> You’ve probably noticed that the marketing for this requirement is vague and confusing, and that’s intentional. It doesn’t do much for you, the consumer. However, it does set the stage for the future where Microsoft begins shipping their TPM on your processor. Enter Microsoft’s Pluton. The same technology is present in the Xbox. It would be an absolute dream come true for companies and vendors with special interests to completely own and control your PC to the same degree as a phone or the Xbox.
Explains why official sites don't explain what the TPM is beyond "security" [1], nor that this "security" means "security against the owner" - though the computer is nominally yours, it's built to keep secrets from you.
When Microsoft originally published a short page with their justification of the advantages of UEFI and GPT drive layout, everything touted as an advantage was false.
As this was foisted and users became accustomed to the migration away from more well-proven traditional operation, the page was edited into oblivion as it could be seen users would have better recognized the falsehood by then after having some direct experience.
So many "influencers" were already carrying the flag on their own that the page was eventually removed.
I agree with the sentiment of the piece, but I disagree with the idea that TPMs don't add much value for end users.
TPMs were originally designed in the early days of ecommerce, when it became clear that home computers would need better security if they were going to be used for financial transactions.
Today's TPMs don't have a lot of compute power, but they have a lot of features.
It's just that we don't have that much software taking the best advantage of those features yet, probably because they have only just become ubiquitous in the last couple years.
TPMs lay the groundwork for unphishable credentials, using hardware-bound asymmetric keys.
TPMs add a user-friendly option for full-disk encryption, in a way that's resistant to physical attacks.
TPMs can be used to protect symmetric credentials too, instead of storing them on disk (see systemd-creds TPM2 support).
And, TPMs do have actual privacy mechanisms. End-user TPMs do not offer up their endorsement key to any third party. Attestation workflows shield third parties from the endorsement key.
I'm excited for more widespread use of TPMs in Linux especially. Lately systemd has been making some good progress here.
Seems like a lot of banking and other secure business is moving to mobile first or mobile only, presumably as it's likely the only secure device the user has.
> And, TPMs do have actual privacy mechanisms. End-user TPMs do not offer up their endorsement key to any third party. Attestation workflows shield third parties from the endorsement key.
Then how do endorsement keys work?
If I understood the OP correctly, the purpose of the endorsement key is so a third party can choose only to accept attestation from TPMs of "trusted" vendors. How does this work if the third party can't query the endorsement key?
Yes, there are end-user uses for TPMs. But, personally, none of them are compelling enough to overcome my fundamental mistrust of how companies will use them.
The underlying point you should be calling out if you want to present this argument is that "User freedom should prevail over companies' freedom". The only thing attestation enables is companies enacting their own policies along the lines of "I only want users who are willing to let their device attest x level of security". The user is not required to use that service, they're not required to run W11 or to enable the fTPM in their BIOS.
Asking for widespread change and the death of TPM attestation is like saying that companies should be forced to serve all customers even if it degrades the services they provide, if it requires x orders of magnitude more personnel for fraud/risk/etc management, or if it degrades the experience of other users on the service willing to perform attestation. Maybe this is the right approach, maybe we just need some good regulation that won't deepen the moat of existing players, but this is the crux of the argument being made.
> We are here to remind you that the TPM requirement of Windows 11 furthers the agenda to protect the PC against you, its owner.
No. It's to protect third party services that your PC makes network requests to. Your PC in itself doesn't need any protection from you.
Ok, so instead of Microsoft turning my PC into an Xbox, it's banks asking Microsoft to turn my PC into a credit card reader. This is not materially different.
We already know how this works on Android. Attestation requirements and DRM tend to creep beyond their initial scope if implementing them is easy. And those requirements will include not having owner-level control over your machine[0]. If you root Android, you basically forefeit access to all banking apps, most gaming apps, and a whole bunch of things that you wouldn't even think should require secure attestation.
On the web, we all thought that EME DRM was going to lock down web video and cascade into audio and text. This didn't come to pass primarily because DRM vendors charge money that free web video platforms don't have. If EME had made DRM ubiquitous, the best case would have been one distro vendor offering "blessed" kernel builds that can still "go online", and anyone wanting to be online with their own Linux kernel potentially violating DMCA 1201 or being limited to an increasingly shrinking "clearweb".
There's three types of companies here:
- People that absolutely need user-hostile attestation: banks, competitive multiplayer games, and streaming services
- People that would never demand attestation on principle: normal websites, blogs, web forums, the Fediverse, and YouTube[1]
- People who would implement attestation if it were available regardless of the impact on their user base: Facebook/Meta, Twitter, basically any social media network.
That third group is arguably the largest. They will tolerate unattested users, but they wish they didn't have to. Making attestation easier makes it way more likely for them to demand it.
[0] This could be made less onerous with per-partition boot policies, but only Apple Macs do this AFAIK.
[1] YouTube's stance on DRM is very very weird. Google has the capability to DRM all their content, but they don't. And they've used YouTube as a trojan horse to push open standards like VP8/9 and AV1. On the other hand, they do try to obfuscate video download in ways that the RIAA thinks is DRM.
> The underlying point you should be calling out if you want to present this argument is that "User freedom should prevail over companies' freedom".
I'm still baffled by the DMCA's anti-circumvention clause in that regard. While users are given some rights in the DMCA, companies seem to be perfectly free to trample over those rights using technological restrictions. If users then try to circumvent those restrictions, suddenly they are in violation of the law.
One of the reasons why Microsoft and OEMs are promoting TPM is to encourage planned obsolescence, so that users will replace their PCs as often as they replace their smartphones, right?
"(Lenovo) said people buy new smartphones every other year but became accustomed used to buying new PCs every six or seven years. The industry needs to do better at motivating people to buy new devices"
Tbh I'd expect the trend of upgrading phones to start to slow down as well as they become "good enough" but there are still pretty big gains being made in cameras.
Laptops are just good enough now. If you took the 3 year old M1 internals, and stuck them in the new case and told me it was the 2024 model, I'd not notice anything was off.
A capitalist economy predicated on infinite growth necessarily needs planned obsolescence to artificially churn consumption to increase growth (with new devices costing more). With public-traded companies bound to make profits for shareholders, this is no surprise.
> Did you know that technologies such as Intel Boot Guard that have existed for the better part of a decade defend well against such attacks that might seek to overwrite flash memory?
It's rather funny to see Boot Guard as a "good" example here. Boot Guard is what's actually taking freedom away. With a vendor-locked Boot Guard configuration, you cannot replace the firmware with anything not signed by the vendor. Bye bye dreams of coreboot (until a private key leaks like it just did ha ha).
Netflix & co denying service to machines that don't pass Microsoft attestation? Literally who cares, just go to The Pirate Bay instead.
„ specifically, Lockpick bypasses the Console TPMs to permit unauthorized access to, extraction of, and decryption of all the cryptographic keys, including product keys, contained in the Nintendo Switch“
Except, in the future, your Linux partition will be unable to access most online services because they'll all rely on remote attestation to check if your device is running an unmodified Windows OS, similar to what many android apps already do.
I switched to full time macOS in 2019 from a 15 year background professionally on Windows in IT admin/architect type roles.
Granted, at that point Windows was web browser, IDE, and remoting into Linux machines for 95% of my work.
I appreciate having first class support for all my command line tools and utils, which I generally get on macOS. I have linuxified my macOS experience, installing and pathing gnu versions of everything you would normally expect. I rarely use the utils from macOS.
I have a Windows gaming PC that hasn't been powered on this year.
I like my MBP battery life and lack of futzing needed for my work (I do use better touch tool, but that's it).
I have turned down further interviews if I find out I'm going to be saddled with a corporate locked down Windows laptop.
Not me. Any work I'm doing for an employer is done solely on equipment they supply and everything else is done solely on my own equipment. Never the twain shall meet. So my personal machines are all 100% Linux, and my work machines are all whatever my employer wants them to be.
I guess I do have multiple partitions after all, they're just on different machines!
If Windows is required for work then you've already lost. Seriously I'm unable to be productive in Windows (or Mac, I tried). I don't know what the stats are on employers requiring Windows but my current one doesn't (mainly because of a sizable chunk of Mac users, not that there's any support for Linux).
Except that it can't actually do that, because x86 DRTM doesn't remove SMM handlers installed by the system firmware, ACPI tables also remain resident and could be changed to contain malicious code, etc.
I was so into locking down systems, making sure I knew where every packet was going, not trusting anything.
Meanwhile I'm also "wardriving", phreaking with a red box, running an underground BBS ... all sorts of stuff. I had one of those fancy t-shirts with the export-restricted RSA encryption source code printed it. Because, why not?
Now I just quickly skim a 2 year old article about Windows 11 and TPM again, on a Windows 11 device, and have just enough left in me to post a comment.
> You see, the PC (emphasis on personal here) is in a way the last bastion of digital freedom you have. The TPM requirement of Windows 11 furthers the agenda to protect the PC against you, its owner. These keys are then cryptographically tied to the vendor who issued them, and as such, not only does a TPM uniquely identify your machine anywhere in the world, but content distributors can pick and choose what TPM vendors they want to trust.
Every time these technologies come out, there are similar "it's all over" scenarios. But so far it hasn't been all over, and I've been around a while. I recall Intel Management Engine (ME) really piquing my interest for a bit. So my computer now has a computer running on it, that still runs when I turn it off, has access to the system hardware, including memory, the contents of the display, keyboard input, and the network? And the keys to the kingdom are secure ... they haven't been shared with anyone else who may be highly interested in having those ... ?
Hello, anyone ... I'm still secure, right? ... right!? Forget it, I'll just disable it. Oh. Nevermind. Wait ... what? Intel ME has a ring −3 rootkit??! Just ... ah, forget it ... what's on TV?
And then AMD shows up with their own. At least that one can be disabled by BIOS. I think? Hope?
> Did we mention that a TPM isn’t going to protect you from UEFI malware that was planted on the device by a rogue agent at manufacture time?
If you are the target of a rogue agent at manufacturing time, that is way past "game over". If they want it they're going to get it and you're not going to stop it by having, or not having, things like TPM on a Windows machine. I can't tell if this is more about losing the ability to watch HD video and DRM, or if nation states are coming after you. Those are slightly different. I'd personally prefer neither but I'd settle for the former. If it's security then it's more Tor/Tails and a USB key than Windows.
Certain groups can even shut down highly specialized air-gapped equipment that is deeply underground. It's like "if there's a will, there's a way".
and that's one of the reasons I see no use in TPM. This is also a layer of complexity which usually is the opposite of more security.
TBH I don't get it why people cheer this TPM and Secure Boot stuff as much.
Bran_son|2 years ago
Explains why official sites don't explain what the TPM is beyond "security" [1], nor that this "security" means "security against the owner" - though the computer is nominally yours, it's built to keep secrets from you.
[1] https://support.microsoft.com/en-us/topic/what-is-tpm-705f24...
fuzzfactor|2 years ago
As this was foisted and users became accustomed to the migration away from more well-proven traditional operation, the page was edited into oblivion as it could be seen users would have better recognized the falsehood by then after having some direct experience.
So many "influencers" were already carrying the flag on their own that the page was eventually removed.
TPM came next.
trympet|2 years ago
tashian|2 years ago
TPMs were originally designed in the early days of ecommerce, when it became clear that home computers would need better security if they were going to be used for financial transactions.
Today's TPMs don't have a lot of compute power, but they have a lot of features. It's just that we don't have that much software taking the best advantage of those features yet, probably because they have only just become ubiquitous in the last couple years.
TPMs lay the groundwork for unphishable credentials, using hardware-bound asymmetric keys.
TPMs add a user-friendly option for full-disk encryption, in a way that's resistant to physical attacks.
TPMs can be used to protect symmetric credentials too, instead of storing them on disk (see systemd-creds TPM2 support).
And, TPMs do have actual privacy mechanisms. End-user TPMs do not offer up their endorsement key to any third party. Attestation workflows shield third parties from the endorsement key.
I'm excited for more widespread use of TPMs in Linux especially. Lately systemd has been making some good progress here.
Gigachad|2 years ago
xg15|2 years ago
Then how do endorsement keys work?
If I understood the OP correctly, the purpose of the endorsement key is so a third party can choose only to accept attestation from TPMs of "trusted" vendors. How does this work if the third party can't query the endorsement key?
JohnFen|2 years ago
judge2020|2 years ago
Asking for widespread change and the death of TPM attestation is like saying that companies should be forced to serve all customers even if it degrades the services they provide, if it requires x orders of magnitude more personnel for fraud/risk/etc management, or if it degrades the experience of other users on the service willing to perform attestation. Maybe this is the right approach, maybe we just need some good regulation that won't deepen the moat of existing players, but this is the crux of the argument being made.
> We are here to remind you that the TPM requirement of Windows 11 furthers the agenda to protect the PC against you, its owner.
No. It's to protect third party services that your PC makes network requests to. Your PC in itself doesn't need any protection from you.
kmeisthax|2 years ago
We already know how this works on Android. Attestation requirements and DRM tend to creep beyond their initial scope if implementing them is easy. And those requirements will include not having owner-level control over your machine[0]. If you root Android, you basically forefeit access to all banking apps, most gaming apps, and a whole bunch of things that you wouldn't even think should require secure attestation.
On the web, we all thought that EME DRM was going to lock down web video and cascade into audio and text. This didn't come to pass primarily because DRM vendors charge money that free web video platforms don't have. If EME had made DRM ubiquitous, the best case would have been one distro vendor offering "blessed" kernel builds that can still "go online", and anyone wanting to be online with their own Linux kernel potentially violating DMCA 1201 or being limited to an increasingly shrinking "clearweb".
There's three types of companies here:
- People that absolutely need user-hostile attestation: banks, competitive multiplayer games, and streaming services
- People that would never demand attestation on principle: normal websites, blogs, web forums, the Fediverse, and YouTube[1]
- People who would implement attestation if it were available regardless of the impact on their user base: Facebook/Meta, Twitter, basically any social media network.
That third group is arguably the largest. They will tolerate unattested users, but they wish they didn't have to. Making attestation easier makes it way more likely for them to demand it.
[0] This could be made less onerous with per-partition boot policies, but only Apple Macs do this AFAIK.
[1] YouTube's stance on DRM is very very weird. Google has the capability to DRM all their content, but they don't. And they've used YouTube as a trojan horse to push open standards like VP8/9 and AV1. On the other hand, they do try to obfuscate video download in ways that the RIAA thinks is DRM.
xg15|2 years ago
I'm still baffled by the DMCA's anti-circumvention clause in that regard. While users are given some rights in the DMCA, companies seem to be perfectly free to trample over those rights using technological restrictions. If users then try to circumvent those restrictions, suddenly they are in violation of the law.
AraceliHarker|2 years ago
"(Lenovo) said people buy new smartphones every other year but became accustomed used to buying new PCs every six or seven years. The industry needs to do better at motivating people to buy new devices"
https://www.cnbc.com/2021/10/05/microsofts-panos-panay-expla...
Gigachad|2 years ago
Laptops are just good enough now. If you took the 3 year old M1 internals, and stuck them in the new case and told me it was the 2024 model, I'd not notice anything was off.
toastal|2 years ago
api|2 years ago
floatboth|2 years ago
It's rather funny to see Boot Guard as a "good" example here. Boot Guard is what's actually taking freedom away. With a vendor-locked Boot Guard configuration, you cannot replace the firmware with anything not signed by the vendor. Bye bye dreams of coreboot (until a private key leaks like it just did ha ha).
Netflix & co denying service to machines that don't pass Microsoft attestation? Literally who cares, just go to The Pirate Bay instead.
G3rn0ti|2 years ago
https://gbatemp.net/threads/nintendo-reportedly-issues-dmca-...
„ specifically, Lockpick bypasses the Console TPMs to permit unauthorized access to, extraction of, and decryption of all the cryptographic keys, including product keys, contained in the Nintendo Switch“
jimbob45|2 years ago
bakugo|2 years ago
InvaderFizz|2 years ago
Granted, at that point Windows was web browser, IDE, and remoting into Linux machines for 95% of my work.
I appreciate having first class support for all my command line tools and utils, which I generally get on macOS. I have linuxified my macOS experience, installing and pathing gnu versions of everything you would normally expect. I rarely use the utils from macOS.
I have a Windows gaming PC that hasn't been powered on this year.
I like my MBP battery life and lack of futzing needed for my work (I do use better touch tool, but that's it).
I have turned down further interviews if I find out I'm going to be saddled with a corporate locked down Windows laptop.
hammyhavoc|2 years ago
throwaway173738|2 years ago
navjack27|2 years ago
Rimintil|2 years ago
If statistics bear out, you'd be incorrect (at least with regards to a non-Windows OS being run by 'most').
bitwize|2 years ago
I keep a bright line between personal equipment and work equipment.
Anyway, my last few jobs have given me Macs for development.
JohnFen|2 years ago
I guess I do have multiple partitions after all, they're just on different machines!
ldarby|2 years ago
nly|2 years ago
unknown|2 years ago
[deleted]
emily-c|2 years ago
DRTM, a technology supported by Windows 11 that is layered on top of the TPM, aims to solve this very problem.
hlandau|2 years ago
unknown|2 years ago
[deleted]
EMM_386|2 years ago
I was so into locking down systems, making sure I knew where every packet was going, not trusting anything. Meanwhile I'm also "wardriving", phreaking with a red box, running an underground BBS ... all sorts of stuff. I had one of those fancy t-shirts with the export-restricted RSA encryption source code printed it. Because, why not?
Now I just quickly skim a 2 year old article about Windows 11 and TPM again, on a Windows 11 device, and have just enough left in me to post a comment.
> You see, the PC (emphasis on personal here) is in a way the last bastion of digital freedom you have. The TPM requirement of Windows 11 furthers the agenda to protect the PC against you, its owner. These keys are then cryptographically tied to the vendor who issued them, and as such, not only does a TPM uniquely identify your machine anywhere in the world, but content distributors can pick and choose what TPM vendors they want to trust.
Every time these technologies come out, there are similar "it's all over" scenarios. But so far it hasn't been all over, and I've been around a while. I recall Intel Management Engine (ME) really piquing my interest for a bit. So my computer now has a computer running on it, that still runs when I turn it off, has access to the system hardware, including memory, the contents of the display, keyboard input, and the network? And the keys to the kingdom are secure ... they haven't been shared with anyone else who may be highly interested in having those ... ?
Hello, anyone ... I'm still secure, right? ... right!? Forget it, I'll just disable it. Oh. Nevermind. Wait ... what? Intel ME has a ring −3 rootkit??! Just ... ah, forget it ... what's on TV?
And then AMD shows up with their own. At least that one can be disabled by BIOS. I think? Hope?
> Did we mention that a TPM isn’t going to protect you from UEFI malware that was planted on the device by a rogue agent at manufacture time?
If you are the target of a rogue agent at manufacturing time, that is way past "game over". If they want it they're going to get it and you're not going to stop it by having, or not having, things like TPM on a Windows machine. I can't tell if this is more about losing the ability to watch HD video and DRM, or if nation states are coming after you. Those are slightly different. I'd personally prefer neither but I'd settle for the former. If it's security then it's more Tor/Tails and a USB key than Windows.
Certain groups can even shut down highly specialized air-gapped equipment that is deeply underground. It's like "if there's a will, there's a way".
frankzander|2 years ago
and that's one of the reasons I see no use in TPM. This is also a layer of complexity which usually is the opposite of more security. TBH I don't get it why people cheer this TPM and Secure Boot stuff as much.
LocalH|2 years ago