Intel might have slipped that Windows 12 is indeed coming next year | Company CFO sees benefits of a coming “Windows Refresh”::undefined

  • Dark Arc@social.packetloss.gg
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    edit-2
    1 year ago

    They’re a weird case, but they’re able to basically improve boot validation, they can store keys, and they can act as an improved secure random number generator.

    https://wiki.archlinux.org/title/Trusted_Platform_Module#Using_TPM_2.0

    A TPM is just a piece of hardware, just because you don’t like how Microsoft used it … doesn’t mean it’s some technology for oppression or something. At worst, you can just not use it.

    That said, TPMs are supposed to have manufacturer signed keys. TPMs could conceivably be used to properly block someone cheating in an online game from returning (i.e. a “hardware ban”) since the crypto can’t be spoofed (like an IP, MAC address, or serial numbers).

    • FooBarrington@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      A TPM is just a piece of hardware, just because you don’t like how Microsoft used it … doesn’t mean it’s some technology for oppression or something. At worst, you can just not use it.

      That’s pretty terrible argumentation. All DRM measures are just “a piece of hardware” in the end, yet I’m forced by Microsoft to install a TPM2 module to use their latest software. How long until I no longer have the choice not to use it, even on a free OS?

      That said, TPMs are supposed to have manufacturer signed keys.

      And since I can’t change those keys and can’t look into the module, it can literally be used for oppression.

      TPMs could conceivably be used to properly block someone cheating in an online game from returning (i.e. a “hardware ban”) since the crypto can’t be spoofed (like an IP, MAC address, or serial numbers).

      Great example. Now imagine a centralized block list by the government for all major web services, for which the infrastructure is literally there now.

      • Dark Arc@social.packetloss.gg
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        edit-2
        1 year ago

        That’s pretty terrible argumentation. All DRM measures are just “a piece of hardware” in the end, yet I’m forced by Microsoft to install a TPM2 module to use their latest software. How long until I no longer have the choice not to use it, even on a free OS?

        Your tinfoil hat is showing…

        And since I can’t change those keys and can’t look into the module, it can literally be used for oppression.

        IIRC you can store new keys in the TPM, they’re just not going to be signed by the manufacturer.

        Great example. Now imagine a centralized block list by the government for all major web services, for which the infrastructure is literally there now.

        That wouldn’t work… and isn’t how that works… That would require browser vendors to actually implement some kind of “here’s my TPM” handshake and websites to care enough to refuse service if you fail that validation.

        If someone wanted to do that, they could do that already without a TPM. Error: “You must have a valid license from Microsoft or Apple DRM to use the internet.”

        The reason it could work for games is they could tie their game anticheat into the TPM … and that’s something that has to happen as an agreement between vendors for specific games, anti-cheats, or stores. This could (and I am talking out of my ass a bit here as I don’t know the full details of how TPM boot validation works – though TPM passthrough, like GPU passthrough is a thing in QEMU) potentially open the door for VMs that can play games as well if someone wanted to invest the time, as in theory the TPM could validate the Windows 11 VM boot hasn’t been tampered with.

        Also, a TPM is not DRM, it’s a cryptography coprocessor with verifiably secured keys… that’s just a unique hardware function that’s desirable (particularly for certain corporate environments, militaries, etc), that want to verify their devices haven’t been hacked) can’t be done any other way.

        Fearing a TPM is like the folks foreshadowing that secure boot was going to be the end of Linux; it wasn’t and it isn’t. That’s true of this particular piece of hardware as well (and, it can be used for other things).

        • FooBarrington@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          1 year ago

          Your tinfoil hat is showing…

          Do you have an actual argument? Because again, I’m literally forced to have a TPM module to use the current version of Windows. You can’t say “that’s crazy conspiracy talk” WHILE IT’S HAPPENING.

          IIRC you can store new keys in the TPM, they’re just not going to be signed by the manufacturer.

          Yes, which is the problem.

          That wouldn’t work… and isn’t how that works… That would require browser vendors to actually implement some kind of “here’s my TPM” handshake and websites to care enough to refuse service if you fail that validation.

          Yes, in a hypothetical scenario where browser vendors are forced to implement a TPM handshake, they’d have to implement a TPM handshake. Since the hypothetical situation isn’t reality as of right now, it’s not how that works. Are you playing dumb?

          If someone wanted to do that, they could do that already without a TPM. Error: “You must have a valid license from Microsoft or Apple DRM to use the internet.”

          Yes, but I can currently create a new account or otherwise circumvent these issues. There is no way to block my device in a centralised manner, except that now the hardware is in place to force such a thing by regulatory bodies.

          Also, a TPM is not DRM, it’s a cryptography coprocessor with verifiably secured keys… that’s just a unique hardware function that’s desirable (particularly for certain corporate environments, militaries, etc), that want to verify their devices haven’t been hacked) can’t be done any other way.

          I never said a TPM is DRM. Could you try to stay on point?

          Fearing a TPM is like the folks foreshadowing that secure boot was going to be the end of Linux; it wasn’t and it isn’t. That’s true of this particular piece of hardware as well (and, it can be used for other things).

          No, it’s not.

          • Dark Arc@social.packetloss.gg
            link
            fedilink
            English
            arrow-up
            0
            arrow-down
            1
            ·
            1 year ago

            Whatever, do or don’t freak out about it. It’s happening with or without your support, and it will be just fine.

            All the bad things that could happen could happen with or without a TPM.

            • FooBarrington@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              All the bad things that could happen could happen with or without a TPM.

              They can’t, and it’s scary that you don’t realise this.