this post was submitted on 09 Oct 2023
299 points (94.6% liked)
Technology
59598 readers
3540 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Your tinfoil hat is showing...
IIRC you can store new keys in the TPM, they're just not going to be signed by the manufacturer.
That wouldn't work... and isn't how that works... That would require browser vendors to actually implement some kind of "here's my TPM" handshake and websites to care enough to refuse service if you fail that validation.
If someone wanted to do that, they could do that already without a TPM. Error: "You must have a valid license from Microsoft or Apple DRM to use the internet."
The reason it could work for games is they could tie their game anticheat into the TPM ... and that's something that has to happen as an agreement between vendors for specific games, anti-cheats, or stores. This could (and I am talking out of my ass a bit here as I don't know the full details of how TPM boot validation works -- though TPM passthrough, like GPU passthrough is a thing in QEMU) potentially open the door for VMs that can play games as well if someone wanted to invest the time, as in theory the TPM could validate the Windows 11 VM boot hasn't been tampered with.
Also, a TPM is not DRM, it's a cryptography coprocessor with verifiably secured keys... that's just a unique hardware function that's desirable (particularly for certain corporate environments, militaries, etc), that want to verify their devices haven't been hacked) can't be done any other way.
Fearing a TPM is like the folks foreshadowing that secure boot was going to be the end of Linux; it wasn't and it isn't. That's true of this particular piece of hardware as well (and, it can be used for other things).
Do you have an actual argument? Because again, I'm literally forced to have a TPM module to use the current version of Windows. You can't say "that's crazy conspiracy talk" WHILE IT'S HAPPENING.
Yes, which is the problem.
Yes, in a hypothetical scenario where browser vendors are forced to implement a TPM handshake, they'd have to implement a TPM handshake. Since the hypothetical situation isn't reality as of right now, it's not how that works. Are you playing dumb?
Yes, but I can currently create a new account or otherwise circumvent these issues. There is no way to block my device in a centralised manner, except that now the hardware is in place to force such a thing by regulatory bodies.
I never said a TPM is DRM. Could you try to stay on point?
No, it's not.
Whatever, do or don't freak out about it. It's happening with or without your support, and it will be just fine.
All the bad things that could happen could happen with or without a TPM.
They can't, and it's scary that you don't realise this.