Windows 11: TPMs and Digital Sovereignty

&gt; You’ve probably noticed that the marketing for this requirement is vague and confusing, and that’s intentional. It doesn’t do much for you, the consumer. However, it does set the stage for the future where Microsoft begins shipping their TPM on your processor. Enter Microsoft’s Pluton. The same technology is present in the Xbox. It would be an absolute dream come true for companies and vendors with special interests to completely own and control your PC to the same degree as a phone or the Xbox.<p>Explains why official sites don&#x27;t explain what the TPM is beyond &quot;security&quot; [1], nor that this &quot;security&quot; means &quot;security <i>against</i> the owner&quot; - though the computer is nominally yours, it&#x27;s built to keep secrets from you.<p>[1] <a href="https:&#x2F;&#x2F;support.microsoft.com&#x2F;en-us&#x2F;topic&#x2F;what-is-tpm-705f241d-025d-4470-80c5-4feeb24fa1ee" rel="nofollow">https:&#x2F;&#x2F;support.microsoft.com&#x2F;en-us&#x2F;topic&#x2F;what-is-tpm-705f24...</a>

I agree with the sentiment of the piece, but I disagree with the idea that TPMs don&#x27;t add much value for end users.<p>TPMs were originally designed in the early days of ecommerce, when it became clear that home computers would need better security if they were going to be used for financial transactions.<p>Today&#x27;s TPMs don&#x27;t have a lot of compute power, but they have a lot of features. It&#x27;s just that we don&#x27;t have that much software taking the best advantage of those features yet, probably because they have only just become ubiquitous in the last couple years.<p>TPMs lay the groundwork for unphishable credentials, using hardware-bound asymmetric keys.<p>TPMs add a user-friendly option for full-disk encryption, in a way that&#x27;s resistant to physical attacks.<p>TPMs can be used to protect symmetric credentials too, instead of storing them on disk (see systemd-creds TPM2 support).<p>And, TPMs do have actual privacy mechanisms. End-user TPMs do not offer up their endorsement key to any third party. Attestation workflows shield third parties from the endorsement key.<p>I&#x27;m excited for more widespread use of TPMs in Linux especially. Lately systemd has been making some good progress here.

The underlying point you <i>should</i> be calling out if you want to present this argument is that &quot;User freedom should prevail over companies&#x27; freedom&quot;. The only thing attestation enables is companies enacting their own policies along the lines of &quot;I only want users who are willing to let their device attest x level of security&quot;. The user is not required to use that service, they&#x27;re not required to run W11 or to enable the fTPM in their BIOS.<p>Asking for widespread change and the death of TPM attestation is like saying that companies should be forced to serve all customers even if it degrades the services they provide, if it requires x orders of magnitude more personnel for fraud&#x2F;risk&#x2F;etc management, or if it degrades the experience of other users on the service willing to perform attestation. Maybe this is the right approach, maybe we just need some good regulation that won&#x27;t deepen the moat of existing players, but this is the crux of the argument being made.<p>&gt; We are here to remind you that the TPM requirement of Windows 11 furthers the agenda to protect the PC against you, its owner.<p>No. It&#x27;s to protect third party services that your PC makes network requests to. Your PC in itself doesn&#x27;t need any protection from you.

One of the reasons why Microsoft and OEMs are promoting TPM is to encourage planned obsolescence, so that users will replace their PCs as often as they replace their smartphones, right?<p>&quot;(Lenovo) said people buy new smartphones every other year but became accustomed used to buying new PCs every six or seven years. The industry needs to do better at motivating people to buy new devices&quot;<p><a href="https:&#x2F;&#x2F;www.cnbc.com&#x2F;2021&#x2F;10&#x2F;05&#x2F;microsofts-panos-panay-explains-balancing-surface-keeping-oems-happy.html" rel="nofollow">https:&#x2F;&#x2F;www.cnbc.com&#x2F;2021&#x2F;10&#x2F;05&#x2F;microsofts-panos-panay-expla...</a>

&gt; Did you know that technologies such as Intel Boot Guard that have existed for the better part of a decade defend well against such attacks that might seek to overwrite flash memory?<p>It&#x27;s rather funny to see Boot Guard as a &quot;good&quot; example here. Boot Guard is what&#x27;s actually taking freedom away. With a vendor-locked Boot Guard configuration, you cannot replace the firmware with anything not signed by the vendor. Bye bye dreams of coreboot (until a private key leaks like it just did ha ha).<p>Netflix &amp; co denying service to machines that don&#x27;t pass Microsoft attestation? Literally who cares, just go to The Pirate Bay instead.

Regarding TPM’s security see also:<p><a href="https:&#x2F;&#x2F;gbatemp.net&#x2F;threads&#x2F;nintendo-reportedly-issues-dmca-takedown-for-switch-homebrew-projects-skyline-switch-emulator-development-ceased.632406&#x2F;" rel="nofollow">https:&#x2F;&#x2F;gbatemp.net&#x2F;threads&#x2F;nintendo-reportedly-issues-dmca-...</a><p>„ specifically, Lockpick bypasses the Console TPMs to permit unauthorized access to, extraction of, and decryption of all the cryptographic keys, including product keys, contained in the Nintendo Switch“

I have to believe most of us here on HN are in the boat of keeping a W11 partition for work and a Linux partition for everything else at this point.

&gt;Did we mention that a TPM isn’t going to protect you from UEFI malware that was planted on the device by a rogue agent at manufacture time?<p>DRTM, a technology supported by Windows 11 that is layered on top of the TPM, aims to solve this very problem.

Wow ... I am getting old and jaded.<p>I was so into locking down systems, making sure I knew where every packet was going, not trusting anything. Meanwhile I&#x27;m also &quot;wardriving&quot;, phreaking with a red box, running an underground BBS ... all sorts of stuff. I had one of those fancy t-shirts with the export-restricted RSA encryption source code printed it. Because, why not?<p>Now I just quickly skim a 2 year old article about Windows 11 and TPM again, on a Windows 11 device, and have just enough left in me to post a comment.<p>&gt; You see, the PC (emphasis on personal here) is in a way the last bastion of digital freedom you have. The TPM requirement of Windows 11 furthers the agenda to protect the PC against you, its owner. These keys are then cryptographically tied to the vendor who issued them, and as such, not only does a TPM uniquely identify your machine anywhere in the world, but content distributors can pick and choose what TPM vendors they want to trust.<p>Every time these technologies come out, there are similar &quot;it&#x27;s all over&quot; scenarios. But so far it hasn&#x27;t been all over, and I&#x27;ve been around a while. I recall Intel Management Engine (ME) really piquing my interest for a bit. So my computer now has a computer running on it, that still runs when I turn it off, has access to the system hardware, including memory, the contents of the display, keyboard input, and the network? And the keys to the kingdom are secure ... they haven&#x27;t been shared with anyone else who may be highly interested in having those ... ?<p>Hello, anyone ... I&#x27;m still secure, right? ... right!? Forget it, I&#x27;ll just disable it. Oh. Nevermind. Wait ... what? Intel ME has a ring −3 rootkit??! Just ... ah, forget it ... what&#x27;s on TV?<p>And then AMD shows up with their own. At least that one can be disabled by BIOS. I think? Hope?<p>&gt; Did we mention that a TPM isn’t going to protect you from UEFI malware that was planted on the device by a rogue agent at manufacture time?<p>If you are the target of a rogue agent at manufacturing time, that is way past &quot;game over&quot;. If they want it they&#x27;re going to get it and you&#x27;re not going to stop it by having, or not having, things like TPM on a Windows machine. I can&#x27;t tell if this is more about losing the ability to watch HD video and DRM, or if nation states are coming after you. Those are slightly different. I&#x27;d personally prefer neither but I&#x27;d settle for the former. If it&#x27;s security then it&#x27;s more Tor&#x2F;Tails and a USB key than Windows.<p>Certain groups can even shut down highly specialized air-gapped equipment that is deeply underground. It&#x27;s like &quot;if there&#x27;s a will, there&#x27;s a way&quot;.

(2021)