Google SafetyNet is basically swiss cheese with lots of bypass solutions for custom ROMs.
A TPM may only attest that it has received an expected set of measurements (hashes). As long as discrete TPMs or PCs with unlocked CPUs exist (w/o Boot Guard), one may simply take a TPM and replay "golden" measurements to it. Bypassing this would be trivially easy.
A TPM does not have control over execution on the CPU. It only receives data from the CPU. If you have control over execution on the CPU from the reset vector, you can just replay whatever you want to a TPM and extract secrets that way. That's why TPM backed disk encryption without configuring a PIN is insecure.
Microsoft does not have the same level of control over the entire PC ecosystem as Google has over Android. That's why it's important to support open source alternatives.
And that’s why Play Integrity is based on hardware attestation and it is no longer a swiss cheese? And Win11 requires specifically TPM 2.0 (usually fTPM) not just any TPM.
You’re also entirely missing the point. Yes, you can bypass TPM based DRM to extract the unencrypted video (or just analog hole it) that’s why the game is to lock down the OS so you just can’t play it.
If all DVD players came with watermark detection instead of copy protection you wouldn’t have bootlegs because now every single client device needs to do the bypass instead of just once to extract unencrypted stream.
How many people have bypassed or hardware modded Playstations or Switches? This is what you’re talking about. Almost everyone will just accept it.
> If all DVD players came with watermark detection instead of copy protection
That is an enormous "if". Do you think Microsoft is going to or is able to enforce this on every single software provider? Even in your Android example that's just not happening, and you can happily sideload apps. You can still develop your own apps on the same Android phone that you use for banking.
> And sorry but how many people have bypassed Playstations or Switches. This is what you’re talking about. Most people will just accept it.
People accept this with consoles because a console is a device exclusively for consuming media, and all developers apply for a devkit. I just don't see that happening in the PC space. You think Microsoft is suddenly going to dump this on third party software developers and force everyone to go through certification and to buy devkits? Without a mass exodus to Linux?
How would you do it if this was the goal? First you introduce TPM to every device under the sun until it’s everywhere, then you just have to flip a switch. You write Patriot Act then stash in the drawer until it’s time...
> you can happily sideload apps.
This is extremely weak argument when the other major platform does not let you do that, right? Sideloading could go away at any moment just like that. That’s my point. There’s nothing technical stopping it.
> People accept this with consoles because a console is a device exclusively for consuming media, and all developers apply for a devkit.
Already Windows has: Smart screen (which requires code signing) and app store. Locking down the OS and Apps is hardly unprecedented. Both Windows and MacOS now have developer modes which is a software devkit equivalent.
> Without a mass exodus to Linux?
That’s why you wait until mass adoption (win11) only then start boiling the frog.
Look, I acknowledge this is slippery slope argument. But the slope is very slippery. Something is clearly going on.
>And Win11 requires specifically TPM 2.0 (usually fTPM) not just any TPM.
There are TPM 2.0 dTPMs. If the conspiracy is that they want to push people towards "hardware attestation", then they're doing a pretty bad job.
>You’re also entirely missing the point. Yes, you can bypass TPM based DRM to extract the unencrypted video (or just analog hole it) that’s why the game is to lock down the OS so you just can’t play it.
There's no need to "lock down the OS" when there's already a locked down OS on the CPU itself (intel SGX), is way more secure (because it doesn't have a bazillion userspace programs and third party drivers loaded), but for whatever reason gets way less flak than TPM.
Intel SGX was never pushed on anyone and it's also Intel only Skylake to Ice lake and requires vendors to provide consistent firmware updates to stay secure. You can’t run the entire OS in SGX enclave because it can’t do I/O on its own.
> There are TPM 2.0 dTPMs. If the conspiracy is that they want to push people towards "hardware attestation", then they're doing a pretty bad job.
No "normies" are doing TPM bypasses. That’s the point. Majority will eventually be on unbypassable TPM.
Considering that's the only way to play most DRM protected 4K videos, it's probably more of a "push" than requiring TPM. It didn't even have the fig leaf of being usable for FDE or webauthn.
>No "normies" are doing TPM bypasses. That’s the point. Majority will eventually be on unbypassable TPM.
If the bar is "normies", then you don't even need TPM. You can just slap denuvo or whatever and call it a day.
You can just not buy blurays, they were never popular on PCs anyway. TPM is being pushed on everyone upgrading to Win11. One is opt in, the other is maybe opt out if you jump through hoops, for now. Very different. Also you can do other things with SGX though admittedly it’s mostly useful on servers, but you would still use SGX indirectly via remote attestation. E.g. it’s what Signal uses for some of its core functionality.
> If the bar is "normies", then you don't even need TPM. You can just slap denuvo or whatever and call it a day.
Again, missing the point. Denuvo, Widevine, whatever, it’s all weak to crack once & enjoy but only if you control the OS. The Great TPM Conspiracy Theory is about limiting what you can do with your mainstream Windows/Linux/Macos installation, in the ways I’ve laid out earlier. Taking the ‘P’ out of PC.
A TPM may only attest that it has received an expected set of measurements (hashes). As long as discrete TPMs or PCs with unlocked CPUs exist (w/o Boot Guard), one may simply take a TPM and replay "golden" measurements to it. Bypassing this would be trivially easy.
A TPM does not have control over execution on the CPU. It only receives data from the CPU. If you have control over execution on the CPU from the reset vector, you can just replay whatever you want to a TPM and extract secrets that way. That's why TPM backed disk encryption without configuring a PIN is insecure.
Microsoft does not have the same level of control over the entire PC ecosystem as Google has over Android. That's why it's important to support open source alternatives.