TPM can measure the Secure Boot state for later reporting (attestation) but when it comes to DRM, that’s not a terribly interesting bit of information, knowing the firmware and kernel are valid, when the configuration of the OS and installed applications is really the important part.
As far as I know there’s no real scalable way for that to work in the Windows ecosystem.
That makes sense to me. It just doesn’t seem that useful for DRM, seems like kind of a reach.
Especially in modern systems where the graphics card could do all of it and so the host PC never has access to the decrypted data or keys in the first place.
MBCook|1 year ago
Especially in modern systems where the graphics card could do all of it and so the host PC never has access to the decrypted data or keys in the first place.