Why is M$ pushing TPM?

Discussion in 'Windows 10' started by eemuler, May 20, 2018.

  1. eemuler

    eemuler MDL Member

    Jul 31, 2015
    188
    37
    10
    The Windows 10 April 2018 update (1803) has started nagging users to get their TPM fully functional - e.g. if it needs a firmware update to do so, you get alerted to this through notifications and through the Windows Defender app screen. This is true even for those users who don't use BitLocker etc., and just use Windows Hello for signing in to Windows (fingerprint).

    When the TPM idea was introduced about a decade ago, it was initially hailed as something that would end software piracy once and for all, then little was heard on that topic subsequently, probably due to the various bugs that surfaced. Has anything changed significantly since then? Is a fully functional TPM now capable of actually achieving this objective? Is that why M$ seems to be keen on pushing it down our throats?

    Where are we headed? Are these concerns valid? Or will the great masters at MDL be able to figure out a way to circumvent this?
     
  2. toyo

    toyo MDL Junior Member

    Aug 14, 2009
    89
    58
    0
    That was back in 2008, and 10 years later, TPM didn't stop ONE pirate. There are a LOT of (new) PCs that either don't have access to TPM, (because owners would need to buy one for the motherboard), or they have access to something like Intel's PTT, which requires the user to enable it in he BIOS and configure it etc - and that requires a relatively modern Intel platform (or AMD, didn't look into details). Even then, for your normal home user that pretty much plays games, works on some apps (maybe Adobe stuff, coding etc.) and browses the web there's little to no benefit enabling TPM. On a normal desktop, there won't be Windows Hello. That leaves you with Bitlocker, which is pretty much a performance impact for what? Protecting the SSD that's in your PC that's in your locked home from potential thieves? If they break into your house, your PC is the last of your worries.

    At this point selling games that rely on TPM will reduce sales by a lot. Nobody wants to buy and configure additional hardware just to play a game. Sure, if you want to sell to just relatively modern laptop users, I guess :)

    The old 2008 quote:
    "There is a stealth encryption chip called a TPM that is going on the motherboards of most of the computers that are coming out now. What that says is that in the games business we will be able to encrypt with an absolutely verifiable private key in the encryption world -- which is uncrackable by people on the internet and by giving away passwords -- which will allow for a huge market to develop in some of the areas where piracy has been a real problem."
     
  3. toyo

    toyo MDL Junior Member

    Aug 14, 2009
    89
    58
    0
    You're misunderstanding that quote.

    Those are requirements for OEMs selling new PCs so they get Windows 10 certifications. Build your own PC, and all falls apart, as you can do whatever you chose to.

    Again, you can do TPM piracy prevention, but you'll exclude everyone with an older PC or not willing to enable/config it in their self-built new PC.
     
  4. eemuler

    eemuler MDL Member

    Jul 31, 2015
    188
    37
    10
    Just because they failed 10 years ago doesn't mean they'll fail now. Smartphones have shown the way. Installing pirated stuff on an iPhone, while possible, is quite a tough proposition.

    I get your point about older PCs, OEMs are a different matter. Entry level systems from OEMs often don't have TPMs, but if you build your own system, chances are very high that your motherboard will have it already. If you have it and choose to disable it, M$ should be able to detect it. They could also cripple the performance on non-TPM PCs - "if, as you claim, your PC is too old to have a TPM, why would you need high performance anyway?" would be their rationale.

    It is a very lucrative gambit for M$ to attempt. Will software producers be willing to pay for this? Certainly. Adobe alone would make it a worthwhile proposition for M$.
     
  5. toyo

    toyo MDL Junior Member

    Aug 14, 2009
    89
    58
    0
  6. lewcass

    lewcass MDL Senior Member

    Mar 10, 2018
    430
    229
    10
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. wonderwall

    wonderwall MDL Novice

    Apr 24, 2015
    17
    6
    0
    :rolleyes:

    today, TPM is used to enable BitLocker full-disk encryption for the boot disk without the need to enter a PIN or other token* at startup. seamless, automatic disk encryption. it doesn't do anything to prevent piracy today. Please don't post false information about security features you don't understand.

    All iPhones are encrypted in a similar fashion without the user having to do anything, and I believe many Android devices are as well (in the past you had to enable it manually)

    *Even if using TPM, I still recommend the use of a PIN/password or other second factor.
     
  8. wonderwall

    wonderwall MDL Novice

    Apr 24, 2015
    17
    6
    0
    also, M$? seriously?
     
  9. toyo

    toyo MDL Junior Member

    Aug 14, 2009
    89
    58
    0
    What's funny is that when this quote was produced in 2008, the guy (Nolan Bushnell) thought it would "fix" piracy in markets like India/Asia.

    "As soon as the installed base of the TPM hardware chip gets large enough, we will start to see revenues coming from Asia and India at a time when before it didn't make sense."

    Living in one of the Eastern Europe countries that can be considered "in development" myself, I find it hilarious. People here would earn something like 320 EURO, and our neighbors south earn even less, 240 EURO - minimum wage - and don't think the averages are considerably better, or that the cost of living is less than in the rest of EU. India probably has it way worse on most of its areas since it's still a largely rural country. It's not like these people make a decision to not pay for their games, it's rather that they cannot most of the time, that money is spent on food/housing/taxes, and in happier cases saved towards a new PC 5 every years.

    To even think (and hope) that you can extract more money from these people is insane, and absolutely retarded. Just further proof of the huge gap between the "civilized", rich Western society and pretty much the rest of the world. This dude founded Atari, you'd have some expectations from him. Hopefully in these 10 years that passed he woke up a bit to the reality surrounding his cocoon of wealth.
     
  10. Tiger-1

    Tiger-1 MDL Guru

    Oct 18, 2014
    3,396
    3,663
    120
    yep you are correct, here my Gigabyte GA-F2A88XM-D3HP is same thing :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. eemuler

    eemuler MDL Member

    Jul 31, 2015
    188
    37
    10
    Exactly. Some more insight from India, where I'm from, btw. Revenues are coming in from India, not from the impoverished masses, but from established commercial enterprises - companies, offices, etc. In fact, piracy can be considered as having helped to promote these revenues by creating a user base of potential employees already familiar with said pirated software. When you hire a new guy, the chances are very high he already knows Windows, M$ Office, Photoshop, AutoCAD, etc. because pirated versions of these have been available to him for years. Companies will buy genuine versions of these because skilled labour for them is relatively easy to find. If you have to train them from scratch, you might as well go with some opensource alternative.
     
  12. Tiger-1

    Tiger-1 MDL Guru

    Oct 18, 2014
    3,396
    3,663
    120
    Hi bro eemuler, thanks for very good post here in Brazil is same thing ;):)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. eemuler

    eemuler MDL Member

    Jul 31, 2015
    188
    37
    10
    I had a genuine concern, so I asked here at MDL about it. Where else am I going to ask? M$?

    The current application of TPM is largely BitLocker, etc. as you rightly say, but to assume that this is all that TPM can be used for is to bury your head in the sand. Most banking websites WILL NOT RUN unless you have an updated browser. Is it entirely beyond the realm of possibility that some of them might start asking for TPM also? You NEED digital signatures for many international banking transactions (letters of credit, etc.). TPM has the ability to work with that.

    What is concerning me is that M$ is making a serious effort to expand the installed base of users with a working TPM. Why are they doing that? Look at the vast number of threads about M$ and data mining and privacy in Windows 10.More or less the same questions were asked about those also. No need to jump down my throat if I ask about where TPM might be heading.

    Think about it. Will a genuine customer of, say, Photoshop, balk at setting up TPM if Adobe makes it an essential requirement? Even if the TPM is not built in to the motherboard, it is a small, relatively low cost add-on card.
     
  14. wonderwall

    wonderwall MDL Novice

    Apr 24, 2015
    17
    6
    0
    Once again, M$? Is this 2005-era Slashdot?

    I've heard this sort of unfounded paranoid nonsense for years. It's harmful because it actively discourages people from using security features. please don't do that
     
  15. eemuler

    eemuler MDL Member

    Jul 31, 2015
    188
    37
    10
    Pardon me, but if I sound paranoid, you sound like a paid M$ stooge, planted here to actively discourage people from looking too closely at what M$ is doing. Unless you are a member of the inner circle of M$ management (which I very much doubt), you know about as much as I do about this, which is very little. I'd rather hear from Daz, or the creators of the KMS tools. If they say, don't worry, it TPM linked software authentication becomes a reality, we'll figure out how to circumvent it, I'll rest easy.
     
  16. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    11,166
    10,916
    340
    #17 Yen, May 23, 2018
    Last edited: May 23, 2018
    TPM is a step to give up own control of the own OS and own hardware. The same applies to secure boot.

    Such 'features' are pushed to strengthen markets. People get fooled by promising to have more security, but in fact they only care about their own interests.
    The last time when I've heard about TPM it was W8 and secure boot (UEFI).

    There already M$ distorted the facts. They justified to introduce UEFI as an advantage for instance to use GPT. In realty EFI is not needed to boot GPT.
    They wanted to have secure boot and TPM. But due to resistance i.a. from the Linux community the OEMs realized secure boot as enable/disable system.

    It seems now M$ starts a new attempt to push it again.

    Everybody who is looking for a reasonable security concept and cryptography would never go for a system that uses private keys which are issued/controlled by an unknown.

    By using TPM the issuer could theoretically determine what is allowed to run on your PC and what is determined as 'malware'. The issuer could determine a condition of hardware/OS which they'd have signed to be 'original' and any own changes as unauthorized change....and might refuse to start.

    General rule: Never use a security system of which you have no own control and no influence on creating the private keys...either for signing or for encoding...

    By using TPM one always follows the idea of integrity of the issuer. This always comes with losing own freedom as soon as one has another idea of it.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  17. nodnar

    nodnar MDL Addicted

    Oct 15, 2011
    953
    622
    30
    TPM, UEFI,`secure`boot `, free` windows 10, all are beyond our control. i have got my doubts about some members here too.. some even spell their names in green. fact is that m$ is trying to get a standardized user base with w 10.. and now they give TPM another try as well. after all their unwarranted updates of their operating system, the user has lost sight of what it is really doing.i bet otto normalverbraucher or joe the plumber are unable to even prevent skype updates, because they never even heard of a user hiding under the pseudonym of `trusted` installer.and they cant prevent w10 updates, courtesy m$. and they cant be bothered to try.. there is a morale of this sad story; the masses are better served with an open source operating system. like linux for instance.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    11,166
    10,916
    340
    TPM is a measure to approach what we have already at:

    Video game consoles
    Android smartphones / tablets
    Apple smartphones / tablets

    It's about to have the bootchain (involved partitions) exactly like they want. OR if modified then you get stigmatized for instance (HUAWEI) : Your bootloader is now unlocked and your device can't be trusted. Or the KNOX counter of Samsung devices.....
    System partitions can be DM verity protected. Boot.img (kernel) partitions are signed.

    Preinstallations and the device are more tied together. (It's not about pirating the OS since you buy it as pre-installation)
    The user definitely loses features (or warranty) when not obeying. (For instance some apps refuse to work if safetyNet check from google fails). And the device refuses to boot with an altered syspartition (even a R/W remount triggers the verity bit!)

    The entire concept 'stinks' because anything comes from the OS developer alone. The goal is to keep away 3rd party solutions for own control. And to keep away customization.
    You can say it like that:

    "You are safe when you use our device/OS as we want!"
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  19. Demencial777

    Demencial777 MDL Junior Member

    Dec 30, 2012
    59
    8
    0
    So... this explains why some vendors are pushing BIOS updates, that, funny enough enable something that was disabled since always... it's the TPM!

    Well... too bad for me the newest BIOS that enable this thing causes a lot of problems, so I had to revert to the prior version and disable TPM (because it doesn't work, now I'm assuming it's not present in my system as it should because of this...)

    Blerg... all troubleshooting I did for nothing (And people trying to help me for nothing... that is unfair!). I hope this doesn't affect anything I work on in the future, because a BIOS upgrade for me is a total no, unless I want sudden reboots every 2 days...