Will Windows 11 use TPM 2.0 – now required – for TC / DRM?

6 points by LeftHandPath ↗ HN
This is one of the more interesting questions about the Windows 11 release that is not being discussed often enough. TPM 2.0, which is required for Windows 11, is the newest standard of a technology that was developed almost 20 years ago as a means for establishing "Trusted Computing" and enhancing DRM measures (see: http://www.diva-portal.org/smash/record.jsf?pid=diva2%3A206552&dswid=-5253).

Pushing users to enable TPM by default will make it much easier to start marketing something like the Microsoft Store of being capable of TC-enhanced DRM. For example, a year or two after launch, an update could require you to be running Microsoft's hypothetical new DRM software in order to run any apps downloaded from the Microsoft Store - enforced using the TPM. The option to disable Trusted Computing might still exist, in this hypothetical, but would prevent you from using most / all licensed software. The TPM could also be used to force the devices owner to run certain software desired by the manufacturer or required by government regulation.

This would definitely help Windows market the Microsoft Store to 3rd parties, and is in direct alignment with their originally stated goals for Trusted Computing and DRM, and the original purpose of the TPM.

What does Hacker News think? Is this paranoia or is this a realistic direction for Windows to be moving?

3 comments

[ 2.5 ms ] story [ 12.0 ms ] thread
Quote from Ross Anderson's `Trusted Computing' Frequently Asked Questions - TC / TCG / LaGrande / NGSCB / Longhorn / Palladium / TCPA Version 1.1 (August 2003) https://www.cl.cam.ac.uk/~rja14/tcpa-faq.html:

    24. So why is this called `Trusted Computing'? I don't see why I should trust it at all!

    It's almost an in-joke. In the US Department of Defense, a `trusted system or component' is defined as `one which can break the security policy'. This might seem counter-intuitive at first, but just stop to think about it. The mail guard or firewall that stands between a Secret and a Top Secret system can - if it fails - break the security policy that mail should only ever flow from Secret to Top Secret, but never in the other direction. It is therefore trusted to enforce the information flow policy.

    Or take a civilian example: suppose you trust your doctor to keep your medical records private. This means that he has access to your records, so he could leak them to the press if he were careless or malicious. You don't trust me to keep your medical records, because I don't have them; regardless of whether I like you or hate you, I can't do anything to affect your policy that your medical records should be confidential. Your doctor can, though; and the fact that he is in a position to harm you is really what is meant (at a system level) when you say that you trust him. You may have a warm feeling about him, or you may just have to trust him because he is the only doctor on the island where you live; no matter, the DoD definition strips away these fuzzy, emotional aspects of `trust' (that can confuse people).

    During the late 1990s, as people debated government control over cryptography, Al Gore proposed a `Trusted Third Party' - a service that would keep a copy of your decryption key safe, just in case you (or the FBI, or the NSA) ever needed it. The name was derided as the sort of marketing exercise that saw the Russian colony of East Germany called the `German Democratic Republic'. But it really does chime with DoD thinking. A Trusted Third Party is a third party that can break your security policy.

    25. So a `Trusted Computer' is a computer that can break my security?

    That's a polite way of putting it.

    Ross Anderson
This is an incredibly interesting read.

> TC is also aimed at payment systems. One of the Microsoft visions is that much of the functionality now built on top of bank cards may move into software once the applications can be made tamper-resistant. This leads to a future in which we pay for books that we read, and music we listen to, at the rate of so many pennies per page or per minute. The broadband industry is pushing this vision; meanwhile some far-sighted people in the music industry are starting to get scared at the prospect of Microsoft charging a percentage on all their sales.

God, if only they knew -- but at the same time, we never reached the nightmare of "pay-per-minute" models for books or songs.