Second, TPM 1 with SPI/LPC header on the motherboard is not DRM. DRM. It is simply a means of providing privacy in the presence of persistent malware. It doesn't protect against physical access: if a user needs to compromise his system he can always plug in a cheap microcontroller board.
Thirdly, any TEE, including those based on TPM 2.0, which is right in the processor and with remote attestation is primarily for DRM.
Fourth, protected media path is not the whole DRM, but only one of its components.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
no subject
Date: 2025-01-03 04:55 pm (UTC)Second, TPM 1 with SPI/LPC header on the motherboard is not DRM. DRM. It is simply a means of providing privacy in the presence of persistent malware. It doesn't protect against physical access: if a user needs to compromise his system he can always plug in a cheap microcontroller board.
Thirdly, any TEE, including those based on TPM 2.0, which is right in the processor and with remote attestation is primarily for DRM.
Fourth, protected media path is not the whole DRM, but only one of its components.