|
Security modules are prone to abuses by various interest groups, but by themselves, they are never inherently evil or even desirable if it has an open standard, and is under the control of a user. TPM and trusted computering is an interesting case, it was originally planned to be the foundation of an unbreakable DRM system, however, this didn't go according to the plan. To this day, the most harmful result was Secure Boot and Boot Guard, but the TPMs are never used in any significant DRM systems. Today it's genuinely a security tool under user's control. For example, see my explanation of how TPM-backed verified boot can help ensuring integrity of BIOS and bootloader. https://news.ycombinator.com/item?id=18034227 Quote Richard Stallman, As of 2015, treacherous computing has been implemented for PCs in the form of the “Trusted Platform Module”; however, for practical reasons, the TPM has proved a total failure for the goal of providing a platform for remote attestation to verify Digital Restrictions Management. Thus, companies implement DRM using other methods. At present, “Trusted Platform Modules” are not being used for DRM at all, and there are reasons to think that it will not be feasible to use them for DRM. Ironically, this means that the only current uses of the “Trusted Platform Modules” are the innocent secondary uses—for instance, to verify that no one has surreptitiously changed the system in a computer. Therefore, we conclude that the “Trusted Platform Modules” available for PCs are not dangerous, and there is no reason not to include one in a computer or support it in system software. https://www.gnu.org/philosophy/can-you-trust.html |
Anything that has hardcoded nearly-impossible-to-extract keys which you don't know, is not under your control.