[dTal]

>robust system state attestation (both local and remote) against attackers with physical access

Phrases like this give me the shivers, as it translates into "mandatory surveillance by some authority telling me what I can and can't do with my computer".

TPM is an evil concept. Physical access should be final.

[kukrimate]

Is anyone here talking about survaillance??

That "attestation" in the full disk encryption case means your disk encryption key only being available to the operating system you chose to install. And disallowing the ability of a laptop thief to change that.

Or remote attestation can be used to restrict access to a corporate network to corporate controlled devices only. No one surveills you, or has access to your device in this scenario either, the TPM there is used to produce a certificate of the device state that can effectively act as access credentials to a resource.

This is about recognising the fact that the person in physical possession of a device isn't necessarily the legitimate owner.

[brendank310]

I get the reaction, but what about the trust factor of a box you own and have running on the other side of the world? TPM isn’t an evil concept, it’s fairly useful for some scenarios. Coercion to use TPMs, that sounds evil.

[tiberious726]

So I get my hands on your laptop for a few minutes, there should be nothing you can do to impede me from doing whatever I want to it?

TPMs are awesome of you use them correctly, it's like having a yubikey built into your computer

[dTal]

>So I get my hands on your laptop for a few minutes, there should be nothing you can do to impede me from doing whatever I want to it?

Correct. This is true of all my other possessions as well.

Ultimately, the physical hardware of the computer cannot tell the difference between a legitimate user and an illegitimate one. The distinction is social, not mathematical - the kind of thing one might litigate in court, rather than by multiplying some large primes together. Technologically enforcing the concept of ownership over an object implies the construction of a parallel, extra-legal system of rights management, with some final higher authority that is neither you nor in all likelihood your government. Here's how that plays out: yes, you paid for the computer, yes, you "legally" own it, but you did something to it that Microsoft doesn't approve of and so we're afraid it doesn't work anymore. Might makes right. Too bad!