I still fail to see how windows 11 was anything but a collusion scam to sell new hardware.
None of the changes including TPM requirements required a new iteration. Nothing about the underlying NT dropped any of the old and antiquated BS despite Microsoft hiring some morons to advertise the fact on reddit to all the insiders asking questions.
They even let the media pick up a fake report that Windows 11 was related to the Core OS and a brand new kernel was in the works.
If Microsoft wanted a marketing strategy, they could have properly started naming feature updates and adverising them similar to Apple.
8, 10, and 11 have also been a pain on enterprise because Microsoft axed their QA team. I seriously hope any new firms start considering linux desktop as a valid option. All they really need is a vendor to offer a solid distro along with an agreement to rapidly create/deploy any software solution so they don’t get scared looking at the cheap entry windows stuff.
The TPM is not a dedicated cryptographic processor, it’s an external keystore with a few select functions. You’re thinking of an HSM which is used almost exclusively in servers that have to handle thousands of secrets per second.
CPUs have had dedicated AES hardware for decades which is why LUKS and Bitlocler use it by default.
The TPM just allows certain keys and secrets to be generated and stored physically separate from the CPU as a security measure.
Bitlocker and LUKS will store a master key in the TPM so that you don’t have to enter a password every time you boot. They retrieve it from the TPM and then use it to unlock the actual encryption key which is done entirely in the CPU. If the TPM detects foul play such as secure boot alteration, it will refuse to give the key or clear itself.
Using the TPM for constant encryption like at rest disk encryption would be way too slow.
It’s so so small that most modern TPMs have been integrated into the CPU or even simulated via the motherboard firmware (fTPM and PTT).