![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
mjg59At CES this week, Lenovo announced that their new Z-series laptops would ship with AMD processors that incorporate Microsoft's Pluton security chip. There's a fair degree of cynicism around whether Microsoft have the interests of the industry as a whole at heart or not, so unsurprisingly people have voiced concerns about Pluton allowing for platform lock-in and future devices no longer booting non-Windows operating systems. Based on what we currently know, I think those concerns are understandable but misplaced.
But first it's helpful to know what Pluton actually is, and that's hard because Microsoft haven't actually provided much in the way of technical detail. The best I've found is a discussion of Pluton in the context of Azure Sphere, Microsoft's IoT security platform. This, in association with the block diagrams on page 12 and 13 of this slidedeck, suggest that Pluton is a general purpose security processor in a similar vein to Google's Titan chip. It has a relatively low powered CPU core, an RNG, and various hardware cryptography engines - there's nothing terribly surprising here, and it's pretty much the same set of components that you'd find in a standard Trusted Platform Module of the sort shipped in pretty much every modern x86 PC. But unlike Titan, Pluton seems to have been designed with the explicit goal of being incorporated into other chips, rather than being a standalone component. In the Azure Sphere case, we see it directly incorporated into a Mediatek chip. In the Xbox Series devices, it's incorporated into the SoC. And now, we're seeing it arrive on general purpose AMD CPUs.
Microsoft's announcement says that Pluton can be shipped in three configurations:
So in this respect, Pluton changes very little; the only difference is that the TPM code is running on hardware dedicated to that purpose, rather than alongside other code. Importantly, in this mode Pluton will not do anything unless the system firmware or OS ask it to. Pluton cannot independently block the execution of any other code - it knows nothing about the code the CPU is executing unless explicitly told about it. What the OS can certainly do is ask Pluton to verify a signature before executing code, but the OS could also just verify that signature itself. Windows can already be configured to reject software that doesn't have a valid signature. If Microsoft wanted to enforce that they could just change the default today, there's no need to wait until everyone has hardware with Pluton built-in.
The two things that seem to cause people concerns are remote attestation and the fact that Microsoft will be able to ship firmware updates to Pluton via Windows Update. I've written about remote attestation before, so won't go into too many details here, but the short summary is that it's a mechanism that allows your system to prove to a remote site that it booted a specific set of code. What's important to note here is that the TPM (Pluton, in the scenario we're talking about) can't do this on its own - remote attestation can only be triggered with the aid of the operating system. Microsoft's Device Health Attestation is an example of remote attestation in action, and the technology definitely allows remote sites to refuse to grant you access unless you booted a specific set of software. But there are two important things to note here: first, remote attestation cannot prevent you from booting whatever software you want, and second, as evidenced by Microsoft already having a remote attestation product, you don't need Pluton to do this! Remote attestation has been possible since TPMs started shipping over two decades ago.
The other concern is Microsoft having control over the firmware updates. The context here is that TPMs are not magically free of bugs, and sometimes these can have security consequences. One example is Infineon TPMs producing weak RSA keys, a vulnerability that could be rectified by a firmware update to the TPM. Unfortunately these updates had to be issued by the device manufacturer rather than Infineon being able to do so directly. This meant users had to wait for their vendor to get around to shipping an update, something that might not happen at all if the machine was sufficiently old. From a security perspective, being able to ship firmware updates for the TPM without them having to go through the device manufacturer is a huge win.
Microsoft's obviously in a position to ship a firmware update that modifies the TPM's behaviour - there would be no technical barrier to them shipping code that resulted in the TPM just handing out your disk encryption secret on demand. But Microsoft already control the operating system, so they already have your disk encryption secret. There's no need for them to backdoor the TPM to give them something that the TPM's happy to give them anyway. If you don't trust Microsoft then you probably shouldn't be running Windows, and if you're not running Windows Microsoft can't update the firmware on your TPM.
So, as of now, Pluton running firmware that makes it look like a TPM just isn't a terribly interesting change to where we are already. It can't block you running software (either apps or operating systems). It doesn't enable any new privacy concerns. There's no mechanism for Microsoft to forcibly push updates to it if you're not running Windows.
Could this change in future? Potentially. Microsoft mention another use-case for Pluton "as a security processor used for non-TPM scenarios like platform resiliency", but don't go into any more detail. At this point, we don't know the full set of capabilities that Pluton has. Can it DMA? Could it play a role in firmware authentication? There are scenarios where, in theory, a component such as Pluton could be used in ways that would make it more difficult to run arbitrary code. It would be reassuring to hear more about what the non-TPM scenarios are expected to look like and what capabilities Pluton actually has.
But let's not lose sight of something more fundamental here. If Microsoft wanted to block free operating systems from new hardware, they could simply mandate that vendors remove the ability to disable secure boot or modify the key databases. If Microsoft wanted to prevent users from being able to run arbitrary applications, they could just ship an update to Windows that enforced signing requirements. If they want to be hostile to free software, they don't need Pluton to do it.
(Edit: it's been pointed out that I kind of gloss over the fact that remote attestation is a potential threat to free software, as it theoretically allows sites to block access based on which OS you're running. There's various reasons I don't think this is realistic - one is that there's just way too much variability in measurements for it to be practical to write a policy that's strict enough to offer useful guarantees without also blocking a number of legitimate users, and the other is that you can just pass the request through to a machine that is running the appropriate software and have it attest for you. The fact that nobody has actually bothered to use remote attestation for this purpose even though most consumer systems already ship with TPMs suggests that people generally agree with me on that)
But first it's helpful to know what Pluton actually is, and that's hard because Microsoft haven't actually provided much in the way of technical detail. The best I've found is a discussion of Pluton in the context of Azure Sphere, Microsoft's IoT security platform. This, in association with the block diagrams on page 12 and 13 of this slidedeck, suggest that Pluton is a general purpose security processor in a similar vein to Google's Titan chip. It has a relatively low powered CPU core, an RNG, and various hardware cryptography engines - there's nothing terribly surprising here, and it's pretty much the same set of components that you'd find in a standard Trusted Platform Module of the sort shipped in pretty much every modern x86 PC. But unlike Titan, Pluton seems to have been designed with the explicit goal of being incorporated into other chips, rather than being a standalone component. In the Azure Sphere case, we see it directly incorporated into a Mediatek chip. In the Xbox Series devices, it's incorporated into the SoC. And now, we're seeing it arrive on general purpose AMD CPUs.
Microsoft's announcement says that Pluton can be shipped in three configurations:
as the Trusted Platform Module; as a security processor used for non-TPM scenarios like platform resiliency; or OEMs can choose to ship with Pluton turned off. What we're likely to see to begin with is the former - Pluton will run firmware that exposes a Trusted Computing Group compatible TPM interface. This is almost identical to the status quo. Microsoft have required that all Windows certified hardware ship with a TPM for years now, but for cost reasons this is often not in the form of a separate hardware component. Instead, both Intel and AMD provide support for running the TPM stack on a component separate from the main execution cores on the system - for Intel, this TPM code runs on the Management Engine integrated into the chipset, and for AMD on the Platform Security Processor that's integrated into the CPU package itself.
So in this respect, Pluton changes very little; the only difference is that the TPM code is running on hardware dedicated to that purpose, rather than alongside other code. Importantly, in this mode Pluton will not do anything unless the system firmware or OS ask it to. Pluton cannot independently block the execution of any other code - it knows nothing about the code the CPU is executing unless explicitly told about it. What the OS can certainly do is ask Pluton to verify a signature before executing code, but the OS could also just verify that signature itself. Windows can already be configured to reject software that doesn't have a valid signature. If Microsoft wanted to enforce that they could just change the default today, there's no need to wait until everyone has hardware with Pluton built-in.
The two things that seem to cause people concerns are remote attestation and the fact that Microsoft will be able to ship firmware updates to Pluton via Windows Update. I've written about remote attestation before, so won't go into too many details here, but the short summary is that it's a mechanism that allows your system to prove to a remote site that it booted a specific set of code. What's important to note here is that the TPM (Pluton, in the scenario we're talking about) can't do this on its own - remote attestation can only be triggered with the aid of the operating system. Microsoft's Device Health Attestation is an example of remote attestation in action, and the technology definitely allows remote sites to refuse to grant you access unless you booted a specific set of software. But there are two important things to note here: first, remote attestation cannot prevent you from booting whatever software you want, and second, as evidenced by Microsoft already having a remote attestation product, you don't need Pluton to do this! Remote attestation has been possible since TPMs started shipping over two decades ago.
The other concern is Microsoft having control over the firmware updates. The context here is that TPMs are not magically free of bugs, and sometimes these can have security consequences. One example is Infineon TPMs producing weak RSA keys, a vulnerability that could be rectified by a firmware update to the TPM. Unfortunately these updates had to be issued by the device manufacturer rather than Infineon being able to do so directly. This meant users had to wait for their vendor to get around to shipping an update, something that might not happen at all if the machine was sufficiently old. From a security perspective, being able to ship firmware updates for the TPM without them having to go through the device manufacturer is a huge win.
Microsoft's obviously in a position to ship a firmware update that modifies the TPM's behaviour - there would be no technical barrier to them shipping code that resulted in the TPM just handing out your disk encryption secret on demand. But Microsoft already control the operating system, so they already have your disk encryption secret. There's no need for them to backdoor the TPM to give them something that the TPM's happy to give them anyway. If you don't trust Microsoft then you probably shouldn't be running Windows, and if you're not running Windows Microsoft can't update the firmware on your TPM.
So, as of now, Pluton running firmware that makes it look like a TPM just isn't a terribly interesting change to where we are already. It can't block you running software (either apps or operating systems). It doesn't enable any new privacy concerns. There's no mechanism for Microsoft to forcibly push updates to it if you're not running Windows.
Could this change in future? Potentially. Microsoft mention another use-case for Pluton "as a security processor used for non-TPM scenarios like platform resiliency", but don't go into any more detail. At this point, we don't know the full set of capabilities that Pluton has. Can it DMA? Could it play a role in firmware authentication? There are scenarios where, in theory, a component such as Pluton could be used in ways that would make it more difficult to run arbitrary code. It would be reassuring to hear more about what the non-TPM scenarios are expected to look like and what capabilities Pluton actually has.
But let's not lose sight of something more fundamental here. If Microsoft wanted to block free operating systems from new hardware, they could simply mandate that vendors remove the ability to disable secure boot or modify the key databases. If Microsoft wanted to prevent users from being able to run arbitrary applications, they could just ship an update to Windows that enforced signing requirements. If they want to be hostile to free software, they don't need Pluton to do it.
(Edit: it's been pointed out that I kind of gloss over the fact that remote attestation is a potential threat to free software, as it theoretically allows sites to block access based on which OS you're running. There's various reasons I don't think this is realistic - one is that there's just way too much variability in measurements for it to be practical to write a policy that's strict enough to offer useful guarantees without also blocking a number of legitimate users, and the other is that you can just pass the request through to a machine that is running the appropriate software and have it attest for you. The fact that nobody has actually bothered to use remote attestation for this purpose even though most consumer systems already ship with TPMs suggests that people generally agree with me on that)
Where concern should be
Date: 2022-01-09 01:49 am (UTC)Re: Where concern should be
Date: 2022-01-12 04:04 am (UTC)Leaving aside legalities, the only thing the keeps MS from locking it all down is market pressure. The company has really prospered since it tossed Ballmer and opened up. For now, I don't know why they would shift course. Not that they wouldn't at some point in the future, if they could make a buck doing so. But I don't see it just now...
You ignores the last 23 years of PC game theft, and ignores ms's experiments with signed binaries.
Date: 2022-01-09 03:21 am (UTC)In the 90's we got multiplayer /w dedicated servers and level editors for AAA PC games, they stole the networking code and rebadged PC RPG's under the MMO marketing moniker to steal games from the public and get them to over pay.
There's been a war on software ownership since the beginning of the internet because you can co-opt and take over anyones PC by dividing the program executables into two sub exe's a master exe and a slave exe.
That is why we live in a PC game dystopia where games can "shut down". Your post shows complete ignorance of the fact that the software industry has won because the average PC user is clueless.
Why the hell would any piece of software need a 2nd PC hundreds of miles away unless they were selling you an incomplete program with missing files?
This has been the wet dream from the beginning, they want encrypted channels for the net so they can stop piracy of files, it's about long term control of the internet. Because the internet is just one giant world sized personal computer to a software company. So all our PC's are the "Defective" chips in their global motherboard, Which intel, Microsoft and big media and game companies wish to replace so you can't access "their" files. Denuvo was funded by the rage of Sony/EA/Ubisoft at early PC game/console piracy. Did you think they were just going to give up? They want total control over our PC's. They've completely won now that they can simply just back end the shit of any big major PC game now that the global infrastructure is there.
You forgot the two rules of networking: Two or more computers in an network become and behave as a single device, so whoever programs the network (the PC) owns the network.
The tech industries long term dream is to turn files into property to enforce american copyright law. That is what trusted computing was born to do.
https://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
We've already have 100's if not thousands of stolen PC and other games on android an apple appstores that cannot be owned by the customer because of the fraudulent client-server "you never own your software" business model.
A far cry from the honest binaries of the 90's. They want to kill piracy and engage in a program file extortion racket to control the market.
We already see this in the PC gaming space where companies can disable their old game to make sure it doesn't compete with their new one. They want market control to jack up prices.
Skins, maps and mods used to be free and we used to get level editors as standard in the AAA space. That was massively curtailed over the last 20 years.
The only reason Starcraft 2 has a map editor was because Starcraft 1 was born just right when the Stolen RPG apocalypse was happening (1997 with ultima online). That's why quake 1-3, Warcraft 1-3, Descent, Duke 3D, Doom 1-3, Unreal 1, 2, UT2003, UT2004 all had multiplayer contained within the executables.
They stopped giving us that with the rise of stolen PC games starting with the rebrand of PC rpg's as mmo's so they didn't have to give us the normal ability to host and play your own multiplayer games over the internet.
Next is Microsoft, Intel and AMD were testing AMD in "the lab" so to speak in enterprises over the last 23 years before deployment, Microsoft was dabbling with drm and signed executables. Did you think those driver warnings about the lack of signed drivers were innocuous? Microsoft was working on end to end encryption to shut down "digital holes" like being able to record audio or video from non approved devices.
It's all about locking down the PC for the MPAA/RIAA and the game industry. The game industry being the worst offender because it's customers are so fucking clueless they've been paying to steal games from themselves since 1997 with the rise of Ultima online and everquest.
The future of RPG's on the PC should have been dedicated servers and level editors with complete local control of every AAA game but the game industry found out the average professional and working class consumer was dumb as a bag of hammers.
They all went and bent over for UO, Lineage, everquest, guild wars 1, Asherons call, Dark age of camelot and Earth and beyond.
That was the end of game ownership on the PC from 1997 onward.
Valve got the idea for steam once theh public proved it was stupid beyond valves wildest dreams with Ultima online in 1997. Otherwise we'd still be living in a world with PC RPG's with dedicated servers and basic multiplayer like Baldurs gate, Neverwinter Nights (2002), which had a full blown level editor.
That shit came to an end when the kids and adults fell for the mmo scam of the late 90's and early 2000's. Which lead to the current DRM infest and client-server back ended PC game dystopa of the post 2010's.
Re: You ignores the last 23 years of PC game theft, and ignores ms's experiments with signed binarie
Date: 2022-01-09 03:24 am (UTC)Re: You ignores the last 23 years of PC game theft, and ignores ms's experiments with signed binarie
Date: 2022-01-09 04:41 am (UTC)Re: You ignores the last 23 years of PC game theft, and ignores ms's experiments with signed binarie
Date: 2022-01-09 08:11 am (UTC)Go look at the faq, it's all about profits. It's that simple. It's about new ways of locking down files and preventing bits from being broadcast. TPM is part of future business models that they've had planned for decades. The idea that TPM is some innocuous chip is nonsense, the same thing was said about MMO's and steam in the late 90's and early 2000's. When UO was first released, we were still getting RPG's and FPS games with multiplayer like Baldurs gate, Neverwinter nights (2002). But anyone with a clue saw the writing on the wall for dedicated servers and level editors (which were standard features for AAA games in the 90's, everyone was expecting diablo to get a level editor and open modding, but that didn't happen because of UO in 97, Lineage in 98 and Everquest in 99), they were going to steal the networking code and rebrand games mmo's to steal them and prevent piracy to maximize profit and claim they are "new type of game" rather then just back ended AAA games because they wanted to secure their million dollar investments. You can see some of the "MMO's" we've restored here:
Need for speed world "MMO" (aka a fork of most wanted 2005, with modifications, and back ended).
https://soapboxrace.world/
Earth and beyond (mmo 2004)
https://forum.enb-emulator.com/index.php?/forum/104-net-7-news/
Gaming got worse as more and more computer illiterate people came into it. The golden age was the brief period of DOS16/32 and Win32 binaries before the advent of mmo's/steam (diablo 1+2, Warcraft 1-3, Starcraft 1, Quake 1-3, Freespace 1+2, Descent 1-3, Baldurs gate, icewind dale, Half-life, Duke 3d, Neverwinternights 2002).
So for anyone who's been paying attention the internet has been used to prevent getting local files for the game to be run outside the control of companies. The issue is control. Just look at the app store on iphone or android, you can't get a local copy of the client-server back ended popular games to run offline forever, its totally under the control of the company.
Re: You ignores the last 23 years of PC game theft, and ignores ms's experiments with signed binarie
Date: 2022-01-09 08:49 am (UTC)Re: You ignores the last 23 years of PC game theft, and ignores ms's experiments with signed binarie
Date: 2022-01-18 10:37 am (UTC)Intel, AMD, RIAA, MPAA don't want a repeat of the 90's of the super powerful limitless file copying that existed from the 70-80's roughly until 1997 when they could start stealing blocks of code and trapping them behind user names and login accounts. Any client-server software means you have already given up any security and ownership of your PC. It's the same thing as stealing the software from the public. The public has literally been stealing software from itself for 23+ years now, first in PC games with "mmo's" (aka PC games with stolen networking code to preven ownership, monopolize game files and increase profits).
You don't seem to have gamed during the GOLDEN AGE of PC gaming of free maps, mods and level editing, dedicated servers and multiplayer were expected features of all PC games in the 90's until they figured out in 97 with ultima online the average member of the public clueless that backending a piece of software is the same as stealing it. AKA you are given 99% of the game, so why the fuck would you want to pay a monthly subscription for any game and not get a copy of it given that you are required to get a complete copy of the game anyway? It's the dumbest thing ever. You don't get DRM and client-server EXE's are literally you saying "steal software from me, make me overpay for software".
You've lost control of your device because it's getting harder to access raw binaries because they are increasingly encrpyted by things like denuvo.
Microsoft and the big content companies want to move to encrypted computing and have a ring that enforces software licensing and copyright, aka no more infinite file copying and piracy for you.
That's what trusted computing is a bout ultimately end to end encrypted computing, where you never get raw access to IO and critical parts of binaries. That is why denuvo is merely bypassed when "cracked" the exe's still remain encrypted.
The whole point is to increase profits by market power, for the last 20 years game companies can assure their old game doesn't compete with their new game by shutting them down, that was impossible pre internet to the computer illiterate masses. That's why briefly we had honest Win32/Dos executables.
Go look at the technologies being worked on by these thieves.
https://trustedcomputinggroup.org/
Also android and iphone "apps" is where the industry wants to take us, Android and iphone are the future of computing, iphone being the ultimate model of you not really owning the shit you buy and overpaying extremely for software.
Why do I need to "sign in" on apples appstore to download apps? Note that the "apps" you have on your phone aren't really "yours" and who knows what is being communicated from your iphone to apples or some other software companies servers because you have no idea what your iphone is doing, because the os has abstracted and hidden away its functionality.
Re: You ignores the last 23 years of PC game theft, and ignores ms's experiments with signed binarie
Date: 2022-01-18 05:15 pm (UTC)Re: You ignores the last 23 years of PC game theft, and ignores ms's experiments with signed binarie
Date: 2022-01-20 04:44 am (UTC)A software company sitting on global telecom is the CPU in a giant world sized motherboard. Now end in TPM in their PC's with TPM enabled os, and TPM in your machine, they now can create TPM enabled apps with IO, the long term is to develop new executable and binary models. That's what you're seeing with UWP and things like denuvo - denuvo is literally encrypted computing, aka denuvo hasn't been "Cracked" it's just been "bypassed" and the wall has gotten so high that there is a huge backlog of denuvo games. The whole point is the higher the barrier (aka needing some Comp Sci and crypto/math background) the less people on the planet can crack software faster. It's all about slowing the process of getting raw executable binaries and raw files so the public can't execute them.
AKA they just want to get to the point where apps have embedded malware/anti-tamper in them. Then after that is the complete "obscuring" of the filesystem, aka your PC slowly turns into a phone or android where everything is dumbed down.
Next you're not getting that the government and Financial companies see Trusted computing and TPM as necessary for anti-fraud measures. That's why TPM isn't going away. You really don't grasp what's being planned nor the big interests at work in the corporate world.
Re: You ignores the last 23 years of PC game theft, and ignores ms's experiments with signed binarie
Date: 2022-01-20 09:07 am (UTC)Re: You ignores the last 23 years of PC game theft, and ignores ms's experiments with signed binarie
Date: 2022-01-20 09:50 am (UTC)Go search games that had their "Server" shut down, the whole concept of SHUTTING DOWN a program when no program needs to die or go away, is absurd! That is what client-server and locked down mainframe computing has unleashed. You don't get it son, the internet allows companies to enslave and enforce copyright/licensing by using a combination of hardware back end and software back ends. Meaning prices of everything will continue to rise because they can engage in extorition, mmo's are literally just regular rpg's with the networking code coded in a fraudulent way so you can't host servers like the 90's like in quake and other games of the 90's and late 2000's.
Think about when you login to google, googles security mechanisms have gotten way better over time, from crude "anyone can login" to creating means to create device identification as anti-fraud/anti-hacking measures, those "anti fraud" measures have exact analogues for software piracy. AKA "verifying the program/machine you are using and it's identity".
AKA you can be locked out of services, your machine and the apps you paid for. That's the world Microsoft, government, and the military want.
I'll give you an example, I just recently tried to use an android game made by square called FF brave exvious... I hadn't logged into my google account for a while, and now they want to verify your account via phone in order for you to access the game, now apply the principal of "they want to verify/checkin everytime you run an exe" to see if you have permission to use or continue to use your machine and the software on it. AKA those verification checkins + the gulliblity of the public means they can further clamp down on what they don't want and remove everyones freedoms because the public has no clue about technology or how it works.
That's how we ended up losing basic functionality of PC games to host your own multiplayer games locally without needing permission because the network code game inside the game. It's all about them killing local side apps that run completely on your machine and are easy to pirate over time. They want you not to own your own computer so they can yank up the prices.
When I was banned from my hotmail and gmail accounts it was a royal pain in the ass to get them back. Now imagine doing that for your OS or some critical piece of software you need because it's now tied with both hardware and software to an "account" to verify your identity.
Re: You ignores the last 23 years of PC game theft, and ignores ms's experiments with signed binarie
Date: 2022-01-20 10:57 am (UTC)Re: You ignores the last 23 years of PC game theft, and ignores ms's experiments with signed binarie
Date: 2022-01-20 10:32 pm (UTC)Look at pre mmo/steam era, vs the post steam era, in 2003. Before the internet it was impossible to steal parts of applications and back end them because there was no way for companies to use the PC's in their office to enslave remote PC's because it was physically impossible. So they were forced (boohoo) to give you those infinitely copyable files and exe's on discs or CD rom. The internet allows companies to divide all new programs into two seperate EXE's, the master program (on their PC) and the slave program (on your pc). AKA the internet allows companies to turn every device into a dumb terminal by way of software and hardware drm mechanisms, so telecom allows companies to use the internet as their own personal mainframe or world sized computer. That's what Valve was aiming for in 2003 when he launched steam, the goal was to back end the big budget games remove ownership, dispossess the masses steal the software from the public and increase profits. The internet for the first time in history made it possible for companies to claim their own software as their own from the point of producton by way of backending their own games, they can now use copyright to claim they own the files on your PC and software on it and can tell you how to use it, when to use it, or whether you will be able to use it.
That was the point, that's what companies wanted - control of how you will be able to use software and devices.
You're already being defrauded in front of your face, so I can't help that you're brain "can't get" what TPM will be used for if you can't get that a simple networking cable can be used to steal PC games, undermine ownership and give monopoly profits to game companies. Do you think they will just trying to control everything and lock everything down to jack up prices and dispossess you when you are so oblivious?
AKA you've literally been robbed in front of your face for 23 years using "We'll steal these blocks of code and trap them on the other side of the networking cable and market it t you as a service!". So if you don't think they won't be mean, or bad to you, or give you even worse service in the future if they think it will increase their profits, you're not paying attention.
I don't need to show you an example of how TPM will be used when we already have the full software versions in Denuvo, MMO's and Steam - denuvo is anti-tamper, aka cracking games used to be trivial because they were honestly compiled binaries with largely no encryption. So it was trivial to copy games like quake, Descent, warcraft 1+2 and have the complete game. They wanted to stop that, they wanted control to make you getting a copy of the software without paying for it more difficult.
That's TPM's primary purpose in the future, software license enforcement at the hardware level to increase profits. The fact you can't see that when you can go read microsofts documents on their website about the forms of DRM they are developing is pretty disturbing. TPM is part of a long term project to have hardware that doesn't obey you.
Re: You ignores the last 23 years of PC game theft, and ignores ms's experiments with signed binarie
Date: 2022-01-20 10:46 pm (UTC)How?
Re: You ignores the last 23 years of PC game theft, and ignores ms's experiments with signed binarie
Date: 2022-01-28 10:23 am (UTC)Try to put 2 and 2 together please, did you know that World of warcraft is literally just an RPG with it's networking code, coded in a fraudulent way to deny ownership? AKA the game was acutally given to you and running entirely from your PC, but the public was stupid enough to buy a fraudulently coded piece of software. AKA people who bought mmos were robbed, we were expecting dedicated servers + level editors and basic multiplayer that came with every PC game in the 90's to continue until we got carpet bombed by EA and Richard garriot in 1997 when they started stealing PC RPG's by calling them mmo's.
I'm sorry you are literally uneducated...
Did you not notice the super profits form Ultima online in 1997 just by holding the netowrking multiplayer code hostage on some servers at EA? Using only the wires from the phone/cable tv network we've laid all over the continent?
How you are able to not comprehend basic facts about computing... when theoretically you are supposed to be working in computing? Your whole post makes no sense to someone who knew the great lockdown inevitable from 1997 onwards.
AKA there's no reason for ANY application on your computer to be client-server executable unless you are chimp factor five levels of stupid about computer security and ownership. Which the global public was tragically.
The reason piracy existed was becuase the PC had open IO and un-encrypted binaries, Pluton will be used for signing things like game exe's and will check for exe modifications or refuse to run hacked binaries. It's all about enforcement, we saw a trial run with UWP and windows 10 update, many UWP games "won't work" properly on different versions of windows 10. UWP is a crude version of what will happen with pluton/TPM in the future.
The future will be signed binaries, so they can check if those exe's are modified and refuse to run. These new hardware features are about end to end control of IO which you need to encrypt files and the communication of files between cpu, ram and hdd/ssd. They want end to end file encryption eventually, they are basically killing the PC as an open platform and they have been doing a good job for 23 years in gaming.
You REALLY are ignorant about the last 23 years in gaming, in a computer literate world, Steam/MMO's, no back ended application for PC games would exist there is no reason for any OS, game or application, to not be a completely local binary on your PC. The last 23 years kids fell for the mmo scam in 1997 with Ultima online.
Games used to have multiplayer or basic multiplayer embedded inside the application, that was taken away once the industry learned the public was chimpanzee factor five levels of stupid regarding technology.
So most people have been stealing software from themselves, buying corporately hacked software/malware infested games (mmo's/steam) and have lost control of the software they've bought. We've been getting slaughtered for 20 years. The reason we have in game stores and abusive microtransactions is because people were stupid enough to not understand you never want to client-server programmed software, that's the same thing as buying a program with missing files and functions. Or buying broken applications. But that's what the public did for the last 23+ years since the late 90's.
In the PC gaming space I and many other hardcore computer gamers/nerds were expecting the traditional singleplayer+Multiplayer in one local application to last forever, that didn't last because the public turned out to be stupid beyond the game industries wildest dreams. That's why TPM/Pluton plans were accelerated.
The true purpose is ultimately so you don't have access to raw instructions
"Increasingly, content providers are moving towards hardware-based protections for granting permission to play back full high value content in apps. Robust support for a hardware implementation of the cryptographic core has been added to PlayReady to meet this need. This support enables secure playback of high definition (1080p) and ultra-high definition (UHD) content on multiple device platforms. Key material (including private keys, content keys, and any other key material used to derive or unlock said keys), and decrypted compressed and uncompressed video samples are protected by leveraging hardware security."
Re: You ignores the last 23 years of PC game theft, and ignores ms's experiments with signed binarie
Date: 2022-01-28 10:29 am (UTC)Re: You ignores the last 23 years of PC game theft, and ignores ms's experiments with signed binarie
Date: 2022-01-28 01:29 pm (UTC)If you want even more just go to trustedcomputinggroups website and look at their datasheets. They want to turn the internet into one giant computer they own and control, and so they are coming up with an architecture where they can block broadcasts of packets and files and ban machines from connecting. It's all about being able to remote control hardware. In a networked world, a master computer can enslave the sub computers when they are networked, that is microsoft's and the content industries goal, is to turn PC's into dumb terminals and turn the internet into a globalmainframe they control, that is what all those DRM technologies coming down the pipe are doing, its vendor lockin and the return of IBM.
IN FACT I EXPLAINED IT TO YOU THAT YOU DON'T NEED DETAILS, all we need is this "Has the software industry succeeded in raising the price of software through underhanded means? The answers is yes. So why wouldn't the tech/software industry keep being crimninal when dense people like you inhabit our planet? You don't need anything too sophisticated to make software more costly. They just want total control of the machine and files. AKA think of in game microtransactions, all those skins/models that kids are buying in fortnite all that shit used to be free.
Two networked PC's, I can can divide any binary into two sub exe's and carve back that applications functionality and sell it back to you at inflated prices. Guild wars 1 is a case in point, when Arena net quickly back ended the game. Go pickup NeverwinterNights (2002) from gog, notice that was supposed to be the future of Role playing games on the PC, aka no drm, no stupid stolen blocks of code, no stupid malware, you just buy the game at $60 it's yours forever singleplayer+multiplayer.
So I shouldn't have to explain what pluton/TPM is about when we already have had the industry doing underhanded shit and stealing software from us in blind daylight for 23+ years since 1997 beginning with Ultima online, Lineage, Everquest, Asherons call, Dark age of camelot, etc. You're not getting the INTENTIONS of these organizations. If they'd steal your multiplayer code out of PC games, insert malware like steam into games, would they put hardware based malware inside your PC to prevent you from pirating their software or recording netflix streams? YES THE WOULD. Would they further lock down your PC? Yes they would.
You don't grasp that the end game is taking control of IO and preventing access to raw binary instructions, that is what made games/apps trivially easy to crack until denuvo in 2010's. Denuvo is the software version of trusted computing. It's made cracking games much harder, so encryption + software back ends has significantly raised the bar. Everyone in the industry has seen the success of denuvo at delaying piracy.
Most games have just been backended ("mmo/free2play") to prevent piracy, so they've accomplished their objective since most people don't have the CS skills to reverse engineer game backend networking components.
HINT the first time the software industry just stole some blocks of code out of PC games (aka RPG's were rebranded mmo's, and backended with forced user names and login accounts).
Go get Ultima online. Everquest, asherons call, guild wars 1, world of warcraft, every "MMO" should have been a local application PC RPG with multiplayer that never touched company servers.
You don't seem to grasp the fact phones, pc's and apple comptuers are infested with client-server apps/os and games, means they've already one. Since if you don't own the software on your computer, you don't own your computer.
The battle for the PC as an open platform was lost because we've got drm and client-server everything in PC games, the goal was to monopolize the files/apps and game code so that they can control the market.
Re: You ignores the last 23 years of PC game theft, and ignores ms's experiments with signed binarie
Date: 2022-01-28 06:16 pm (UTC)Re: You ignores the last 23 years of PC game theft, and ignores ms's experiments with signed binarie
Date: 2022-01-20 05:01 am (UTC)https://news.ycombinator.com/item?id=29859106#29863079
Updates only with Windows
Date: 2022-01-09 09:23 am (UTC)Re: Updates only with Windows
Date: 2022-01-09 10:09 am (UTC)no subject
Date: 2022-01-09 10:11 am (UTC)no subject
Date: 2022-01-09 10:15 am (UTC)no subject
Date: 2022-01-09 10:20 am (UTC)In my head there is connection between TPM and lockdown, how can TPM serve the interests of user that uses free software?
no subject
Date: 2022-01-09 10:39 am (UTC)https://mjg59.dreamwidth.org/45602.html
https://mjg59.dreamwidth.org/35742.html
T2 doesn't have a mechanism for third parties to verify that encryption keys were generated on the T2, so the case you're describing sounds like it's involved in Apple's protected video path implementation rather than anything TPMs can do. It's definitely possible to use hardware in ways that are hostile to the user, but right now TPMs just aren't being used that way.
HP Sure Start
Date: 2022-01-09 11:06 am (UTC)http://h10032.www1.hp.com/ctg/Manual/c06216928
no subject
Date: 2022-01-09 01:13 pm (UTC)Buying RISC-V CPU 2023? Why AMD?
OpenTitan is better than this.
Date: 2022-01-10 01:35 am (UTC)OpenTitan is a much better solution to this. It's RISC-V and it's totally open source, I'd rather this than some weird obscure core inside a CPU that I can't verify or confirm.
OpenTitan also would allow users to compile and run their own firmware, making it actually useful, OpenTitan is also the base for the Titan M2 that's inside the Pixel 6 devices so it's being used in the market right now.
Read about OpenTitan here: https://opentitan.org
no subject
Date: 2022-01-10 05:34 am (UTC)Looking forward to eventual remote attestation
Date: 2022-01-11 10:39 pm (UTC)Specifically, game developers. The number of cheaters in certain games is insane. Being able to verify a root of trust in order to be able to connect to a specific game server would be awesome.
Wouldn't stop you from playing the game. But, if the server admin happens to want to enable it, they can, and you just can't connect to that server without shutting down all your hacks. Heh.
hoschi
Date: 2022-03-14 09:50 am (UTC)I'm more skeptical. Feels like appeasement "we could compromise, it is not so worse, currently you can turn it off, maybe there is use case..."? And this pattern repeats? I don't see a benefit for the users in regard of TCPA, TCG or TPM. Like stated in the article, Pluton could even do more. We know already that it requires silicon, electricity and adds complexity.
User requirement: Reliable encryption of date e.g. through hard-drive or operating-system
Industry requirement: Control of computer through TPM, DRM, Remote Attestation
I've the feeling we add more code to solve artificially created issues while we should resist it on political level. Especially a company like Microsoft shall not be allowed to dictated industry standards and mandate hardware companies to include these kind of companion chips.
My past experience with SecureBoot:
Out of curiosity I've tried the full chain of UEFI -> SecureBoot -> Shim -> Grub2 -> Linux and GNU-Userland. Worked with Fedora, thanks to hard work and effores, including Matthew Garret. But the firmware updates for the UEFI didn't worked due to some issues in the chain. I just turned SecureBoot off and got the security fixes (priority!) for the UEFI. And people are already arguing about UEFI, which seems to be far more complex than needed.
Thanks for your work :)
no subject
Date: 2022-10-08 12:40 am (UTC)CyberPandemic very much related
Date: 2023-04-16 11:32 pm (UTC)https://youtube.com/watch?v=ktHQISNl9Ic
no subject
Date: 2023-10-07 07:26 pm (UTC)It is not quite true.
1. Passing an attestation to another device implies capability to execute own code on the device which is a source of attestation within the enclave. In other words, to pass an attestation proof to another device one needs to exploit the code within the enclave first. It may be not the case since the code can be written using best practices and contain no vulnerabilites.
even if 1 is not enough (it is more than enough)
2. Attestation assummes that each piece of hardware are uniquiely identifiable via the secret baked into a chip. If the verifying party gets an identifier derived from hardware identifier and verifier long-term identity as a part of attestation proof, then verifying party can statistically detect overuse of identifiers. Even if it doesn't rely on statistics, it can find public services providing such attestation proofs and add the identifiers used by them into a blocklist.
3. Even if attestation mechanism doesn't expose chip-derived identifiers to a third parties, the third party can construct it from a PUF by just ... executing code on CPU (there were quite some researches about constructing weak PUFs by measuring distributions of time certain code executes on a certain chip).
no subject
Date: 2023-10-07 08:16 pm (UTC)Missing important part
Date: 2024-05-28 10:46 am (UTC)- Not able to be modified easily
- Not auditable
- Not redistributable
These are literally the core concepts of software freedom. Where is the transparency? Where is the participation? Where is the ability for collaboration?
If we didn't live in a world of pretty much only AMD and Intel this wouldn't be as much an issue but we don't. We are stuck with this proprietary garbage on our device that goes against what open source stands for.