[plainnoodles]

To be fair, TPM's are really cool from a hardware perspective. They're HSM's which can fundamentally change what threat models on your OS look like.

Unfortunately, the purpose here will be to use the fact that most users use a non-free OS to turn these TPMs against the user in order to make DRM harder to break.

[heavyset_go]

> Unfortunately, the purpose here will be to use the fact that most users use a non-free OS to turn these TPMs against the user in order to make DRM harder to break.

Stallman[1] and others[2] have talked about just this issue for over a decade now.

[1] https://www.gnu.org/philosophy/can-you-trust.en.html

[2] https://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

[dan-robertson]

Stallman has quite a particular view on security, e.g. [1]. I think it is important to understand where he’s coming from.

I think the last 30 years have shown that, in some sense, even competent computer users can’t really be trusted to keep their systems secure. I’m not saying that the only solution is to have a totally locked down system, but I’m also not saying that having an HSM is a bad thing.

I understand that the M1 Macs get improved security from the more iPhone-like architecture but that the system is still somewhat hackable (eg there is a possibility of running Linux). So it would appear that one can have one’s cake and eat it. I think hardware security modules are mostly orthogonal to having a hackable system and companies like apple must be persuaded somehow to leave systems openable through other means.

[1] https://ftp.gnu.org/old-gnu/Manuals/coreutils-4.5.4/html_nod...

[rockemsockem]

Really though, if we're talking about "completely secure" computers, or even something approaching that, no one can be trusted to keep any system secure. So why not at least let users have some freedom while taking care of the most obvious exploit routes?

[danuker]

Oh, can the best-in-business CPU manufacturers be trusted to keep their systems secure?

1. https://en.wikipedia.org/wiki/Spectre_(security_vulnerabilit...

2. https://en.wikipedia.org/wiki/Meltdown_(security_vulnerabili...

3. https://en.wikipedia.org/wiki/Intel_Management_Engine#Securi...

4. https://en.wikipedia.org/wiki/AMD_Platform_Security_Processo...

[heavyset_go]

There have been exploits for ARM's TrustZone implementations, as well.

[toast0]

I see the value in using a TPM to protect a disk encryption key; but also the downside of it being harder for me to recover data when the TPM fails before the disk (or if the motherboard fails and the TPM is tamper resistant and doesn't want to be moved to another board, etc). For me, data recovery is more important.

Boot time security sounds kind of useful, but I don't have time or desire to audit and sign everything I run, and Microsoft doesn't either; they have historically signed all sorts of garbage that undermines the system security, and I expect that will continue.

[tenebrisalietum]

I think this is why you don't store the encryption key of the disk directly in the TPM but a "key to unlock the key" - that way you can enter a recovery code or something to access if the TPM or something in the boot path fails. I don't know how the encryption mechanics work in detail but it has to work like that somehow for Bitlocker recovery to function. I know under Linux LUKS you can have up to 8 keys and each will allow access to the disk.

[at-fates-hands]

Just in case someone wants to know what a TPM is:

Trusted Platform Module, or TPM, is a unique hardware-based security solution that installs a cryptographic chip on the computer's motherboard, also known as a cryptoprocessor.

This chip protects sensitive data and wards off hacking attempts generated through a computer's hardware. Each TPM holds computer-generated keys for encryption, and most PC's nowadays come with TPM chips pre-soldered onto the motherboards.

[bserge]

I've been using laptops with TPM for a decade now. Never enabled the damn thing because if it failed, I'd be completely locked out of my computer. I'm not a CIA agent, I'm not a threat to any state, I don't even work for some big corp, why do I need that level of security?

[fsflover]

TPM does not necessarily lock you out in case of problems. It depends on the software. In Purism laptops, it just warns you if something unexpectedly changes. (see the link in my other comment)

[alerighi]

I don't trust storing keys in the hardware. The hardware can fail and you loose everything, or the hardware can have backdoor. It's not difficult to make and memorize a strong password in the end to use it for disk encryption.