My understanding is that TPM is secure, and Win 11 still supports TPM. Am I mistaken and/or misunderstanding your statement that Microsoft is enforcing a hardware requirement with a known back door?
Here's a significantly more credible (stacksmashing) video that demonstrates how ineffective some TPM implementations are. If the TPM was integrated into the CPU die, this attack would likely not be possible. https://www.youtube.com/watch?v=wTl4vEednkQ
Despite the TPM being a pretty good and useful idea as a secure enclave for storing secrets, I'm concerned that giving companies the ability to perform attestation of your system's "integrity" will make the PC platform less open. We may be headed towards the same hellscape that we are currently experiencing with mobile devices.
Average folks aren't typically trying to run Linux or anything, so most people wouldn't even notice if secure boot became mandatory over night and you could only run Microsoft-signed kernels w/ remote attestation. Nobody noticed/intervened when the same thing happened to Android, and now you can't root your device or run custom firmware without crippling it and preventing the use of software that people expect to be able to use (i.e. banking apps, streaming services, gov apps, etc.).
Regardless, this is more of a social issue than a technical issue. Regulatory changes (lol) or mass revolt (also somewhat lol) would be effective in putting an end to this. The most realistic way would be average people boycotting companies that do this, but I highly doubt anyone normal will do that, so this may just be the hell we are doomed for unless smaller manufacturers step up to the plate to continue making open devices.
Sure let’s just centralize hardware attestation to Microsoft’s cloud tied to a Microsoft account with keys you can’t change what could possibly go wrong?
This is all publicly documented by Microsoft you just need to translate their doublespeak.
Google is doing does the exact same thing and people were sounding the alarms when they did it but Microsoft gets a pass?
Use ChaGPT to outsource your critical thinking for you because I’m not gonna do it.
I've looked into this fella before because he didn't pass the smell test. He's running a grift selling schlocky cell phones and cloud services. His videos are excessively clickbait-y and show minimal understanding of the actual tech, it's more or less concentrated disinformation and half-understood talking points. GrapheneOS devs also had something to say about him: https://discuss.grapheneos.org/d/20165-response-to-dishonest...
I've had to learn about TPMs to figure out if they're the right technology with which to integrate a product I've worked on. I don't agree that they're a "neo-clipper-chip" in any real way based on my exposure to them.
While I'm not a cryptographer... I never really understood the appeal of these things outside of one very well-defined threat model: namely, they're excellent if you're specifically trying to prevent someone from physically taking your hard drive, and only your hard drive, and walking out of a data centre, office, or home with it.
It also provides measured boot, and I won't downplay it, it's useful in many situations to have boot-time integrity attestation.
The technology's interesting, but as best as I can tell, it's limited through the problem of establishing a useful root-of-trust/root-of-crypt. In general:
- If you have resident code on a machine with a TPM, you can access TPM secrets with very few protections. This is typically the case for FDE keys assuming you've set your machine up for unattended boot-time disk decryption.
- You can protect the sealed data exported from a TPM, typically using a password (plus the PCR banks of a specific TPM), though the way that password is transmitted to the TPM is susceptible to bus sniffing for TPM variants which live outside the CPU. There's also the issue of securing that password, now, though. If you're in enterprise, maybe you have an HSM available to help you with that, in which case the root-of-crypt scheme you have is much more reasonable.
- The TPM does provide some niceties like a hardware RNG. I can't speak to the quality of the randomness, but as I understand it, it must pass NIST's benchmarks to be compliant with the ISO TPM spec.
What I really don't get is why this is useful for the average consumer. It doesn't meaningfully provide FDE in particular in a world where the TPM and storage may be soldered onto the same board (and thus impractical to steal as a standalone unit rather than with the TPM alongside it).
I certainly don't understand what meaningful protections it can provide to game anti-cheats (which I bring up since apparently Battlefield 6 requires a TPM regardless of the underlying Windows version). That's just silly.
Ultimately, I might be misunderstanding something about the TPM at a fundamental level. I'm not a layperson when it comes to computer security, but I'm certainly not a specialist when it comes to designing or working with TPMs, so maybe there's some glaring a-ha thing I've missed, but my takeaway is that it's a fine piece of hardware that does its job well, but its job seems too niche to be useful in many cases; its API isn't very clear (suffering, if anything, from over-documentation and over-specification), and it's less a silver bullet and more a footgun.
> I never really understood the appeal of these things outside of one very well-defined threat model: namely, they're excellent if you're specifically trying to prevent someone from physically taking your hard drive, and only your hard drive, and walking out of a data centre, office, or home with it.
So basically the same thing you'd get by having an internal USB port on the system board where you could plug a thumb drive to keep the FDE key on it?
> It also provides measured boot, and I won't downplay it, it's useful in many situations to have boot-time integrity attestation.
That's the nefarious part. You get adversarial corporations trying to insist that you run their malware in order to use their service, and it's giving them a means to attempt to verify it.
Which doesn't actually work against sophisticated attackers, so the security value against real attacks is none, but it works against normies which in turn subjects the normies to the malware instead of letting someone give them an alternative to it that doesn't screw them.
If I knew absolutely nothing about TPM other than the circumstances in which it was made (who, what, why, when) I would have predicted from that alone that it wouldn't benefit consumers, wouldn't be secure, and that it was motivated by business, not technology.
This is incorrect. Not all CPUs supported by Windows 10 supported the VBS feature.
Microsoft is making the VBS mandatory for OEMs, hence the CPU needs support, hence the ~7 year old minimum requirement for CPUs in what Microsoft supports for Windows.
Yes, you can disable it during setup as a workaround, but it's exactly that. And why you'd want to make your system less secure, well I'll leave that to the exercise of the reader when they'll turn around two weeks from now and complain about Windows security.
Most of the requirements for that feature are UEFI features or a TPM, and have nothing to do with the CPU
The actual CPU requirements are VMX, SLAT, IOMMU and being 64 bit, which have all been available on the Intel side at least, since at least 2008, with some coming available even before that.
The CPU requirement was just an attempt to force people to buy new hardware they didn't need. Nothing more.
A perfect example of this is the Ryzen 5 1600. Its not officially supported but meets every single one of the requirements and had no trouble enabling the feature in the run up to the release of Win11 (before it was blocked for no reason). I know this because I did it.
Also they marked all but one 7th Intel Core CPU as unsupported, and the one they did add just so happens to be the one they were shipping in one of their Surface products. No way you can tell me this list was based fact and not the whims of some random PM when they do stuff like that.
> and why you'd want to make your system less secure,
I'd offer that the likely goal here is the most usable system possible, working with what one has. If folks are here, there's usually a lot of necessity factors in play.
They might sell more Windows 11 if it ran on more hardware. How does this make them money?
It's worth asking, but I think there's an answer: they want the OS to be transformed into an interface to their cloud where recurring revenue is easier. To do that, they need to make it more like a mobile OS and more locked down. TPM helps this.
Dropping windows 10 support is a pretty big lever to apply pressure to get people to upgrade to 11. Oh turns out you also “need” to buy new hardware to run it.
Dropping windows 10 support is a really reasonable decision. The focus is on 11, it's been out for almost 5 years. I'm guessing they are close to releasing 12 at this point, maybe in a year or two. Supporting three entire fully fledged oses is quite alot of work. I also understand supporting newer hardware, they dropped 32bit on 11 and moved the instruction set up a bit. You gotta do a cutoff somewhere and I'm happy that they are at least allowing us to use the improved performance our modern CPUs have. I'm not happy with alot of stuff, but I get this at least.
I'd argue it's probably time to drop 32-bit x86 support, but the rest of this stuff is arbitrary and doesn't have any tangible benefit except conveniently providing hardware manufacturers with an excuse to unload new hardware onto people when there's nothing wrong with what they have. (not to mention, pardon the conspiracy theory, they're probably trying to use the TPM to turn the PC into a smartphone-like platform)
It's surprising that when we had Win7 they did that brief "XP Mode" experiment with some virtualized-penalty box.
Why didn't that go further? Presumably virtually any x86-64 box currently in circulation would be fast enough to run a VM running a full copy of 32-bit XP/Win7/Win10, or even a full carousel (or download store) of DOS and early-windows releases. It could be the most compatible Windows ever, solving the weird "64-bit systems can't run some 16-bit apps" gotcha and perhaps allowing some way to bridge in support for devices that can only be driven by old 32-bit XP drivers.
> They might sell more Windows 11 if it ran on more hardware. How does this make them money?
Given the free Win 7/8->10->11 upgrade path, almost every end user who'd want a Windows license probably already has one. This leaves enterprise licensing and computer manufacturers (laptops, mini-PCs, desktops), who wouldn't care about this because they'll have newer hardware anyway.
No they will make the same money either way because they are selling the OS, not the hardware. They are requiring only newer hardware to limit their surface of exploitation and reduce their compatibility list.
They also sell a license with the new hardware. The bulk majority of the public never buy hardware without an OS. So yes, they are making more money with each new hardware sale. Plus the increase of forced advertising means they make more per user, effectively double dipping.
Why do you feel the need to defend a convicted monopolist for engaging in user hostile behavior?
