- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
As part of their “Defective by Design” anti-DRM campaign, the FSF recently made the following claim:
Today, most of the major streaming media platforms utilize the TPM to decrypt media streams, forcefully placing the decryption out of the user’s control (from here).
This is part of an overall argument that Microsoft’s insistence that only hardware with a TPM can run Windows 11 is with the goal of aiding streaming companies in their attempt to ensure media can only be played in tightly constrained environments.
I’m going to be honest here and say that I don’t know what Microsoft’s actual motivation for requiring a TPM in Windows 11 is. I’ve been talking about TPM stuff for a long time. My job involves writing a lot of TPM code. I think having a TPM enables a number of worthwhile security features. Given the choice, I’d certainly pick a computer with a TPM. But in terms of whether it’s of sufficient value to lock out Windows 11 on hardware with no TPM that would otherwise be able to run it? I’m not sure that’s a worthwhile tradeoff.
What I can say is that the FSF’s claim is just 100% wrong, and since this seems to be the sole basis of their overall claim about Microsoft’s strategy here, the argument is pretty significantly undermined. I’m not aware of any streaming media platforms making use of TPMs in any way whatsoever. There is hardware DRM that the media companies use to restrict users, but it’s not in the TPM - it’s in the GPU.
You must log in or register to comment.
I think having a TPM enables a number of worthwhile security features.
But most of those security features place the TPM at the root of trust, something that is SEVERELY undermined by the fact that it is not open source, meaning it is inherently untrustworthy.
Is it not the one chip we should demand and accept nothing less than complete openness in its implementation and complete control by the person who owns the device? I also think the types of protections it grants in theory are very good, but the fact that it’s proprietary means it’s terrible at actually granting you those protections.
really, unless it’s a Precursor-style open chip and able to be verified by the consumer that it hasn’t been tampered with, then we’re already putting an awful lot of faith in the primary CPUs in our systems, anyway
- https://www.crowdsupply.com/sutajio-kosagi/precursor
- https://media.ccc.de/v/39c3-xous-a-pure-rust-rethink-of-the-embedded-operating-system
there’s also so much mistrust of TPMs that every verified damage wrought by them ought to be very well documented by now
TPMs are certainly worthy of our vigilance, but it seems like we should be spending more energy pestering CPU and GPU vendors for better behaviour
The encryption of streaming media is annoying, but it’s not what I fear. The ability to lock the software that I run on my hardware to “approved vendors” only is what worries me, and it’s what TPM promises. A security model where the only trusted party isn’t even the person owning the hardware.
In practice, Machine Owner Keys are a thing, though it depends on Microsoft still signing shim, I believe.
Having Microsoft in the chain of trust rather than a standards body is rather concerning, though.
Modern hardware absolutely should have an encryption processor; TPM just isn’t great.
Agreed. I use Secure Boot on my Linux systems with my own keys. Let’s not confuse it with Restricted Boot, which is awful.
Historical context : it’s a 1yo post.
TPM itself isn’t the problem. TPM itself technical might be a good solution, what the FSF precisely put forward is “out of the user’s control”. They even mention how it’s not about theoretical ideas but how it’s actually used. If Microsoft gets to decide HOW your computers works DESPITE you wanting NOT to behave that way AND it makes Microsoft itself, or its partners, even more entrenched then it’s a serious problem, it means “your” computer is their computer.
What we have all witnessed is that bit by bit OSes like Windows, but also MacOS and Android, are not simply providing stores or tightly controllers channel (with fees for themselves) but ALSO removing entirely, or making it radically harder, to install software the user actually wants to install (not malware).
It’s not about TPM, it’s as usual about who control your computer.
Agree. Saying TPM is bad is same as saying Encryption is bad. It’s not about the technology. It’s about the evil hearted corporations using these technologies to limit user freedom.
what’s frustrating is that we can’t really vote with our wallets, and any right-to-repair or consumer-is-in-charge movement is going to be limited by intelligence agencies, corporations like John Deere, Apple, and the entire entertainment industry
limited by intelligence agencies, corporations like John Deere, Apple, and the entire entertainment industry
What do you think of commercial platforms like CrowdSupply with e.g. https://www.crowdsupply.com/search?q=tpm where OSHW solutions can be sold to individual and companies?
seems good?
I bought my Precursor on CrowdSupply :)
I’ll probably buy more stuff in future there
and I’m also a big fan of https://mntre.com/ although I’m waiting for the next model that’s currently in development
Neat, also got my Precursor there, but then are you saying that projects there are limited and if so how?
oh, sorry, now I understand the question
yes, devices available in CrowdSupply tend to philosophically align with my values: owner is in charge, no subscriptions, cloud connectivity is not a thing or completely optional, schematics are open, drivers are open, etc
so they aren’t usually interfered with at a functionality or technological level
but they’re popularity and availability are subject to interference: we’ve already had multiple governments ban or consider banning the Flipper Zero for various reasons
and we have various media codec patents and DRM requirements that prevent truly open devices from being able to be used for popular purposes like streaming video content which pretty much guarantees that only industry-approved devices will ever gain wide distribution and popularity
I don’t think it’s too tin-foil hat to suggest that if a truly open device did gain popularity somehow, that we’d see IP lawsuits or import restrictions or mandatory modifications (e.g. countries attempting to mandate a government-operated surveillance app preinstalled on over smartphone)
I think that’s an important distinction here :
- there can be NO genuinely open devices
versus
- open devices can’t be popular
So when you say “what’s frustrating is that we can’t really vote with our wallets, and any right-to-repair or consumer-is-in-charge movement is going to be limited by intelligence agencies, corporations like John Deere, Apple, and the entire entertainment industry” I disagree.
We CAN really vote with our wallets precisely by purchasing things like Precursor, MNT, NitroKey, etc while at the same time expecting, sadly, that it won’t become the most popular devices in the market. I believe allowing creators and maintainers of such system, and even distributors like CrowdSupply, to exist even though they are and might always remain niche, is already empowering. So I’d argue both of us already voted with our wallets on this topic and our acquaintances too.
I’d also be cautious about preemptive pessimism. Sure it’s important to be mindful of worrisome examples like the FlipperZero (which AFAICT is only banned for purchase in Brazil due to lack of Anatel’s certification for wireless, I believe it’s possible to legally bring and use a FlipperZero in the country but I’m not a lawyer) or DRM for streaming (which I thought was a huge deal until I disabled DRM support in my browser and basically nothing changed in my browsing habits) precisely to learn from them. Also FWIW I did gather some ideas on the topic at https://fabien.benetou.fr/Content/SwappingPartsOfTheRestrictionStack so I’d be curious about your opinion on the topic, suggestions welcomed.
I still have a lot of mistrust for the TPM, but that’s OK, my paranoia has room to accommodate everyone.
I replaced Raspberry Pis with Intel NUC mainly because NUC comes with TPM 2.0. I can now encrypt my drives without storing the key in plaintext.
I could not read the blog because it blocked me for using VPN (speaking of DRMs :) ). While I agree DRM is evil and should be ablolished from user’s computers, readers should not get wrong idea about TPM. It’s what protects your phone and servers from attackers. Desktop would also benefit from it a lot.
TPM. It’s what protects your phone and servers from attackers. Desktop would also benefit from it a lot.
Hard disagree here, TPM is only 1 more protection, it’s not what alone does protect your data.
Also desktop vs phone and servers are very different use cases. You can easily get your phone stolen in a public space. Your server if it hosted in a data center you don’t own might get compromised … but your desktop, it means breaking in or inviting in guests you do not trust. The situations are very different. Encrypting disks on a small device holding sensitive data, e.g. banking, that can easily be taken from you in public makes sense for most people. Doing so on a heavy bulky device that sits in your locked house where is quite another thing.
FWIW for RPi https://www.crowdsupply.com/anavi-technology/anavi-tpm-2-0-for-raspberry-pi and more generally to store anything anywhere https://shop.nitrokey.com/shop/nitrokey-storage-2-56
You can also do that without a TPM, you just have to remember a secure passphrase to unlock the drive encryption key.
https://www.semiaccurate.com/2022/01/18/amds-new-cpus-may-be-safe-to-deploy/
Just wait till you read about Pluton. 🙃
yea, ever since TPM was first making the conspiracy rounds in the 90’s there has been a huge misunderstanding of its purpose, let alone its capabilities. I 100% agree with the author that looking at the TPM as an evil blackbox is really just depriving users of a tool that can be implemented in an open source way to secure user privacy. The GPU however is impossible to implement in an opensource way by everyone except a small handful of semiconductor companies, and even then you would rely on proprietary microcode that woul take millions of manhours to reverse engineer if it were even possible. So if I were some megacorp who relied on Imaginary Property, the GPU that was exclusively created by a fellow megacorp is where I’d place my trust.
I also dont know why Win11 requires a tpm2.0, but since it does, and my current computer doesnt have one, I’m certanly not going to run it.
deleted by creator
