this post was submitted on 05 Jan 2025
146 points (98.7% liked)

Opensource

1590 readers
11 users here now

A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!

CreditsIcon base by Lorc under CC BY 3.0 with modifications to add a gradient


founded 1 year ago
MODERATORS
pylapp
146
FSF Urges Moving Off Microsoft's GitHub to Protest Windows 11's Requiring TPM 2.0 (news.slashdot.org)
submitted 3 days ago by [email protected] to c/opensource
45 comments fedilink hide all child comments
 

TPM is a dedicated chip or firmware enabling hardware-level security, housing encryption keys, certificates, passwords, and sensitive data, "and shielding them from unauthorized access," Microsoft senior product manager Steven Hosking wrote last month, declaring TPM 2.0 to be "a non-negotiable standard for the future of Windows."

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 19 points 2 days ago* (last edited 2 days ago) (1 children)

Here is an (old but updated) article on the topic.

As of 2015, the main method of distributing copies of anything is over the internet, and specifically over the web. Nowadays, the companies that want to impose DRM on the world want it to be enforced by programs that talk to web servers to get copies. This means that they are determined to control your browser as well as your operating system. The way they do this is through “remote attestation”—a facility with which your computer can “attest” to the web server precisely what software it is running, such that there is no way you can disguise it. The software it would attest to would include the web browser (to prove it implements DRM and gives you no way to extract the unencrypted data), the kernel (to prove it gives no way to patch the running browser), the boot software (to prove it gives no way to patch the kernel when starting it), and anything else relating to the security of the DRM companies' dominion over you.

Under an evil empire, the only crack by which you can reduce its effective power over you is to have a way to hide or disguise what you are doing. In other words, you need a way to lie to the empire's secret police. “Remote attestation” is a plan to force your computer to tell the truth to a company when its web server asks the computer whether you have liberated it.

[...]

As of 2022, the TPM2, a new “Trusted Platform Module”, really does support remote attestation and can support DRM. The threat I warned about in 2002 has become terrifyingly real.

Remote attestation is actually in use by “Google SafetyNet” (now part of the “Play Integrity API”), which verifies that the Android operating system running in a snoop-phone is an official Google version.

This malicious functionality already makes it impossible to run some bank apps on GrapheneOS, which is a modified version of Android that eliminates some, though not all, of the nonfree software that Android normally contains.

This kind of walled garden where you don't really control your machine is where MS wants to get, and TPM2 supposedly enables them to do that or is a step in that direction.

[–] [email protected] 2 points 2 days ago

Damn. Thanks for the info