Looks like Microsoft has made good on giving OEMs a workaround for the TPM 2.0 requirement… at least for now. It was pretty nuts to compel that by July – machines take at least 6 months to develop, and that’s on a fast track.
The requirement now gives an opt-out to “OEM systems for special purpose commercial systems, customer orders, and customer images with a custom image.”
In other words, if you use WAIK and make a custom Windows 10 image, you can temporarily skip the TPM requirement. Which anyone can easily do. I suspect Microsoft is planning to offer free encryption to TPM-enabled PCs, hence the change.
Currently Windows 10 Home encryption requires InstaGo, and a Microsoft Account. This is doubly painful because only Intel Atom and Core M devices support InstaGo. Worse, laptop devices with those same CPUs generally don’t support InstaGo. Only tablets do reliably, and even then… many don’t adhere to InstaGo. Also, the Microsoft Account login requirement gives an uncomfortable backdoor to your PC.
But there was no way some OEMs could meet the timetable for Anniversary Update. It is pretty clear from this that the opt-out will be a limited time offer. I only discovered this in a WinHEC slide. The opt-out option is not in the public-facing requirement documentation. I suspect six months from now, Microsoft will make the TPM requirement universal, and close this loophole within a year. Any customer that doesn’t want the TPM can disable it from within UEFI/BIOS settings.
Important: The TPM 2.0 requirement only applies to new Microsoft-certified devices using Windows 10 volume-purchased licensing. The requirement does not apply to existing PCs, or to custom-built new PCs. You may not, however, get to use certain new features in upcoming versions of Windows 10 without a TPM.