The strongest part of the article is piecing together the motivation and purpose behind Pluton:
In order to perhaps peek behind Microsoft's curtain a bit, let us look at what Pluton was designed to accomplish. When Microsoft announced Pluton in 2020, it said, "The Pluton design was introduced as part of the integrated hardware and OS security capabilities in the Xbox One console" [..]
But, what is the source of these physical attacks? Who are the attackers? As stated above, the Pluton design evolved from work done to prevent successful attacks against the Xbox One. Here is what Tony Chen, Xbox One's lead software engineer explained
"I want to talk to you about what we did on Xbox One to guard against physical attacks. [..] Ever since the very first Atari game console, for decades and decades, every game console maker has had their console been hacked such that people can play pirated games. [..] I'm proud to say that the Xbox One, which was shipped in 2013 for the last six years, at least we have not seen any evidence that anyone was able to break it for piracy or cheating"
In sum, it was designed to provide security against the owner. And all the defense of Pluton/TPM rests on persuading you that it won't be used for what it was designed and built for.
When I was at EFF, I often made arguments like this. I was surprised to find that, in the video game console context, a pretty significant number of gamers vocally disagreed!
Basically, they felt that a "good" console ecosystem was a rare and precious thing, and that it required things like curation, and inducement to developers to invest, which in turn required extensive control over players to make sure that they used their consoles only in approved ways, with approved software.
I'm trying to think of analogies to make this make more sense to me or other people like me. I think there is some comparison to be made to security checkpoints that someone might try to require before giving the public access to some place or activity. Probably not coincidentally, I don't like those either and don't want to see them expanded to more places and circumstances and parts of life. However, someone might sympathize with the concerns of the people creating the checkpoints strongly enough as to say "although these measures are intrusive and could be viewed as intruding on my rights, I feel that realistically the likely alternative is not getting to (fly|meet the president|meet the Queen|hold this expensive diamond) and that I can't see a path to getting to do that otherwise, so the choice for me seems like I should naturally accept the intrusions in order to get to do the thing".
Some of the gamers were saying, well, I want to play games that cost many millions of dollars to make, and the people who make those games say they want to target platforms where they get certain guarantees about restrictions on the players, otherwise they won't be able to invest that kind of money.
Some possible responses that come to mind, both in the analogy and the world we live in:
* We should have more Schelling fences to stop the spread of restrictions and control into more areas of life.
* We should find other ways of addressing the legitimate parts of other people's concerns, without intruding on individual freedoms as much.
* These rights should be treated as sacred, so too bad if other people aren't willing to respect them, or if they then don't do things that you wanted. (Or maybe activities that require certain levels of intrusion in order to be feasible or safe should just not occur at all.)
* Maybe people are lying, or mistaken, about the level of control that they actually need in order to let you do the things you want. Can we coordinate to call their bluff?
It's also a little complicated if you include the cheating part alongside the illegal copying part (and the games -- or HPC applications! -- developed with no royalty to the console maker part). There, many gamers do see gamers-in-general as the enemy, though not necessarily themselves; like "we're not trustworthy, as a group, so we need measures to stop the numerous cheaters among us from ruining things for the rest of us".
I was genuinely surprised to see many of these phenomena. (In a couple of cases, I think EFF announced some kind of support for people who were reverse engineering hardware to make it able to run unofficial software, and some gamers said "hey, you're supporting the bad guys here"!) But I'd like to hear other people's ideas about how to contend with them.
The concerns about cheating are valid, but we already have consoles to address them. I dread the possibilities of control in moving more activities, not just gaming, to the console model. Forget ad-blockers, there are already sites that prevent even copy-pasting of text unless one disables javascript.
> Maybe people are lying, or mistaken, about the level of control that they actually need in order to let you do the things you want. Can we coordinate to call their bluff?
They were lying when they claimed home taping was killing music, and that VCRs [0] were to film producers "as the Boston strangler is to the woman home alone" [1], and more recently, a EU-funded study that found piracy causes little harm was suppressed [2], so they should certainly not be taken at their word.
> When I was at EFF
Thank you for your service :)
[0] Ironic that, with how difficult saving video has become from streaming sites and services, we have largely lost the abilities the VCR afforded us. A good example of how quickly technology is turned against us.
> there are already sites that prevent even copy-pasting of text unless one disables javascript.
Worse, there are sites that prevent even viewing of text unless one enables JavaScript.
Anyway, to assist the GPP, and inspired by your user name, let me suggest that requiring TPM checks for people running (games on) PCs is like requiring your car to breathalyze you before starting the engine. (As Doctorow famously said "A car is a computer you put your body into"). The public would never allow that, right?
>let me suggest that requiring TPM checks for people running (games on) PCs is like requiring your car to breathalyze you before starting the engine.
There are situations where this would make an individual less safe but for people who have received DUI this is a reasonable and existing practice. I don't think it maps to computers, where rarely are lives on the line.
> Worse, there are sites that prevent even viewing of text unless one enables JavaScript.
In some cases, the text is displayed if you disable CSS as well as JavaScript. In some cases, the text can be found by view source. However, that does not always work.
I still use a VCR and TV. Although it is digital TV and needs to use a cable box that has their own software that does not work very well (there are many bugs in it) and cannot be made to do what you want it to do, it can still be connected to a VCR. It is without HDTV, but that is OK; I don't want HDTV; I want VCR. Together with public television, and captions (which HDMI does not have, but the composite video does have, so they can be recorded), we can have the recordings that we want to have easily enough.
We're better off if we can draw some clear lines that make it obvious when the tradeoffs get extreme.
If you're saying "here's a closed-loop unhackable console", or "here's a closed-loop media player" that's fundamentally a different value proposition than "here's a closed-loop unhackable general purpose computing device." It's sort of a toys versus tools dichotomy-- I'm fundamentally less bothered if someone sells me a permanently sealed and potted Game Boy, than intentionally crippling conventional desktop hardware.
Creeping DRM feels like they're trying to push the "tools" back into the "toy" category.
Part of this is likely a "we want our cake and to eat it too" mindset. They want to use more or less off-the-shelf technologies to make their sealed boxes. Why do you think most of the consoles eventually ended up as x86-64 or PPC derivatives-- they can freeload on all the work being done elsewhere. So they have to move from old-school hardware obscurity-- weird media formats which can't be readily wired to a normal PC, undocumented custom hardware-- to software lockdown.
But another part of it is the growing available functionality. The toys are becoming tools-- they want to put a browser and a media player and an online storefront onto their console, and then you're pretty damn close to "general purpose computing device" territory. So they need to find a way to justify the lockdown value proposition even on a device that has obvious user-tappable potential.
The phrase comes to mind: "it's impossible to make a man understand something if his salary depends on him not understanding it".
You're acting like those arguments are unbelievably novel, strange, like gamers are practically aliens. The alien in those conversations is you, my friend. The average person - and gamers are very average indeed given the industry's mass appeal - does not struggle to understand why hardware security exists. It's obvious, especially so because games companies say explicitly what the features are for and always did. It's because lots of people will break the rules if they aren't forced to follow them, and that leaves those who do follow them at a disadvantage.
If you are an honest person who does buy software, the optimal outcome for you is that a really good, transparent implementation of DRM (that never gets in your way) wipes out piracy completely. In that situation the expected price you'd have to pay will be lower (for a fixed level of quality) because the costs are being spread over a greater number of people. Additionally you won't feel like a mug for paying for something that your friends are pirating consequence free.
The cheating angle is by the way not specific to video games. The sort of tech that video games use to block cheating could also be used to block other kinds of "cheating", like bulk spamming, many kinds of hacking (e.g. SQL injection). Many kinds of software or network can be abused, but EFF and similar organizations typically act as if networks and two-sided transactions don't exist at all. Indeed it's really only on places like HN, the EFF, the free software community etc where this stuff is actually controversial. Outside those worlds a rant about DRM will just result in people being baffled. Gamers migrated to consoles en-masse because they understand the tradeoffs.
I agree, reading GP's comment is weird. People want enforced boundaries when they play games, and consoles are game devices. GP sounds like a confused alien trying to explain to other aliens why human sports players all agree to use regulation equipment and obey referees.
> it was designed to provide security against the owner
no. no, no, no, no, no. holy crap, no.
no.
it was designed to prevent unauthorized access to hardware.
corporations own computers, too. and you know what is on a lot of the computers they own? trade secrets. who wants those trade secrets? competitors, copycats, and so on. what is something that such motivated actors have a large amount of? money. money to hire thieves. money to buy expensive equipment. people to attempt to circumvent security measures.
Pluton is designed to address situations like this.
no one cares about John and Jane computer owner. Pluton will not be used against John or Jane unless John or Jane allow it, in some unforeseen situation I can't imagine.
Pluton is a very good weapon for corporate IT admins trying to secure their devices.
"BUT TPMs ALREADY DO THAT"
not unless you require a PIN on boot, and PINs on boot are a pain in the ass. no one likes them, no one wants them. they often have huge complexity requirements and can be easily forgotten. PINs suck. they suck so much that some unfortunate companies decide against the PIN requirement and implement things like BitLocker using the TPM alone, and that is extremely insecure to anyone with physical access to a device because TPM traffic can be captured.
"that seems like something that is very difficult and will never happen."
In other cases where enterprises wanted something that consumers cared little about (ECC RAM comes to mind, or the artificial limit on number of concurrent connections in non-server Windows editions), manufacturers were happy to cripple their product for consumers, so they could charge a premium to less price-sensitive enterprises.
But when it comes to Pluton, or the AMD and Intel management engines, they're making sure you can't buy a product without them at any price.
> it was designed to prevent unauthorized access to hardware.
Yes and it's all a big coincidence there's no owner override, so that only the manufacturer decides what is "authorized".
the administrator gets to decide what is turned on and how it is used. the administrator has back doors in, that are more involved and more secure than the front door. the private keys don't go to the manufacturer, but are created by the owner, etc.
there is always owner override in the case of the PC.
consoles are locked down because we have demonstrated to console manufacturers again and again, for 40 years, that we will pirate games for the console if it is at all possible. we have left zero room for interpretation with this message. we WILL steal if there is any way to steal. so in the case of consoles, yes. manufacturer only.
set the registry key and the requirement goes away.
the tpm doesn't hide things from you, it hides things from attackers. if you don't want your disk encrypted, then decrypt it. you can do that. it's very easy.
And now you're straight up lying. The whole purpose of the TPM is to hide cryptographic keys from anyone with physical access, including the owner. There is no override an owner can perform (via, say, a password set on first boot, that may be used to dump all the keys from the TPM into RAM).
It may not by itself force you to encrypt your disk, but it does enable all the abuses listed in https://en.wikipedia.org/wiki/Trusted_Computing#Criticism, that I won't waste summarizing, as it's becoming increasingly obvious you're arguing in bad faith.
> there is always owner override in the case of the PC.
Oh, the owner can tell Pluton to fake attestation results, so that, for example, it would report to a program that it's being executed in Genuine™ Microsoft Windows® 11, even if the program is actually being ran in a sandbox on linux?
Because if not, then there is no owner override, and it's a scheme to foist hardware-backed DRM onto PCs.
Are you trying to dispel concerns about remote attestation with "set up the environment properly"? Because that is exactly what has people worried - what is "proper" and who decides it.
Or have I misunderstood you, and you're claiming that Pluton either does not support remote attestation, or allows the owner to fake it? Because as far as I can tell from available information on Pluton and TPM modules, both those claims are false.
BitLocker type solutions don't rely on remote attestation. RA has never really taken off in any context.
Regardless, arguments against remote attestation are always very tricky. You're acting like it's morally clear cut but it's not.
RA is designed to stop you lying about what you're running to other people. It doesn't stop you running things, but it may mean others choose not to trade or engage with you based on what you're doing with the computer. So this is a direct translation to standard libertarian philosophy. You can choose your own terms but you can't force your preferred terms on others - you have to negotiate a contract that's mutually acceptable and then that contract needs to be enforced. RA is a kind of technologically enforced contract, instead of relying exclusively on the legal system.
That's why arguments that RA is evil always skip a few steps. The argument goes:
- I want to run X (typically some Linux distro)
- Some service Y won't trade with me unless X will do Z (typically enforcing some sort of agreement e.g. anti-cheat or license).
- X chooses not to do Z but I want Y to service me anyway. So I want to lie to them and feel entitled to being able to do that without being caught. This is moral because Linux.
Often with a helping of "I'm afraid that actually service Y might be most services".
The concerns here are valid - it would suck to no longer be able to use Linux with various remote services - but if you look at how the TPM and related tech are designed there's no actual technical reason you couldn't make Linux satisfy remote attestations. It's simply that Linux users would usually refuse to do so on philosophical grounds. Well, that's fine, but from a political and philosophical perspective it's reasonable for your counterparty to want some assurance that you'll actually implement the agreement you're claiming you will.
> So this is a direct translation to standard libertarian philosophy. You can choose your own terms but you can't force your preferred terms on others - you have to negotiate a contract that's mutually acceptable and then that contract needs to be enforced. RA is a kind of technologically enforced contract [..] Some service Y won't trade with me unless X will do Z (typically enforcing some sort of agreement e.g. anti-cheat or license).
What can I say but thank you - you've distilled the problems with the TPM much better than I have. What you describe is exactly what I fear. Look at how these contracts are "negotiated" today - the consumer either accepts, or goes to live in the woods ("I'm afraid that actually service Y might be most services".)
And the terms are one-sided at best, usually curtailing a bunch of important rights (mandatory arbitration, bans on publishing benchmarks, anti-reverse-engineering or indeed any kind of in-depth examination of functionality, such as when Facebook barred researches from gathering data from volunteers on what ads they were showing, bans on scraping publicly-accessible data - good luck comparing prices,.. you get the picture)
So what kind of contracts do you think we'll negotiate, without even the thin pretense of a fair legal system protecting us, and when "our" machines enforce their unbreakable chains?
If I'm being charitable, I'd put the odds that the overall effect of this expansion of contract law will be to our benefit as "slim".
>when it comes to Pluton, or the AMD and Intel management engines, they're making sure you can't buy a product without them at any price.
Not only that but under the guise of "recycling", many 18-wheelers of perfectly functional PCs are being destroyed rather than re-purposed and these are primarily the ones powerful enough to run the latest OS's.
Anything decently powerful lacking the encumbrance of the hardware ME/TPM generation is the prime target of the agressive destructive effort.
You picked a bunch of conditions you don't happen to like and then projected this onto the technology along with a giant helping of victimhood, but again, RA is morally neutral. It's like encryption, it can be used for things you may agree or disagree with but the tech is just a tool. In this case it's just a way to enforce agreements.
So here are some agreements that maybe you'd actually like to enforce on other people, using the exact same technology.
1. Cloud privacy. RA and related tech let's you request a remote attestation from the cloud provider that proves your VM memory is encrypted such that the hardware provider can't read it. This means you can compute in the cloud and not be spied on, not even if the legal system in the remote jurisdiction suddenly demands it.
You might think cloud providers would never offer this but you'd be dead wrong. Both Azure and GCP offer RA in which you are the one checking them and they offer it today.
2. Blocking spamming without needing captchas or modern JavaScript based equivalents. In turn that means you can now much more easily self host email and retain control and privacy currently sacrificed to big email providers.
4. Eliminating backdoors inserted by cloud CI systems. They prove what compilers they're using via RA.
Etc. This is just a few examples.
And that's why your argument is frankly morally flawed. Agreements and contracts are something everyone relies on whether they realize it or not. The fix for terms you don't like is not to demand leaky enforcement but, as always, market competition. If you hate Oracle's "no publishing of benchmarks" clauses - which are by the way unenforceable with RA anyway so that's a bad example to pick - then use postgresql instead.
At any rate, it's all rather irrelevant. You have much more bargaining power than you think and that is in fact why RA has never taken off. Outside of very controlled environments like games consoles or cloud VMs it's considered too complicated and excludes too many users who don't have the right hardware etc. Consumers effectively "negotiate" by picking services compatible with what they've got.
Brings to mind the book Little Brother by Cory Doctorow.
I far prefer non-DRM media and avoid buying books with it. TOR publishes some non-DRM books, for one. There is DRM on public library ebooks, fine for now, but it feels like a symptom of a flawed system. Assuming most people want to live with a sense of purpose, and some find that purpose in making art (stories in whatever form), I'd rather a system in which we're more-free to follow a creative path and the barriers to learning from those stories is lower. Might be that a healthy baseline is small communities making art together (think hunter-gatherer community singing, dancing, playing instruments, making sculpture, drawing, and telling stories, no busking and no locked doors, unless an unwelcome stranger comes along). What would it look like to maintain some level of global electronic connectedness and significantly lower the barrier to accessing art?
Is the current public-library model in the USA enough? From my experience with low-income high-school students afraid to enter a library because their parents borrowed a bunch of materials on the student card and racked up hundreds in late fees, there's room for improvement.
And then there's the question of what's a healthy balance between work and leisure? We're riding a wonderful wave of petroleum for now, and I'm really enjoying keeping up with distant friends via co-op videogames, but I accept that it's icing on the cake of life. Sitting around a handmade wooden table in a makeshift shack playing chess by firelight is a few layers back down to earth.
Cory is the most "foam-at-the-mouth" person I have ever even heard of.
Cory reads about something, stops at the very first hint of something that would inhibit his freedom, and writes extremely long and completely misguided manifestos that go directly away from the conclusion he would reach if he had even partial understanding of the situations he writes about.
the very worst thing about him is that he sounds hinged, people read his stuff, when he is in fact very much unhinged almost all of the time.
i dislike DRM too, a lot, but it exists for very good reasons. the public has repeatedly and strenuously shown every single company that produces anything that can be copied that large armies of people will do the copying and take the content without paying even a single penny.
25% of all PC video game players have pirated more than 50 games. approximately 1/3 of all PC gamers pirate games (as of 2016)[0]. Reminder that the video game market is larger than the movie and music industries combined, and that market does not include the games that are pirated.
Tor publishes exclusively trashy sci-fi - Honor Harrington, which has the most confused politics I’ve ever read, is probably one of their best written ones. I hope that’s not the only kind of book you’re letting yourself read.
Doesn’t TOR also publish works by Brandon Sanderson, Robert Jordan, Douglas Adams, Philip K. Dick, and others? I wouldn’t agree with characterizing those authors as “exclusively trashy sci-fi..” I am not sure if your comment means “of the sci fi they publish, it is all trashy” (implying they publish some non-sci fi that is not necessarily trashy) or “the only works they publish are sci fi and all of said sci fi is trashy”. Either way, I would bet most readers wouldn’t consider these authors to be trashy.
I think the original point that one can obtain enjoyable reads in DRM-free form from TOR still stands, even if not all books they publish are exemplary.
Robert Jordan is trashy fantasy though, yes. Once you figure out what his fetishes are you can see how much of the stuff in Wheel of Time is secretly a sex thing. (Several of the magic techniques are BDSM, the Aes Sedai "pillow friends", any time anyone uses compulsion, the weird amounts of women talking about spanking each other…)
Brandon Sanderson didn't do any of that when he took over, I guess he didn't notice it.
The physical attack Microsoft worried about is hacker extracting information from a stolen laptop. It only takes a single laptop (out of thousands) to infiltrate the company network and steal source code or whatever.
For enterprise users, this attack vector is a real threat. Microsoft definitely wants to dog food this technology to their own employees to avoid getting hacked.
While that is true, I cannot think of a real world scenario where it is relevant, since I don't think you can actually produce a specific plain text, but only corrupt certain sectors.
And in case it is a real issue one can use ZFS or btrfs as the file system to ensure data integrity.
But today I guess it's best practice to just use cloud SAAS for your enterprise . The pc is basically a thin client and does not store anything. You can't exfiltrate without the company knowing about it . This is more barriers for people to switch to Linux . Till date I don't know how secure boot stopped people from doing anything. What threat vector does tpm address and what is the % of that vector in overall threat landscape.
They are making a case for treating your pc like a embedded device or consumer electronics device. Where changing the OS is considered to be a crime cause you "hacked" the firmware and installed a new one.
Examples were given about how those things are accomplished today.
The arguments for Pluton given by Microsoft were not these scenarios. They literally says that this is off the back of the XBox where running your own code is a bad thing.
> Examples were given about how those things are accomplished today.
yes, but if the TPM is external to the CPU, as all are, the traffic to and from the TPM can be intercepted and the security provided is gone. even firmware TPMs store their data in flash, external to the CPU, and are therefore completely insecure to someone with physical access.
the only way to secure a device with a TPM today is to require a PIN on boot, and not rely on the TPM entirely. that is a huge pain in the ass and a more secure solution is needed. Pluton addresses this.
Corporate IT administrators DO NOT want attackers with a stolen laptop installing anything, or using the device in any way. This is the situation Pluton is for. it is not designed to prevent a rightful owner from anything at all, ever.
why do people who are concerned about their own privacy and security never seem to understand things like this? I do not understand.
I'll spell it out: entities who are NOT individuals own computers too, and the data on these devices is of extreme importance to those non-human entities. correctly administering these machines is of extreme importance to these non-human entities, as well.
those entities are why Pluton and the Intel Management Engine, respectively, exist.
Pluton seems like the next evolution of the TPM which has been around for many years. Many (most?) modern CPUs have a TPM built into the CPU already (Intel PTT and AMD fTPM) so it's not a huge change from the status quo as far as I can tell.
pro-privacy people always seem to lack a lot of understanding around modern security landscapes and make a lot of assumptions that aren't true anymore (if they ever were).
I mean no offense, by the way, it makes me want to conceive a modern security primer for privacy advocates, because the community appears to have fallen behind a bit. like any community that focuses on one thing, that focus is often at the expense of other things.
Windows: forced updates, forced unscheduled restarts, telemetry, spying, ads, cortona, forced surprise download of the entire windows 10 onto windows 7 systems, dark patterns,
Microsoft Teams: high CPU and RAM usage, electron, there is literally a UI/UX bug with every interaction, it strips away formatting I wanted while always keeping unwanted formatting, ignores the paste with shift convention to paste without formatting, forced WYSIWYG, scrolling randomly flies away seconds after I've reached where I wanted to scroll to, search is cumbersome, images sporadically timeout when trying to view them, users occasionally experience messages appearing sent but the recipient never got them or they never left the user's device.
These bugs are over a year old and generally not fixed.
neither I nor any of the people I work with have ANY of those issues with Teams, so I am going to have to blame an inadequate network or overzealous QoS somewhere causing a lot of that.
updates: users have shown Microsoft time and time again, that unless forced, users simply will not update their computers. the result was that we had an internet teeming with unpatched Windows systems getting very bad worms when the vulnerability was patched 6-months prior. everyone, including powerful governments, blamed Microsoft when the users were at fault. so now Microsoft forces updates, because we won't do it unless we are forced, and now everyone blames Microsoft. we put them in a corner, and now we deal with our complacency. so, we blame Microsoft when we don't do the right thing, and we blame Microsoft when they force us. genius.
restarts: literally never had a windows machine restart without telling me many hours prior. I think you all don't check your notification icons and let things live behind that "more..." arrow.
telemetry is fine, you can view it and delete it.
spying: doesn't happen. no one cares what you do and you are not important enough to spy on.
the forced win 10 upgrades were bullshit. you got me there, and I've never once defended that practice.
> so I am going to have to blame an inadequate network or overzealous QoS somewhere causing a lot of that.
I have fiber internet and no other application I use (zulip, slack, discord) behaves this badly so consistently.
> neither I nor any of the people I work with have ANY of those issues with Teams
But you can Google each issue and see endless reports of it being unresolved for years.
> excuses about updates, telemetry, spying
My computer, my decision. If I turn off auto updates, it should stay off. MS can have recommended and default settings, but removing the option for settings and removing the settings I selected are bad and anti-user.
don't use windows, then. I WANT to know that my computers are up to date at all times. you don't. great. use something else, then, and quit complaining.
Why is everyone ignoring the argument that Truecrypt and Veracrypt don't require a TPM to very securely encrypt a hard drive; therefore, TPM's are not even necessary to prevent a laptop thief from having access to corporate data or a company's internal network? If a securely-encrypted hard drive can be accomplished without a TPM (in or outside the CPU), why is a TPM in the CPU desirable? It seems to provide no real improvement in security will providing enormous potential for abuse. The only scenario that I can envision is that an employee simply refuses to encrypt his hard drive, even after he has been threatened with being fired if he does not. Does this happen often enough to justify the potential for abuse that a TPM inside the CPU affords--and in fact, assured abuse in countries like North Korea. By the way, I read today the Dell and Intel had decided not to use Pluton. How do you explain that if Pluton is so necessary.
To be fair, this person openly admits they don't understand the security proposition here. Pluton is certainly daunting and brings concerns to mind, but I'm going to take this person's thoughts with a grain of salt considering they extend that same suspicion to the TPM -- a piece of hardware that arguably provides great security value to the user. That it's difficult to explain to the lay person (which I disagree with, personally) doesn't mean that it's bad, and while they acknowledge this, I think the answer is to try to dig in and understand better, not throw around suspicion out of some sense of intuition.
When you dig into this, Pluton is generally going to be shipped in one of three configurations:
1. Pluton presents itself as a TPM
2. Pluton doesn't emulate a TPM, can run other code (usually platform resiliency features, so think enterprise systems)
3. Pluton is disabled
Essentially, this is a standardization of the "firmware TPM" tech you can find in modern Intel/AMD processors, and they even mention that part of the driving reason behind this is that the current TPM status quo often incorporates a discrete TPM chip, which is vulnerable to attacks that intercept communication on the bus used by the TPM (thus allowing someone to steal encryption keys). This essentially moves to having a firmware TPM as a standard, as well as providing a more standardized API/update mechanism.
I have qualms with Microsoft spearheading the effort alone, but at face value, I don't think this is something bad. I think that hardening hardware against all forms of attack -- even physical -- is good. Just because it's not something you have to worry about (re: evil maid) doesn't mean someone else doesn't!
that phrase alone renders any opinions of the entire article invalid. I stopped reading at that sentence, because it conveys a complete lack of understanding of the problems that TPMs, and Pluton, solve.
60 comments
[ 6.0 ms ] story [ 121 ms ] threadIn order to perhaps peek behind Microsoft's curtain a bit, let us look at what Pluton was designed to accomplish. When Microsoft announced Pluton in 2020, it said, "The Pluton design was introduced as part of the integrated hardware and OS security capabilities in the Xbox One console" [..]
But, what is the source of these physical attacks? Who are the attackers? As stated above, the Pluton design evolved from work done to prevent successful attacks against the Xbox One. Here is what Tony Chen, Xbox One's lead software engineer explained
"I want to talk to you about what we did on Xbox One to guard against physical attacks. [..] Ever since the very first Atari game console, for decades and decades, every game console maker has had their console been hacked such that people can play pirated games. [..] I'm proud to say that the Xbox One, which was shipped in 2013 for the last six years, at least we have not seen any evidence that anyone was able to break it for piracy or cheating"
In sum, it was designed to provide security against the owner. And all the defense of Pluton/TPM rests on persuading you that it won't be used for what it was designed and built for.
Basically, they felt that a "good" console ecosystem was a rare and precious thing, and that it required things like curation, and inducement to developers to invest, which in turn required extensive control over players to make sure that they used their consoles only in approved ways, with approved software.
I'm trying to think of analogies to make this make more sense to me or other people like me. I think there is some comparison to be made to security checkpoints that someone might try to require before giving the public access to some place or activity. Probably not coincidentally, I don't like those either and don't want to see them expanded to more places and circumstances and parts of life. However, someone might sympathize with the concerns of the people creating the checkpoints strongly enough as to say "although these measures are intrusive and could be viewed as intruding on my rights, I feel that realistically the likely alternative is not getting to (fly|meet the president|meet the Queen|hold this expensive diamond) and that I can't see a path to getting to do that otherwise, so the choice for me seems like I should naturally accept the intrusions in order to get to do the thing".
Some of the gamers were saying, well, I want to play games that cost many millions of dollars to make, and the people who make those games say they want to target platforms where they get certain guarantees about restrictions on the players, otherwise they won't be able to invest that kind of money.
Some possible responses that come to mind, both in the analogy and the world we live in:
* We should have more Schelling fences to stop the spread of restrictions and control into more areas of life.
* We should find other ways of addressing the legitimate parts of other people's concerns, without intruding on individual freedoms as much.
* These rights should be treated as sacred, so too bad if other people aren't willing to respect them, or if they then don't do things that you wanted. (Or maybe activities that require certain levels of intrusion in order to be feasible or safe should just not occur at all.)
* Maybe people are lying, or mistaken, about the level of control that they actually need in order to let you do the things you want. Can we coordinate to call their bluff?
It's also a little complicated if you include the cheating part alongside the illegal copying part (and the games -- or HPC applications! -- developed with no royalty to the console maker part). There, many gamers do see gamers-in-general as the enemy, though not necessarily themselves; like "we're not trustworthy, as a group, so we need measures to stop the numerous cheaters among us from ruining things for the rest of us".
I was genuinely surprised to see many of these phenomena. (In a couple of cases, I think EFF announced some kind of support for people who were reverse engineering hardware to make it able to run unofficial software, and some gamers said "hey, you're supporting the bad guys here"!) But I'd like to hear other people's ideas about how to contend with them.
> Maybe people are lying, or mistaken, about the level of control that they actually need in order to let you do the things you want. Can we coordinate to call their bluff?
They were lying when they claimed home taping was killing music, and that VCRs [0] were to film producers "as the Boston strangler is to the woman home alone" [1], and more recently, a EU-funded study that found piracy causes little harm was suppressed [2], so they should certainly not be taken at their word.
> When I was at EFF
Thank you for your service :)
[0] Ironic that, with how difficult saving video has become from streaming sites and services, we have largely lost the abilities the VCR afforded us. A good example of how quickly technology is turned against us.
[1] https://en.wikipedia.org/wiki/Videocassette_recorder#Legal_c...
[2] https://juliareda.eu/2017/09/secret-copyright-infringement-s...
Worse, there are sites that prevent even viewing of text unless one enables JavaScript.
Anyway, to assist the GPP, and inspired by your user name, let me suggest that requiring TPM checks for people running (games on) PCs is like requiring your car to breathalyze you before starting the engine. (As Doctorow famously said "A car is a computer you put your body into"). The public would never allow that, right?
https://www.forensicmag.com/578254-Infrastructure-Bill-Would...
There are situations where this would make an individual less safe but for people who have received DUI this is a reasonable and existing practice. I don't think it maps to computers, where rarely are lives on the line.
In some cases, the text is displayed if you disable CSS as well as JavaScript. In some cases, the text can be found by view source. However, that does not always work.
If you're saying "here's a closed-loop unhackable console", or "here's a closed-loop media player" that's fundamentally a different value proposition than "here's a closed-loop unhackable general purpose computing device." It's sort of a toys versus tools dichotomy-- I'm fundamentally less bothered if someone sells me a permanently sealed and potted Game Boy, than intentionally crippling conventional desktop hardware.
Creeping DRM feels like they're trying to push the "tools" back into the "toy" category.
Part of this is likely a "we want our cake and to eat it too" mindset. They want to use more or less off-the-shelf technologies to make their sealed boxes. Why do you think most of the consoles eventually ended up as x86-64 or PPC derivatives-- they can freeload on all the work being done elsewhere. So they have to move from old-school hardware obscurity-- weird media formats which can't be readily wired to a normal PC, undocumented custom hardware-- to software lockdown.
But another part of it is the growing available functionality. The toys are becoming tools-- they want to put a browser and a media player and an online storefront onto their console, and then you're pretty damn close to "general purpose computing device" territory. So they need to find a way to justify the lockdown value proposition even on a device that has obvious user-tappable potential.
You're acting like those arguments are unbelievably novel, strange, like gamers are practically aliens. The alien in those conversations is you, my friend. The average person - and gamers are very average indeed given the industry's mass appeal - does not struggle to understand why hardware security exists. It's obvious, especially so because games companies say explicitly what the features are for and always did. It's because lots of people will break the rules if they aren't forced to follow them, and that leaves those who do follow them at a disadvantage.
If you are an honest person who does buy software, the optimal outcome for you is that a really good, transparent implementation of DRM (that never gets in your way) wipes out piracy completely. In that situation the expected price you'd have to pay will be lower (for a fixed level of quality) because the costs are being spread over a greater number of people. Additionally you won't feel like a mug for paying for something that your friends are pirating consequence free.
The cheating angle is by the way not specific to video games. The sort of tech that video games use to block cheating could also be used to block other kinds of "cheating", like bulk spamming, many kinds of hacking (e.g. SQL injection). Many kinds of software or network can be abused, but EFF and similar organizations typically act as if networks and two-sided transactions don't exist at all. Indeed it's really only on places like HN, the EFF, the free software community etc where this stuff is actually controversial. Outside those worlds a rant about DRM will just result in people being baffled. Gamers migrated to consoles en-masse because they understand the tradeoffs.
no. no, no, no, no, no. holy crap, no.
no.
it was designed to prevent unauthorized access to hardware.
corporations own computers, too. and you know what is on a lot of the computers they own? trade secrets. who wants those trade secrets? competitors, copycats, and so on. what is something that such motivated actors have a large amount of? money. money to hire thieves. money to buy expensive equipment. people to attempt to circumvent security measures.
Pluton is designed to address situations like this.
no one cares about John and Jane computer owner. Pluton will not be used against John or Jane unless John or Jane allow it, in some unforeseen situation I can't imagine.
Pluton is a very good weapon for corporate IT admins trying to secure their devices.
"BUT TPMs ALREADY DO THAT"
not unless you require a PIN on boot, and PINs on boot are a pain in the ass. no one likes them, no one wants them. they often have huge complexity requirements and can be easily forgotten. PINs suck. they suck so much that some unfortunate companies decide against the PIN requirement and implement things like BitLocker using the TPM alone, and that is extremely insecure to anyone with physical access to a device because TPM traffic can be captured.
"that seems like something that is very difficult and will never happen."
it's very easy: https://news.ycombinator.com/item?id=29258879
Pluton was designed for the same thing that the Intel Management Engine and other related technologies were designed for: corporate IT administrators.
But when it comes to Pluton, or the AMD and Intel management engines, they're making sure you can't buy a product without them at any price.
> it was designed to prevent unauthorized access to hardware.
Yes and it's all a big coincidence there's no owner override, so that only the manufacturer decides what is "authorized".
the administrator gets to decide what is turned on and how it is used. the administrator has back doors in, that are more involved and more secure than the front door. the private keys don't go to the manufacturer, but are created by the owner, etc.
there is always owner override in the case of the PC.
consoles are locked down because we have demonstrated to console manufacturers again and again, for 40 years, that we will pirate games for the console if it is at all possible. we have left zero room for interpretation with this message. we WILL steal if there is any way to steal. so in the case of consoles, yes. manufacturer only.
If not, then there is no override.
the tpm doesn't hide things from you, it hides things from attackers. if you don't want your disk encrypted, then decrypt it. you can do that. it's very easy.
It may not by itself force you to encrypt your disk, but it does enable all the abuses listed in https://en.wikipedia.org/wiki/Trusted_Computing#Criticism, that I won't waste summarizing, as it's becoming increasingly obvious you're arguing in bad faith.
In short, there is no opting out barring an alternative OS.
So going back to my question: The answer is a resounding no.
It’s hard to believe you’re participating in good faith at this point.
Oh, the owner can tell Pluton to fake attestation results, so that, for example, it would report to a program that it's being executed in Genuine™ Microsoft Windows® 11, even if the program is actually being ran in a sandbox on linux?
Because if not, then there is no owner override, and it's a scheme to foist hardware-backed DRM onto PCs.
set up the environment properly, so that the attestation can happen, and it will happen.
Or have I misunderstood you, and you're claiming that Pluton either does not support remote attestation, or allows the owner to fake it? Because as far as I can tell from available information on Pluton and TPM modules, both those claims are false.
Regardless, arguments against remote attestation are always very tricky. You're acting like it's morally clear cut but it's not.
RA is designed to stop you lying about what you're running to other people. It doesn't stop you running things, but it may mean others choose not to trade or engage with you based on what you're doing with the computer. So this is a direct translation to standard libertarian philosophy. You can choose your own terms but you can't force your preferred terms on others - you have to negotiate a contract that's mutually acceptable and then that contract needs to be enforced. RA is a kind of technologically enforced contract, instead of relying exclusively on the legal system.
That's why arguments that RA is evil always skip a few steps. The argument goes:
- I want to run X (typically some Linux distro)
- Some service Y won't trade with me unless X will do Z (typically enforcing some sort of agreement e.g. anti-cheat or license).
- X chooses not to do Z but I want Y to service me anyway. So I want to lie to them and feel entitled to being able to do that without being caught. This is moral because Linux.
Often with a helping of "I'm afraid that actually service Y might be most services".
The concerns here are valid - it would suck to no longer be able to use Linux with various remote services - but if you look at how the TPM and related tech are designed there's no actual technical reason you couldn't make Linux satisfy remote attestations. It's simply that Linux users would usually refuse to do so on philosophical grounds. Well, that's fine, but from a political and philosophical perspective it's reasonable for your counterparty to want some assurance that you'll actually implement the agreement you're claiming you will.
What can I say but thank you - you've distilled the problems with the TPM much better than I have. What you describe is exactly what I fear. Look at how these contracts are "negotiated" today - the consumer either accepts, or goes to live in the woods ("I'm afraid that actually service Y might be most services".)
And the terms are one-sided at best, usually curtailing a bunch of important rights (mandatory arbitration, bans on publishing benchmarks, anti-reverse-engineering or indeed any kind of in-depth examination of functionality, such as when Facebook barred researches from gathering data from volunteers on what ads they were showing, bans on scraping publicly-accessible data - good luck comparing prices,.. you get the picture)
So what kind of contracts do you think we'll negotiate, without even the thin pretense of a fair legal system protecting us, and when "our" machines enforce their unbreakable chains?
If I'm being charitable, I'd put the odds that the overall effect of this expansion of contract law will be to our benefit as "slim".
Not only that but under the guise of "recycling", many 18-wheelers of perfectly functional PCs are being destroyed rather than re-purposed and these are primarily the ones powerful enough to run the latest OS's.
Anything decently powerful lacking the encumbrance of the hardware ME/TPM generation is the prime target of the agressive destructive effort.
So here are some agreements that maybe you'd actually like to enforce on other people, using the exact same technology.
1. Cloud privacy. RA and related tech let's you request a remote attestation from the cloud provider that proves your VM memory is encrypted such that the hardware provider can't read it. This means you can compute in the cloud and not be spied on, not even if the legal system in the remote jurisdiction suddenly demands it.
You might think cloud providers would never offer this but you'd be dead wrong. Both Azure and GCP offer RA in which you are the one checking them and they offer it today.
2. Blocking spamming without needing captchas or modern JavaScript based equivalents. In turn that means you can now much more easily self host email and retain control and privacy currently sacrificed to big email providers.
3. Copyleft enforcement. Yes really. It'd require toolchain integration but it's possible.
4. Eliminating backdoors inserted by cloud CI systems. They prove what compilers they're using via RA.
Etc. This is just a few examples.
And that's why your argument is frankly morally flawed. Agreements and contracts are something everyone relies on whether they realize it or not. The fix for terms you don't like is not to demand leaky enforcement but, as always, market competition. If you hate Oracle's "no publishing of benchmarks" clauses - which are by the way unenforceable with RA anyway so that's a bad example to pick - then use postgresql instead.
At any rate, it's all rather irrelevant. You have much more bargaining power than you think and that is in fact why RA has never taken off. Outside of very controlled environments like games consoles or cloud VMs it's considered too complicated and excludes too many users who don't have the right hardware etc. Consumers effectively "negotiate" by picking services compatible with what they've got.
I far prefer non-DRM media and avoid buying books with it. TOR publishes some non-DRM books, for one. There is DRM on public library ebooks, fine for now, but it feels like a symptom of a flawed system. Assuming most people want to live with a sense of purpose, and some find that purpose in making art (stories in whatever form), I'd rather a system in which we're more-free to follow a creative path and the barriers to learning from those stories is lower. Might be that a healthy baseline is small communities making art together (think hunter-gatherer community singing, dancing, playing instruments, making sculpture, drawing, and telling stories, no busking and no locked doors, unless an unwelcome stranger comes along). What would it look like to maintain some level of global electronic connectedness and significantly lower the barrier to accessing art?
Is the current public-library model in the USA enough? From my experience with low-income high-school students afraid to enter a library because their parents borrowed a bunch of materials on the student card and racked up hundreds in late fees, there's room for improvement.
And then there's the question of what's a healthy balance between work and leisure? We're riding a wonderful wave of petroleum for now, and I'm really enjoying keeping up with distant friends via co-op videogames, but I accept that it's icing on the cake of life. Sitting around a handmade wooden table in a makeshift shack playing chess by firelight is a few layers back down to earth.
Cory reads about something, stops at the very first hint of something that would inhibit his freedom, and writes extremely long and completely misguided manifestos that go directly away from the conclusion he would reach if he had even partial understanding of the situations he writes about.
the very worst thing about him is that he sounds hinged, people read his stuff, when he is in fact very much unhinged almost all of the time.
i dislike DRM too, a lot, but it exists for very good reasons. the public has repeatedly and strenuously shown every single company that produces anything that can be copied that large armies of people will do the copying and take the content without paying even a single penny.
25% of all PC video game players have pirated more than 50 games. approximately 1/3 of all PC gamers pirate games (as of 2016)[0]. Reminder that the video game market is larger than the movie and music industries combined, and that market does not include the games that are pirated.
[0] https://www.pcgamer.com/pc-piracy-survey-results-35-percent-...
I think the original point that one can obtain enjoyable reads in DRM-free form from TOR still stands, even if not all books they publish are exemplary.
Robert Jordan is trashy fantasy though, yes. Once you figure out what his fetishes are you can see how much of the stuff in Wheel of Time is secretly a sex thing. (Several of the magic techniques are BDSM, the Aes Sedai "pillow friends", any time anyone uses compulsion, the weird amounts of women talking about spanking each other…)
Brandon Sanderson didn't do any of that when he took over, I guess he didn't notice it.
For enterprise users, this attack vector is a real threat. Microsoft definitely wants to dog food this technology to their own employees to avoid getting hacked.
TPMs are external to the CPU and traffic to and from them can be intercepted and used to decrypt the disk.
there was an article on that exact situation a few weeks ago, right here on HN.
https://news.ycombinator.com/item?id=29258879
File-based encryption (like the one T2 and later Macs use) is safest.
And in case it is a real issue one can use ZFS or btrfs as the file system to ensure data integrity.
The arguments for Pluton given by Microsoft were not these scenarios. They literally says that this is off the back of the XBox where running your own code is a bad thing.
yes, but if the TPM is external to the CPU, as all are, the traffic to and from the TPM can be intercepted and the security provided is gone. even firmware TPMs store their data in flash, external to the CPU, and are therefore completely insecure to someone with physical access.
see: https://news.ycombinator.com/item?id=29258879
the only way to secure a device with a TPM today is to require a PIN on boot, and not rely on the TPM entirely. that is a huge pain in the ass and a more secure solution is needed. Pluton addresses this.
Corporate IT administrators DO NOT want attackers with a stolen laptop installing anything, or using the device in any way. This is the situation Pluton is for. it is not designed to prevent a rightful owner from anything at all, ever.
why do people who are concerned about their own privacy and security never seem to understand things like this? I do not understand.
I'll spell it out: entities who are NOT individuals own computers too, and the data on these devices is of extreme importance to those non-human entities. correctly administering these machines is of extreme importance to these non-human entities, as well.
those entities are why Pluton and the Intel Management Engine, respectively, exist.
Because it’s forced on everyone as a default.
UEFI and TPM is great to detect firmware and OS tampering. It’s a real concern for anyone working on Windows.
The problems are intent and unexpected consequences, which are the problems created by requiring TPM.
For example, either the trusted third party must be infallible or what happens on tampering detection must be reasonable.
If something goes wrong with the remote attestation, what am I prevented from doing?
It also adds pressure to increase DRM, which the average paying-user would find extremely punishing (think Blu-ray discs).
pro-privacy people always seem to lack a lot of understanding around modern security landscapes and make a lot of assumptions that aren't true anymore (if they ever were).
I mean no offense, by the way, it makes me want to conceive a modern security primer for privacy advocates, because the community appears to have fallen behind a bit. like any community that focuses on one thing, that focus is often at the expense of other things.
https://en.m.wikipedia.org/wiki/Criticism_of_Windows_10
Microsoft Teams: high CPU and RAM usage, electron, there is literally a UI/UX bug with every interaction, it strips away formatting I wanted while always keeping unwanted formatting, ignores the paste with shift convention to paste without formatting, forced WYSIWYG, scrolling randomly flies away seconds after I've reached where I wanted to scroll to, search is cumbersome, images sporadically timeout when trying to view them, users occasionally experience messages appearing sent but the recipient never got them or they never left the user's device.
These bugs are over a year old and generally not fixed.
updates: users have shown Microsoft time and time again, that unless forced, users simply will not update their computers. the result was that we had an internet teeming with unpatched Windows systems getting very bad worms when the vulnerability was patched 6-months prior. everyone, including powerful governments, blamed Microsoft when the users were at fault. so now Microsoft forces updates, because we won't do it unless we are forced, and now everyone blames Microsoft. we put them in a corner, and now we deal with our complacency. so, we blame Microsoft when we don't do the right thing, and we blame Microsoft when they force us. genius.
restarts: literally never had a windows machine restart without telling me many hours prior. I think you all don't check your notification icons and let things live behind that "more..." arrow.
telemetry is fine, you can view it and delete it.
spying: doesn't happen. no one cares what you do and you are not important enough to spy on.
the forced win 10 upgrades were bullshit. you got me there, and I've never once defended that practice.
I have fiber internet and no other application I use (zulip, slack, discord) behaves this badly so consistently.
> neither I nor any of the people I work with have ANY of those issues with Teams
But you can Google each issue and see endless reports of it being unresolved for years.
> excuses about updates, telemetry, spying
My computer, my decision. If I turn off auto updates, it should stay off. MS can have recommended and default settings, but removing the option for settings and removing the settings I selected are bad and anti-user.
don't use windows, then. I WANT to know that my computers are up to date at all times. you don't. great. use something else, then, and quit complaining.
"The only thing necessary for the triumph of evil is for good men to do nothing."
You seem weirdly complacent with objectively bad things. Things can be better and it's worth fighting for.
When you dig into this, Pluton is generally going to be shipped in one of three configurations:
1. Pluton presents itself as a TPM
2. Pluton doesn't emulate a TPM, can run other code (usually platform resiliency features, so think enterprise systems)
3. Pluton is disabled
Essentially, this is a standardization of the "firmware TPM" tech you can find in modern Intel/AMD processors, and they even mention that part of the driving reason behind this is that the current TPM status quo often incorporates a discrete TPM chip, which is vulnerable to attacks that intercept communication on the bus used by the TPM (thus allowing someone to steal encryption keys). This essentially moves to having a firmware TPM as a standard, as well as providing a more standardized API/update mechanism.
I have qualms with Microsoft spearheading the effort alone, but at face value, I don't think this is something bad. I think that hardening hardware against all forms of attack -- even physical -- is good. Just because it's not something you have to worry about (re: evil maid) doesn't mean someone else doesn't!
(For reference, this article covers a lot of what I'm referring to: https://noise.getoto.net/2022/01/09/pluton-is-not-currently-...)
that phrase alone renders any opinions of the entire article invalid. I stopped reading at that sentence, because it conveys a complete lack of understanding of the problems that TPMs, and Pluton, solve.