[heavyset_go]

Stallman[1] and others[2] wrote about TPMs nearly 15 years ago, and the former revisited the topic in 2015.

Trusted Platform Modules can be used enforce app DRM, ensuring that only "approved" apps are able to run on a system.

That's already the reality for iPhones and iPads. We see desktops converging on this reality with systems like Apple's M1 which won't run unsigned binaries at all, and makes it difficult to nearly impossible to run apps that weren't first approved by Apple through their notarization process.

[1] https://www.gnu.org/philosophy/can-you-trust.en.html

[2] https://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

[fsflover]

TPM can be based on free software and controlled by the user: https://puri.sm/posts/purism-integrates-heads-security-firmw....

[Spivak]

Yes but that isn’t the main point. When combined with a non-free OS TPMs become a tool used against the user to lock them out of their own system.

[fsflover]

You are right. The problem however is not in the TPM but in the non-free OS.

[heavyset_go]

Thanks for the link, I wasn't aware of Purism's work in this space.

Is an open and flashable TPM something rights holders would be comfortable with? Or would they treat it like SafetyNet treats an Android phone with an unlocked bootloader?

[marcosdumay]

The main point (and only differential) of a TPM is protecting secrets against the person with physical possession of the device.

About every time something like this is placed on a consumers product, it is to exploit the consumer some way, so, no it's just bad.

There is the very rare exception of it being a product intended for the owner to lend it to other people, and the very common exception of it being disabled by default, but being cheaper to include on every product than just the business ones. But well, Windows 11 Home edition computers are neither of those.