss of full sovereignty over information technology" and that "the security objectives of confidentiality' and integrity are no longer guaranteed"."
They warn that TPM 2.0 is unacceptable for federal and critical infrastructure tasks."The use of 'Trusted Computing'... in this form ... is unacceptable for the federal administration and the operators of critical infrastructure."
One of Windows 10's goals was to force updates upon the user, with TPM 2.0, this can further this goal, locking down Windows Update even further for the home and professional user. I doubt Microsoft would also do this with the Server versions of their operating systems, but it's still very much possible. However, the rumors of Server 2022 still being 10 based could be an indicator of their plans."Once this is rolled out across all Windows-using PCS, the Germans fear, there will be "simply no way to tell what exactly Microsoft does to its system through remote updates"."
Self explanatory."the use of Windows 8 in combination with a TPM 2.0 is accompanied by a loss of control over the operating system and the hardware used."
Also self explanatory."The Register previously described Trusted Computing as the "widely derided idea of computing secured for, and against, its users"."
My hypothesis is that Microsoft is finally acting upon this goal since most people have long since moved on from this, and that they've ended up somehow liking 10. Part of me believes that this will end up as another Windows 8, but in the way that it's actually bad and not just being misunderstood like 8. The other part of me believes that Microsoft will pull another 10 and force upgrade most users to 11, giving them 0 choice over this, making people eventually tolerate 11 and forget about how much better 10, 8.x, 7, etc were.
I recommend that everyone reading this post use a pre-10 operating system, and/or disable TPM from your computers BIOS or even better, physically remove the TPM chip from your computer.