• interdimensionalmeme@lemmy.ml
    link
    fedilink
    arrow-up
    31
    arrow-down
    8
    ·
    1 year ago

    TPM bad, put your secrets on a proper encryption peripheral, like a smartcard running javacardOS

    TPM will turn into cpu-bound DRM, the more you use it, the more this cancer will grow

    • Skull giver@popplesburger.hilciferous.nl
      link
      fedilink
      arrow-up
      28
      arrow-down
      1
      ·
      1 year ago

      Intel literally removed CPU-bound DRM from their recent processors because it wasn’t secure. Besides, the encryption keys for DRM are safely stored deep inside the iGPU anyway. All the TPM does is store a few kilobytes of cryptographic data and record signals sent to it by the OS in a way that the OS can’t alter down the line.

      The TPM is literally built to be used as an encryption peripheral. You can use alternatives like Yubikeys as external TPMs for extra security of course, but that doesn’t mean every desktop, laptop, and smartphone needs one.

      Your smartcard has the exact same potential to become used as a means for DRM. In standard use cases it’s literally meant to govern access to a computer.

      • interdimensionalmeme@lemmy.ml
        link
        fedilink
        arrow-up
        8
        arrow-down
        10
        ·
        1 year ago

        You are only seeing what TPM is now. Not what TPM will become when it become an entire encrypted computing processor capable of executing any code while inspection is impossible.

        Imagine denuvo running at ring level -1

        • We already had SGX, that got killed off because it wasn’t resistent against side channel attacks and because barely anyone cared to use it. We also have TrustZone or some comparable technology on every ARM chip out there.

          When Intel dropped SGX for 11th gen and newer processors, Intel CPUs lost the ability to play Ultra HD Blurays. We have had TEE based DRM since 2016 and nobody cared or noticed.

          Of course AMD hasn’t stopped including its Secure Processor TEE in its chips, through an embedded ARM core that runs TrustZone code, like on an Android phone. AMD market share probably isn’t big enough for anticheat to require AMD-SP (and I bet it’s too expensive to get code running on there anyway) but I’m sure some platforms are using them because AMD still hasn’t removed the feature yet.

          Anticheat runs in our kernels now exactly because there’s a lack of proper hardware authorization. DRM can be a lot less invasive if it can verify the state of the machine without obfuscated kernel drivers. We’re even getting Linux based anticheat kernel modules soon. DRM is at ring 0 and it’s not even a controversial topic among gamers anymore. Running at -1 doesn’t even need a TPM, all that needs is a motherboard manufacturer weird enough to put Denuvo in their firmware.

          A TPM doesn’t execute arbitrary code. That would put the secret key material at risk. Furthermore, all it can access is the SPI bus or whatever low speed bus it’s hooked up to, it can’t access your hardware like Intel ME or AMD’s PSP can.

          Based on your fears, I think you’re mistaking TPMs (harder to steal Yubikey-like hardware) with trusted execution environments (code running in your CPU that you can’t see or alter).

          • interdimensionalmeme@lemmy.ml
            link
            fedilink
            arrow-up
            4
            arrow-down
            3
            ·
            1 year ago

            Yes, it’s right in the name “trusted platform module”. There is no secret that their ambition is to become a space to run code outside the user’s reach and scrutiny.

            They start with the most legitimate and innocuous purpose. Once it is adopted and ubiquitous it will not suffer the fate of the other attempts and rotting on the vine.

            Then surprise TPM 5.0 become full scale full speed trusted execution environment and it’s too late to do anything about it. Eventually , non trusted processing capability will be phased out and only Intel and signed code will run.