In over my head. Apologize in advance. When running Windows PC health check on my Librem Mini I get “PC must support secure boot, TPM 2.0 not enabled”. I am sure this was asked and answered in a Linux explanation too deep for me.
Does anyone know if I will be able to upgrade to Windows 11? Thank you!
Jim
In my opinion, running Windows on a Librem Mini is a sub-par utilization of resources. Because of Purism’s significant investment into the “Purism” of user software freedoms, which Windows is incompatible with, running Windows on a Librem is going to tend towards being an uphill battle because you’re doing something the manufacturer is not themselves doing with the hardware. I don’t run Windows on my Librem for the same reason that I don’t run PureOS on my Microsoft Surface: these people aren’t working together.
I’ve made the parallel elsewhere in these forums that running Windows on a Librem is akin to traveling to an expensive vegan buffet for really serious vegans, and bringing along a McDonalds hamburgerer and telling the person next to you how great it is to have both the vegan food and also the hamburger.
Accordingly, it is likely that Secure Boot was invented to secure the hardware away from the user and stop people from running anything other than Windows, such as PureOS, and the Microsoft use case for TPM2 is to use device attestation for marketing campaigns, so that every Windows device is uniquely in a giant Microsoft database to ensure all intetnet activity on that device can be tied back the purchaser of the device using the worldwide database at Microsoft.
Accordingly, from a distance, I don’t have high hopes for either of those Microsoft features working well on Purism hardware. When you just want to run Windows, it is very likely that you can buy non-Purism hardware from other manufacturers for this purpose and that other hardware will be much cheaper because it does not try to achieve the software freedom purity that leads to the name “Purism.”
NOTE: I am not affiliated with Purism in any way and the opinions expressed in this post are purely my own.
Thank you for taking the time to reply. I do understand the Mini was designed for PureOS and the philosophy of Purism. It is the only hardware I have and I need Windows. Rock and a hard place.
Out of curiosity, it is possible to enable secure boot and TPM? If so what is the key combo to boot to BIOS? Or this that the whole point of SeaBIOS? No access or modifications for the average user? My understanding is there is no TPM for the Mini?
I traveled overseas recently, and only brought with me some Purism hardware basically to see if I could travel light. At one point I got in a situation where I wanted Windows and what I did was find a street vendor selling a micro dell optiplex thing probably used for a couple of hundred bucks, and this seemed easier and solved my problem. So I dealt with this a different way on my life. I’d give you the optiplex micro but I assume you live very far away from me and we’ll never meet, so I have it in a shoebox under the bed. (It’s a similar size to the Librem Mini, I think, although I don’t have one of those and only have a Librem 14 / Librem 5 )
The following is on the Librem 14 docs page:
Trusted Platform Module (TPM)
If you have a Librem laptop model after February 2018, they will have a TPM chip installed by default.
You can manage the TPM from your firmware settings. Please follow these instructions:
Shut down your Librem device if it is turned on.
Power on your Librem device again.
When the boot splash screen appears (Purism or Librem device logo), press the
Escapekey.Press the
Tkey to see TPM options, and follow the prompts to make your desired changes.
Edit:
As a note, I tested the above and after pressing T key like it says, my Librem 14 has information about the TPM and said it was enabled. Do you see something similar to that on your Mini?