The GPU, not the TPM, is the root of hardware DRM(mjg59.dreamwidth.org) |
The GPU, not the TPM, is the root of hardware DRM(mjg59.dreamwidth.org) |
But hardware backed DRM can be so much more invasive beyond that. I have no doubts the long term goal of MS is to have a Windows version of Play Integrity.[0] So total control over everything that happens on your device. Just to give an example of what could happen if this becomes reality: https://en.m.wikipedia.org/wiki/Web_Environment_Integrity
This tech extended to browsers could easily mean that sites could refuse to serve you if your machine is running any bigcorp unapproved software. An easy example of that would be adblockers.
Unless we get lucky with secure world compromises like the Tegra X1 bootrom exploit[1] or get real good at passing legistlation that forces companies to give you all the private keys to your own machine, the future for personal computing is looking grim.
I expect mjg59 to know what they're talking about but like you say, I wonder the same thing about the strength of (what you call) Media DRM v Hardware-backed DRM.
GPU vendors have quietly deployed [hardware-based DRM] ... [which] works just fine on [boards] that [don't] have a TPM and will continue to do so.
Work fine? Even if a section of GPU's vRAM is out of the reach of the OS (here, to implement DRM), wouldn't TPM / DICE be needed to establish trust / measure GPU's firmware?Stallman warned everyone. Virtually nobody listened.
Also, companies can just price the additional cost in, blame the government for the price increase, and mislead consumers about the tradeoff being made. A ban is harder to do that about
> sites could refuse to serve you if your machine is running any bigcorp unapproved software
This needs to be classified as discrimination.
In fact I see no relationship between DRM and Play Integrity other than a tenuous connection that both are about controlling what a user cannot do on their device. If this is what you mean, then you have made the same mistake as FSF by conflating unrelated technologies.
Consequently pressure to support more effective DRM will always translate into pressure to restrict what users can do with their devices.
Furthermore, the only defense against this is large open device market share: once closed devices comprise most of the market, DRM proponents can announce they'll stop supporting open devices, creating a downward spiral that further decreases the availability of open devices.
And then we live in a future that's fucked.
They shouldn't have that right any more than a tools manufacturer has the right to prevent you from buying one of their hammers.
The right of first sale is extremely important to a functioning capitalistic society and it's completely absent from the digital world - by design.
In this case it feels like an app developer having the right to punch[0] you in the face just like you have the right to refuse being punched in the face :-P.
[0] (to use a family friendly verb)
The only worthy cause to apply my patience to.
> The only worthy cause to apply my patience to.
This already happened for smartphones.
Concerning your first claim: Did you attempt to get a job at such a company to leak the keys?
Concerning your second claim: Did you already invest lots of personal ressources for this cause?
The cryptographer never implemented it on daily compute devices.
Perhaps this cryptographer would be willing to risk a low communication round release of private keys corresponding to public keys in ROM or burnt in eFuses etc... but only if the public key dump is sufficiently large and encompassing.
From the perspective of the cryptographer we are all whining wankers, and we should just collect all the public keys as a wishlist.
The cryptographer care naught about "liberating" hour long advertisements for the militaries or intelligence agencies etc. The cryptographer does wish sovereign compute to fellow humans, a primordial requisite for effective democracy.
====
While I understand the average programmer would ascribe an incredibly low probability to the above, the absolute absence of such a comprehensive public key dump is not in proportion to the probability considered.
I don't know. They could lock up the hardware stack as much as they want, in the end it's pixels being pushed to arrays. It's extremely hard to prevent these pixels from being intercepted. You'll have pirate groups just going deep in the hardware (opening the monitors and soldering and hacking and whatnots) and eventually tap these.
As for personal usage: I've got hardware from the eigthies still working fine.
Instead of:
movie2025-WEBRip1080p-x265.mp4
people shall download: movie2025-WEBRip1080p-DRMfree-x265.mp4
And people shall just play that on their DRM-free hardware, either brand new or old.For example people can still buy brand new CRT (!) screens today. Not just CRT screens but also brand new CRT PCBs to drive either new or old CRTs. It's 2025 and people can still buy brand new CRTs. That's kinda rad.
And if worse comes to worse, if it's really impossible to go "tap" into the pixels being sent to a DRMed monitor (which I don't buy for a second), there's still the analog hole. Pirates are just going to use old (non DRMed) gear to rip, analog style, DRMed content and then they'll just process the result with some AI models to get it back to near perfection.
Heck, the day's probably not very far where I can use, say, two handcams from the 90s to film a movie at the movie theater and then use an AI model to give back a near pristine movie file (as in: one where it's impossible for the layman to discern from the original).
> This tech extended to browsers could easily mean that sites could refuse to serve you
That's already the case: some content is geo-blocked. People use a VPN or just fire up Frostwire or qbittorrent.
Even a Raspberry Pi 5 goes a long way: when are these going to play the DRM game and make the future look grim, instead of bright?
I don't doubt there are really deeply sick, evil, people out there thinking about how they can ruin of collective future but I also know that they'll encounter people who have systematically owned their sorry arses.
We're concerned about DRM because what it does accomplish. DRM creates a vertically-integrated market wherein every layer of the stack is authoritatively controlled by a colluding oligopoly of vertically integrated hardware+media corporations (Apple, Amazon, Facebook, Comcast, etc.)
The greatest problem with DRM is drivers. NVIDIA hardware only works well in Linux because it's important to NVIDIA's business. Even so, there are longstanding issues that would have been fixed decades ago if kernel devs were allowed to collaborate. Instead, DRM (and copyright in general) demands that the driver dev team be siloed away from the kernel devs. This way, NVIDIA can use the exclusivity of its CUDA implementation as an anticompetitive advantage in its hardware business.
Copyright is, fundamentally, a wall between would-be collaborators. DRM is an implementation of that wall, but instead of isolating people, it isolates software. The wall DRM provides is not used to monopolize the distribution of content: it is used to construct moats in our software ecosystem.
There's a reason I prefer the experience of torrenting a Netflix rip over streaming Netflix on my Roku: the entire hardware+software stack is superior. I can actually sort and navigate my library. I can decode&render with my faster GPU. I can adjust the audio delay. I can adjust subtitle placement & font. I can mix the audio so that dialogue is actually audible. I can do frame interpolation with SVP (again using a better GPU than whatever your "smart" TV has onboard). I can seek forward&backward quickly without changing bitrate. I can let the credits play without being interrupted by an ad. The list goes on...
I don't want a goddamn CRT. I want modern hardware. The more we let corporations abuse us with DRM, the less compatible that hardware will be with real software.
Yes, you can never "plug the analog hole" completely, but you can definitely lock stuff down to the point it's impractical for 95% of people.
For instance, imagine some sort of audio / video fingerprint system that resides in Intel and/or nVidia's GPU drivers. Content gets played through the on-GPU HEVC / h.264 decoders already. Doesn't seem like a huge stretch to add a fingerprint authentication system to that stage.
Have a list of content IDs that are protected, and require a valid license to play.
Yes, your source file is unprotected (video camera in front of monitor), but all of your devices are unable to play it. Yes, your ancient, circa 2024 desktop PC will still play it, but your new 2030 model TV implements this fingerprint system as well so you can't just cast this file to your 100" display in your living room.
This is to say nothing of other forms of content (applications / games / web pages) that actually could require attestation / DRM HW / always-on internet to run.
Now I don’t really follow the Windows world but I thought the goal of the newer TPM stuff was to be able to provide a trusted boot chain the way Apple does. I’m under the impression that some of the earlier versions allowed the TPM module to be a separate piece of hardware from the CPU and thus exposed an hardware attack path where someone could snoop or man in the middle.
If you have a full trusted chain you can certainly use that to ensure that the DRM isn’t being tampered with. But I kind of doubt that’s the main reason behind all of it. There are enough good reasons they may want better security on the hardware outside of that it seems justifiable that they might push it.
I’m not arguing it’s good or bad, I just don’t think it’s 100% about DRM and the rest is a smoke screen.
Your flaw is assuming that Apple's only doing that for your security and has no ulterior motives. But iOS apps are disabled and Netflix reduces to a lower resolution when you disable System Integrity Protection on a Mac (among other things?). The trusted boot chain is clearly a DRM enforcement tool in addition to being a security feature.
https://github.com/cormiertyshawn895/RecordingIndicatorUtili...
I would guess that the actual push for TPM is to have 'better' BitLocker, and Passkey support.
In practice the default BitLocker+TPM configuration isn't that great (no user entropy/pin, dTPM is basically worthless).
I have no actual understanding for how TPM is involved for Windows Hello/WebAuthn/Passkey or whatever, but at a glance it would seem Biometrics without a TEE seems like a very weak link.
If that helps with bitlocker or passkeys or whatever that’s great. But I assume at its base it’s a pure integrity play.
I would think that would also let you know the public key stuff used to communicate with hardware authentication like a fingerprint reader is secure too, but I don’t know how that stuff works well enough to know if that’s true.
Whether it’s in the GPU, CPU, TPM, or any other part of computing property you ostensibly own, is an utterly irrelevant distraction, the root is the unholy alliance of government and capital power.
And Labor too, don't forget!
https://www.backstage.com/magazine/article/sag-aftra-back-an...
I expect next generation workarounds will involve virtual GPUs.
The remote server is handshaking cryptographically with the GPU itself, which identifies itself using certificates and keys tied at the factory. You can't emulate such a GPU unless you find a way to steal the keys.
[*] Jellyfin & and the -arr daemons are far more usable and stable then wading through the various streaming services interfaces, so I'll download episodes even though I do actually pay for the streaming services.
TPMs are really just embedded Yubikeys. Unless your UEFI/BIOS "conspire" to supply them with boot measurements, and your OS in turn conspires with that to carry these measurements forward and provide them at the application layer, TPMs can't harm your freedom.
TPMs are a much more "freedom neutral" technology than people generally assume in these discussions.
This sounds 100% on-brand for the FSF. The FSF's primary public-facing persona has peculiar computing habits so far removed from the mainstream that it's likely he has absolutely no clue how the real world works.
In fact by his own statement he has to rely on volunteers to update his website.
It's disappointing to me because the FSF could be so much more influential today, but the cult of personality around RMS has really destroyed their public credibility among "normies", the most important demographic to convince.
When the FSF finally realizes that a political organization such as theirs needs a public face with charisma and social skills, it will be too late.
I feel like untangling the attestation capability (which I do believe has non-user-hostile/non-zero-sum uses!) from the secure key storage one might ultimately help their adoption.
1. Companies offer service that people don't want to pay for, and blame piracy.
2. Someone realizes that they can eliminate piracy and make lots of money by offering good service.
3. Piracy slowly dies, because people prefer €5 monthly subscription over torrent.
4. Other companies catch up. The market gets fragmented. By the nature of the market, it becomes impossible for one company to offer clearly good service.
5. Piracy gets fashionable again because it's more accessible than having twenty €50 subscriptions, half of them with ads.
6. Companies offer service that people don't want to pay for, and blame piracy.
IMHO the author does overrestrictively interpret the FSS statement to discredit them.
TEE is effectively an execution environment below ring 0, together with some hardware isolation as you mention. But by itself, solutions based on it can't hold any trusted key material, so can't be used in attestation contexts.
TPMs and other types of secure enclaves or secure elements include secure storage and can come pre-loaded with external root of trust keys, which allows attestation (and by extension trusted computing use cases), but also completely local useful things like enforcing a PIN retry limit on usage of a hardware-stored SSH key.
But since TPMs are by design self-contained and don't have any input or output capabilities, mediating user access via a TEE and some minimal OS providing a user confirmation UI can be very powerful (for example so that malware can't lock you out of your own SSH keys by just entering the PIN incorrectly repeatedly).
The purpose of a TPM, in this case, is not to provide encryption, but instead to provide so-called ‘authenticity’. A TPM with its attestation capabilities can allow a remote validator to attest the operating system and system software you are running via the PCRs which are configured based on it, with Secure Boot preventing tampering. [1] Google tried to implement APIs to plug this into the Chrome browser, which was later abandoned after backlash. [2]
In this case, the TPM can allow services like Netflix or Hulu to validate the hardware and software you are currently running, which provides the base for a hardware DRM implementation as stated in the article. Don’t be surprised if your non-standard OS isn’t allowed to play back content due to its remote validation failing if this is implemented.
TPMs also have a unique, cryptographically verifiable identifier that is burnt into the chip and can be read from software. This allows for essentially a unique ID for each computer that is not able to be forged, as it is signed by the TPM manufacturer (in most cases Intel/AMD as TPMs on consumer hardware are usually emulated on the CPUs TEE). If you were around for the Pentium III serial controversy, this is a very similar issue. It's already used as the primary method of banning users on certain online video games, but I wouldn’t be surprised to see it expand to services requiring it to prove you aren’t a “bot” or similar if it gets wider adoption.
There is a great article going more into detail about the implications of TPM to privacy from several years ago, which was the basis for this reply. [3]
[1]: https://github.com/MicrosoftDocs/azure-docs/blob/main/articl...
[2]: https://github.com/explainers-by-googlers/Web-Environment-In...
Citation or technical details needed.
Obviously it "makes sense" that for 4K HD content you "probably" want to offload the decoding into the GPU, but this is the first time I see this mentioned and there are no links to technical details.
In contrast, TEE / TrustZone and even the recent AVF with pVM - these are well documented technologies.
Basically, rightsholders should be be able to choose enforceable legal protection or unbreakable technological protection, but not both. Copyright was supposed to be a two-way street, but DRM permanently barricades one lane.
No. The latter would effectively mean rightsholders make their own laws, rather than follow the law.
DRM should simply be abolished, as it interferes with the premise of copyright: To grow the public domain.
It should also drive home the idea that DRM will be broken anyway and they'll be just left with nothing, so let them stick to copyright itself without all that DRM garbage.
As to the first point... the TPM can't communicate with the GPU, but maybe the GPU could communicate with the TPM. The way that would happen is that the GPU would talk to the TPM directly, using `TPM2_StartAuthSession()` to start an encrypted session with the TPM then it would use `TPM2_ActivateCredential()` or `TPM2_Import()`/`TPM2_Load()`/`TPM2_RSA_Decrypt()` to decrypt a symmetric session key that the GPU would then use to decrypt the stream. I.e., the GPU would do the bulk crypto, but the TPM would do the key transport / key exchange.
That also addresses the second point: the TPM being slow is not a big deal because you'd only need it to do something slow once when starting the video playback.
Of course, the GPU could just include TPM-like features to get the same effect, which really proves the point which is that:
> The FSF's focus on TPMs here is not only technically wrong, it's indicative of a failure to understand what's actually happening in the industry. While the FSF has been focusing on TPMs, GPU vendors have quietly deployed all of this technology without the FSF complaining at all. Microsoft has enthusiastically participated in making hardware DRM on Windows possible, and user freedoms have suffered as a result, but Playready hardware-based DRM works just fine on hardware that doesn't have a TPM and will continue to do so.
Pretty much. All the DRM functionality can be in the GPU, and there might not even be a standard API like TPM 2.0 that anyone could use, so the result is even worse than if the GPUs used TPMs to implement DRM.
Though, if one were implementing DRM in the GPU or in the display monitor (why not) then the TPM 2.0 MakeCredential/ActivateCredential protocol is a very good fit, so one might as well use that, and even embed a TPM in the GPU and/or the monitor. If you do the bulk decryption in the monitor then the user doesn't even get to screenscrape (eavesdrop on) the connection between the GPU and the monitor. One could even implement just a small portion of TPM 2.0 -- everything needed to establish an encrypted session (`TPM2_CreatePrimary()` and `TPM2_StartAuthSession()`, but also `TPM2_FlushContext()`) and `TPM2_ActivateCredential()`, and maybe a bit more if attestation is required (`TPM2_Quote()` and `TPM2_CreateLoaded()`). What would one attest? I think one would use a platform certificate and its key as the signing key for a TPM2_Quote()-based attestation. The point would be to prove that the device is a legitimate GPU or monitor made by an approved vendor.
If you dislike DRM then TPMs are not the enemy. Particularly the TPM on any server or laptop is not the enemy. TPMs in GPUs or monitors might be, but Windows 11 requiring a TPM on the box has nothing to do with that, and again, the GPU/monitor could implement the ActivateCredential protocol internally w/o a TPM anyways.
It is quite obvious: to force people to buy a new PC. TPM provides no added security value for the vast majority of users[1] but it is a convenient hardware that has only started to become standard (fTPM) in PCs built in the last ~8 years so it provides an excuse for Microsoft to declare computers older than that (which can run Windows 10) obsolete using "security" as an easy scapegoat.
[1]: https://gist.github.com/osy/45e612345376a65c56d0678834535166
Movie studios wanted a way of securing the content between the time the AACS was decrypted and the HDCP encryption took over. Once the AACS was decrypted the encoded movie was sitting in main memory and could be intercepted by any other application.. The solution was to re-encrypt the data once it was pulled off the disc (I'm not kidding).. encryption would be done by the application.. The graphics driver would be able to pass along the encrypted data to the GPU, which would then decrypt and decode it in hardware and then the entire framebuffer would be HDCP encrypted by the GPU before sending it out over DVI/HDMI.> Lest one get the impression that hardware DRM fairs any better than software: Even 4K/HDR versions of streaming media start making the rounds on pirate sites within a day or two of release.
> As usual DRM fails to prevent piracy while hurting the experience of paying customers.
Most viewers are not computer-savvy, even if they spend every day in an office facing a computer screen. If 90% of audience would know or bother to go no farther than the legal distribution channels, and won't be able to plainly download the high-res media in one click, the DRM has worked.
It suffices to make pirating inconvenient enough for the uninitiated, and let the advanced and determined minority pirate away, of course always threatened and stigmatized, to keep the operations low-key. A small amount of pirates, imho, only improves the profits, because they brag about having just seen the new hot thing in all its glory, and thus induce FOMO in their audience.
Of course the legally-buying, technology-naive audience is inconvenienced. But they know no better, and the whole point of control is, well, making people submit to what they rather won't, isn't it?
DRM is really about control. It's a technical trick that thanks to DMCA anti-reverse engineering clauses becomes a legal trick to dictate exactly who and how can play the content, much tighter than what copyright and consumer laws allow by default.
For example, without DRM you couldn't effectively sell separate licenses for computer screens and TVs, because users could just connect their computer to a TV.
DRM allows negotiating everything about distribution, up to who pays who for having a button on the TV remote.
Those who control the DRM have a veto power over everything, and have it viciously enforced internationally thanks to it being tied to copyright.
None of the hurdles stop 100% of people. But every hurdle causes some people to stop bothering.
For example, it's impossible to watch 4k content on popular streaming services if you use Linux, and even with macOS/Windows you need a specific combination of hardware + OS + browser, if a service even offers it.
I suppose some monitors and TVs have "features" to cryptographically handshake with the GPU and ensure a secure link, but at some point the data must be decrypted and decoded to be displayed. This doesn't seem like much more than a speed bump for a motivated individual.
It's a cat and mouse game, but I wouldn't discount these efforts as a mere speed bump. Screen enforced DRM will make things much harder. A motivated individual with the right tools and hardware hacking know how may be able to jailbreak a screen to record stuff, but that's going to make things out of reach for most people.
Of course you can try to play them with hardware that doesn't follow the rules. But there's a finite number of vendors, so that isn't necessarily easy.
The only beneficiaries of DRM seem to be hardware vendors, and even for them it's unclear if it's a net benefit, since it makes everything more expensive.
One example -- it has made creating pirated videos almost inaccessible to most people. In the past, if all other methods fail, you can always just record your screen with a common recording application. That's not possible with GPU enabled DRM, which is enough to stop a casual consumer to share a movie to their friends (even at a less ideal quality).
> have never had an issue finding what I want at the quality I want within an hour of a episode/movie being released to streaming.
That's because you are consuming mainstream/popular media. You often won't find recordings of a lot of performance art (ballet, concerts etc)* and I-am-not-going-to-name-it-content because there is a lot less demand.
* an interesting exception is that a lot of content released via Blu-ray gets decrypted, ripped and torrented.
Control publishing rights, platforms, software and hardware that is used for the consumption of said media.
The publishers control the DRM, which then needs to be licensed by television makers, software writers, and such things. Then that gives them control over how is it presented, how it is sold, how it is consumed and it forces everybody to agree to their terms.
It is a power thing. They want to have power over other businesses. DRM laws help them do that.
> How are these DRM schemes actually being defeated?
Well I don't follow DRM piracy stuff, but at a high level the people that want to consume the media must be able to decrypt it to enjoy it. So if you buy one of these DRM devices and figure out how they work then you can decrypt anything that is compatible with them.
And you only need to decrypt it once since digital media can be copied a infinite amount of times.
This is the argument for repealing them, which is why you rarely see them making it out loud.
Instead they come up with some rubbish about making it marginally more difficult (spoiler: it's still easier to pirate stuff than use legal services and the only thing actually preventing everyone from doing it is that some people want to follow the law). So it's good to knock those fake arguments down when you see them and leave no excuse to keep the bad laws that ought to be repealed.
Accepting their actual motivation like it's a legitimate reason to keep those laws is like saying the reason we should keep doing the stuff Snowden revealed is so the intelligence agencies can spy on the elected officials regulating the intelligence agencies.
If I understand incorrectly?
(Jokes aside, though, I haven't been able to figure out what IIUI stands for.)
1. Disable video hardware acceleration in browser (preferably FF)
2. Open OBS studio
3. Record screen while streaming service of your choice is running.
Still works in modern OSs like Windows 10.
You're technically not circumventing the DRM decryption routines when you do this since the pixels displayed on screen have already been decrypted (just like recording cable to VCR post-decryption), so the legality of it is towards the lighter grey end compared to ripping DVDs. IANAL though.
Not to say the stronger tiers never get broken but it's a lot more involved than just recording them with OBS.
And up through Dec 2023, FF and Chrome on Windows were limited to 720p. That's right, it wasn't until 2024 that Netflix on Chrome on Windows supported 1080p... That's what, 15 years after 1080p monitors became common?
https://web.archive.org/web/20231229030336/https://help.netf...
Now that streaming is commonplace it seems less necessary, but it was an essential stepping stone and an ongoing defense against piracy
Pirated content represents a relatively small and motivated community. There'll always be something like it, so the question for rightsholders is how to manage the size and visibility of that community.
People will pay you to move dirt from one side of a lot to the other side.
My guess is that when content platforms negotiate with IP holders, there is some need to show that some DRM is in place.
Stripping the more advanced forms of DRM usually relies on compromised device keys which can and will be revoked if it becomes known that they've leaked, so the details are deliberately kept very quiet. If you've ever experienced a device suddenly losing the ability to play 4K Netflix, it may have been because its keys were revoked.
Copyright defines art as a good (instead of a service), and demands everyone play along. An artist can use their copyright to monopolize both the distribution and the derivation of their work. Effectively, this places a wall between any would-be collaborators, because collaboration is derivative. In a world without copyright, you could collaborate with the work of Disney by making derivative work. With copyright, however, Disney can demand you stop that work by monopolizing its copy. By abusing this demand, Disney can entrench itself as the only Mickey-Mouse compatible corporation.
In the software world, collaboration of work requires source code redistribution. Because of this, the social incompatibility that copyright is founded upon translates into literal software incompatibility; including proprietary software platforms and libraries. For example, Microsoft Office has entrenched itself as the "industry standard" for rich text and spreadsheets by leveraging the incompatibility of its data formats. While collaboration isn't impossible, Microsoft is granted a legally-enforced anticompetitive advantage from its copyright monopoly.
NVIDIA uses the copyright monopoly of its CUDA implementation to sell more hardware. It is able to do this because the hardware and software engineers are both part of the same vertically-integrated corporation. Because of copyright, AMD's software engineers are not allowed to collaborate with the CUDA developers, and AMD drivers cannot be made CUDA compatible.
This is where the story gets to DRM: Apple, Amazon, Facebook, Google, and others are all vertically integrated hardware-media-advertising corporations. Each of them wants to abuse their respective copyright monopolies (their media businesses) to sell hardware, just like NVIDIA does with CUDA. To accomplish this, they told us the exact reverse story: Digital Rights Management.
The story of Digital Rights Management says that hardware needs to be incompatible in order to enforce the copyright monopoly. See what they did there? Now any anticompetitive advantage that we get in our hardware and advertising businesses was all just from us doing whatever it takes to support those poor starving artists!
I can hear you asking yourself, "But where is the hardware incompatibility?". That's the extra sneaky bit on top. Unlike having a clear winner and a loser like NVIDIA and AMD, hardware-media-advertising corporations are all winners. Each one of them benefits from the other using DRM. All of their moats intersect into one giant ~~swamp~~, I mean lakefront development.
Here's an example to chew on: App Stores. Both Google and Apple have their own separate incompatible app stores. Sure, it's a loss to Google when a popular app only works on iOS, but that's a two way street. The important part is that they have a moat at all: when the little guys try to make a competitive alternative, they drown. There is plenty of room for two players at this game, and the intersection of moats guarantees there will never be a third. Even when Apple's moat starts to flood Android Island, what's left standing will be worth more than a drained swamp.
I don't think the version of HDCP attached to HDMI 2.1 has been broken yet but that's kind of a moot point because no current video formats require more than HDMI 2.0.
What a complete and total waste of effort.
are GPU's currently shipping preprogrammed with keys used in DRM?
GPU's have had unique hardware private keys and secure memory for a decade.
It seems like you'd need some central SSL like certificate authority to verify and revoke credentials that were universally implemented in the same way by all GPU manufacturers.... surely there is no such thing?
If the FSF sticks to their current mission of preaching to the choir, they'll remain about as relevant as they are today, which isn't a lot.
The statement criticized by the OP certainly seems warranted, but it's less endemic of the FSF removing itself from the mainstream and more like the mainstream has abandoned free software.
> The FSF's primary public-facing persona has peculiar computing habits
You know, the FSF would probably argue that our computing habits are the peculiar one. And unless you can tell me about the code your iPhone runs in detail, they're probably (albeit begrudgingly) correct.
>more like the mainstream has abandoned free software.
Indeed, because free software development is largely driven by ideological purity rather than feature parity. Mainstream users see Free Software people as irrelevant kooks, and thus easy to dismiss, which is why Free Software has so utterly failed as a movement.
>You know, the FSF would probably argue that our computing habits are the peculiar one.
I'm sure flat-earthers feel that my belief that earth is an oblate spheroid is peculiar, too. Of what relevance is that to anyone?
>And unless you can tell me about the code your iPhone runs in detail, they're probably (albeit begrudgingly) correct.
We'll have to agree to disagree. The emacs developers don't even understand how large chunks of emacs work (per emacs-devel), for example. There's too much software out there for one person to keep in their head. This is not a reasonable heuristic.
Modern TPM support in Linux and systemD now permits automatic disk unlock for LUKS encrypted volumes using a key stored in the TPM - some ~15 years after Windows could do it.
I wonder what the TPM support is like in the HURD - ha!
The only complaint I have about the TPM is there is no standardisation in connectors, pinout, or bus type when it's not soldered onto the board. I have three motherboards with plug-in TPMs and each required a different, unique part that was difficult to source.
Yeah, Debian/Ubuntu, Fedora, etc didn't have this, but as the saying goes: you get what you pay for. Although enough of the Gentoo users (the real Gentoo users) have such a thing had it around that time too, if they wanted it (and they tend to put together what they want).
Some essential context: if you think the "Linux community" is elitist, wait until you see the niche commercial (and higher) players. I'm probably an example of such, to be fair.
This should be prohibited by commercial law.
Hell the only reason why I turn on my computer these days is for videogames. I wonder if the decline of the desktop has someone worried at Microsoft.
Then again, they have been so busy with Azure and XBox profits, that Windows development has turned into a mess, of GUI teams fighting for resources, while the apps division couldn't care less, now filled with people that grown up using UNIX instead of Windows, and see Web UIs everywhere.
Hence why Windows might be my main desktop, yet I eventually returned into Web/distributed computing world, disappointed with how UWP/WinRT development turned out.
I mean, open source advocacy already includes both business-friendly convenience-focused pragmatists and social-friendly, principled advocates of digital freedom who were essentially turned off by RMS's personality and/or approach.
Taken together, their work seems like it sets a reasonable ceiling on what FSF-- or any freedom-based organization-- could achieve.
If I'm wrong I'd like to know what exactly the FSF could have achieved in your opinion that's above that ceiling, as well as the tactics they'd have use to get there.
Not really; AMD have PSP (which, okay, isn’t x86, but it’s on the die) and Intel, as you mention in your post, had SGX and have ME. Google use PSP TrustZone to run Widevine on Chromebooks, for example. PowerDVD used SGX to decrypt BluRay, which led to BluRay 4K content keys being extracted via the sgx.fail exploit.
You’re right though that PlayReady is usually GPU based on x86; on AMD GPUs PlayReady runs in GPU PSP TrustZone. On Intel iGPUs I think it runs in ME.
The lower-trust (1080p only) software version of PlayReady uses WarBird (Microsoft’s obfuscating compiler) but this is of course fundamentally weak and definitely bypassed.
Anyway, none of this takes away from your post, which I agree with. The FSF (and many HN commenters) have been whining about TPM in unfounded ways since the 2000s.
Is Intel ME TEE-enough for DRM?
There was a lot of talk about protected media path in Vista, how it linked with HDCP, how it killed hardware accelerated audio (including causing considerable death blow to promises made by OpenAL), etc.
This is also the way of the future for graphics, do way with any kind of hardware pipelines, and go back to software rendering, but having it accelerated on the GPU, as general purpose accelerator device.
With a unified memory architecture, is the shared GPU memory inaccessible to the CPU?
Even Intel abandoned it when designing SGX. SGX doesn't involve a TPM at any point.
So for a GPU vendor there's no reason to introduce the additional complexity of handshaking with a TPM. Blowing a private key into some eFuses at the factory is relatively easy, add a RAM encryption engine on top and you're already providing better security than what a TPM provides.
Option 1: as I said, the GPU could have its own, and yes in that case the EK cert would be known to the GPU (or it could have a platform-like cert issued by the GPU OEM).
Option 2: the platform vendor can teach the GPU the EK cert (or the public key for some primary key anyways).
Option 3: the GPU could learn it on first use.
> charitably let's say that's a signed blob that the driver pushes in at startup
That's what TPM vendors do as to the EK cert. Surely if they can do that then so can GPU and platform vendors. Indeed, some platform vendors ship with platform certs.
> but that's still going to be a terrible user experience because you won't get media playback if your machine has a TPM that's too new or .
What do you mean "too new"? Like, you replaced your TPM? That's a thing on servers, but not laptops.
As to "from too niche a vendor", as long as the platform vendor teaches the GPU what the EK cert is, or makes a platform-like cert that the GPU can use to authenticate the TPM, then it's good enough.
Anyways I suspect that MSFT and others don't mind an incrementalist approach. You have a system that can do it their way? Great, it will. You have a system that cannot do it their way? Fine, they'll do weak software DRM for now. There's probably no other way to to get to their dream DRM everywhere state.
Yes it does. The vast majority of users aren't going to have their laptop stolen by the CIA/NSA and have their DIMMs popped and cryofreezed.
The vast majority of users aren't going to have the case opened and a special-purpose PCIe device installed to steal keys over DMA.
The vast majority of users aren't going to have a dTPM vulnerable to SPI sniffing as modern and not-so-modern processors have fTPM.
This is to provide some baseline level of protection of the user's data against theft and loss.
Are there attacks against TPM? Yep. In as much as there are attacks against SMS 2FA, but for the vast majority of people, SMS 2FA is an acceptable level of security.
If you're a CEO, well sure, you're going to want to do something better (TPM + PIN). I acknowledge that Windows 11 Home users don't have this specific option.
Everyone needs to level set on the type of attacks that are practical vs. involved and who the targets of those attacks are.
FDE (w/ TPM) is part of defense-in-depth. Even if imperfect, it's another layer of protection.
That's kind of the point. The vast majority of users aren't going to have their laptop stolen at all, if they do it will 99% of the time be by someone who only wants to wipe it and fence it, and attempts to access data are most likely to be by unsophisticated family members who would be defeated by a simple password without any TPM.
Meanwhile there have been plenty of TPM vulnerabilities that don't require anything so esoteric and can often be attacked purely from software, so if a normal user was facing even so much as someone willing to watch some security conference talks, they're going to lose regardless. If the TPM doesn't make them more vulnerable to that, because it contains the secrets and is susceptible to attack, vs. FDE with a boot key stored in some cloud service secured with the user's password instead of a TPM, which can then rate limit attempts without being susceptible to physical access attacks and be revoked if the device is stolen.
Moreover, the more common threat to normal users is data loss, in which case you only want your laptop to be secure against your unsophisticated nephew and not the tech you want to recover your data after you forget your password.
> In as much as there are attacks against SMS 2FA, but for the vast majority of people, SMS 2FA is an acceptable level of security.
The current recommendation seems to be against SMS 2FA because the security of SMS really is that bad, so if you need 2FA, use an authenticator app or similar.
> FDE (w/ TPM) is part of defense-in-depth.
Any snake oil can be painted as defense-in-depth.
If you happen to have a Pro variant of Ryzen (there may be some Intel variants as well) then you can enable RAM encryption. The RAM will be encrypted with an ephemeral AES key on boot.
It just means that when something goes wrong, such as a forgotten password or a botched update, their data that would have otherwise been recoverable is now lost forever.
I'm not sure I know anyone who's had a computer stolen, but I know lots of people who have lost data.
Edit: I do know one person who had a computer stolen. It was a work laptop while they were in SF, and I'll concede that FDE probably does make more sense on a work-related computer. I was only arguing that it's more of a hindrance on personal devices that mostly stay in the owners home.
Because TPM sniffers are now at a material cost of about $15 and can be acquired for a price at under $200, more than a TPM is needed for data encryption, especially for users like a CEO. This is why a firm I used to work for encrypted the key that could unlock user data with both TPM plus Yubikey.
The passkey protocol (i.e. webauthn) has an "attestation object" field which organizations like Microsoft can use to pass extra details about the authenticated users to the authenticating service. Which details will likely depend on that service's relationship with Microsoft. Unlike most channels between these parties, it's expected to be secured via TPM thereby excluding others (e.g. the user, or any pesky researchers) from the conversation.
It's pretty obvious from the recent design choices re: Windows that Microsoft is keen on monetizing user data--and who, in that business, wouldn't like a way to do it exclusively? i.e. to control a channel which neither the user nor your competitors can tamper with.
So they'd be incentivized to make you buy new hardware because new hardware allows them to bind your advertiser id to actual identity much more closely than is possible without that hardware (e.g. via cookies and IP addresses). The sale of details about your actual identity to organizations who only know you by your advertiser id is big business. The TPM helps them protect that business against competitors who don't have such low-level control over your device (Google, Meta, etc).
It's in their best interests to have everyone using the "latest and greatest" for those features that weren't present (at least to the same extent) in prior versions.
Anyways Microsoft was clearly very irritated when everyone wanted to stick with Windows 7, perceiving that Windows 8 was worse in every way, and that Windows 10 wasn't a significant enough upgrade to justify the effort especially considering all the added telemetry they added to the product.
It's very reasonable, given this, that they would seek to force the upgrade cycle to occur where it clearly otherwise might not.
They're also buying new hardware which benefits the PC maker. It's a mutually beneficial relationship that forces the user to both buy the software again, and buy new hardware. (You do pay for Windows when you buy a PC, it's a cost the manufacturer absorbs. You can often receive a discount when you order a new PC by not including Windows with it.)
- Hardware guys make cool new hardware that incentivizes PC sales.
- Windows guys add driver and OS support in a timely manner so apps can utilize it easily.
And sometimes the other way around:
- Windows guys add some cool new feature that incentivizes PC sales.
- Hardware guys drive down component costs to compensate for the OS getting bigger and slower.
The problem for the PC industry is that in the last ~15 years or so this virtuous circle has broken down. Outside of Apple the hardware guys stopped coming up with cool new features that would shift units outside of gaming GPU upgrades, and gaming has anyway been dominated by consoles for a long time exactly because they have hardware DRM that works so game developers prefer it (also gamers when they want multiplayer without wallhackers). Intel struggled and AMD didn't really pick up the slack in any major way. Even Apple has struggled here - other than their proprietary CPU designs and rolling back some Ive-isms by adding more ports again, a modern MacBook isn't substantially different than the models they were selling years ago.
So that leaves the software guys to drive sales. Unfortunately for the PC OEMs Microsoft has well and truly run out of steam here. Their best people all left the Windows team years ago, and Windows isn't even a top level division anymore, being weirdly split between the Office and Azure teams.
A big part of the stagnation is driven by the web. Nobody writes Windows apps anymore except games, so there's no progress to be had by adding new Windows APIs outside of DirectX. Meanwhile the web guys are shooting the PC industry in the face with a policy of never adding features unless it's supported on every piece of hardware from every vendor, more or less, which makes competitive differentiation impossible, so nobody even tries anymore. There is no web equivalent of a driver since the Netscape plugin API was killed. They also move incredibly slowly due to the desire to sandbox everything. In the 90s the success of Windows was driven by some wizard-level hackers but as PC hardware matured clever tricks stopped being an important differentiator, and monopoly profits made them fat and lazy. It's clear that Nadella has zero confidence in the Windows org(s) ability to execute, hence why in the post-Ballmer years the rest of Microsoft has systematically divorced itself from them.
So - no hardware innovation thanks to the web, no major CPU upgrades thanks to Intel/AMD, no software innovation thanks to Microsoft. The PC industry is stagnant and desperate. What have they got left? Well, they have TPMs (really, TPM v2 because TPM v1 was kinda botched). And Windows doesn't really need it, but if Microsoft ties Windows upgrades to TPMv2 they can use the treadmill of security/support expiring on Win10 to drive one last round of hardware replacements that can give the industry an injection of revenue that can then maybe be spent on finding new hardware features to drive upgrades, seeing as Microsoft can no longer do it.
There's nothing illegal in any of this - nobody is price setting and it's not much different to prior eras when new Windows versions required more RAM.
https://learn.microsoft.com/en-us/windows/security/hardware-...
That's my understanding at least.
https://learn.microsoft.com/en-us/windows/security/hardware-...
What makes it a TPM is the protocol it answers to. The TPM has a hardware RNG, and you can just ask it for some random numbers. That’s very simple. You can have it create encryption keys for you, since those are primarily just random numbers. You can ask it to _store_ a key for you, to be released to anyone who asks for it provided the TPM is in a certain state. What is this state? This is the really interesting part of the TPM.
The TPM has a number of registers that start off empty when the computer boots. At any point any program running on the computer can send a message to the TPM that asks it to incorporate an input into one of these registers. The input is a number, and the new value of the register is basically just the hash of the current value of the register and the new input.
If the BIOS/UEFI computes a hash of its own code plus the bootloader’s code and measures that into a register on the TPM then the bootloader could check the TPM to make sure that it hasn’t been tampered with before it boots. It’s easier though if the bootloader hashes the kernel (and the kernel command line) that it’s going to run and measures that into the same register. The kernel can then hash the initial ram disk and measure that in. At each step of the process we can measure the next important part of the OS and incorporate its value into the same register and at the very end we will have a number. If that number is the same every time we boot up the computer then we know that the computer and the software have not been tampered with. We can even send that number off over the network as part of a Remote Attestation protocol. You might have all the laptops you supply to your employees do this so that you can know that they haven’t been tampered with. Or all of your cloud instances could do this for the same reason. (Of course the exact number that the TPM ends up storing changes after every OS upgrade, and you need to have some way of knowing what numbers to expect, so this is a fair amount of work.) Remote Attestation is not really of any use to the average consumer, but reliably detecting a hacked OS would be.
Going back to encryption keys, you could store the encryption key for your home directory in the TPM, locked to a specific value of a specific register. You would then not be able to unlock your home directory if the computer has been tampered with. An attacker who boots off of a USB drive can’t possibly arrange for the same value to end up in the TPM, even assuming that they know what value is required. It will do them no good to take the encrypted disk out of the computer and put it in another one, because the key doesn’t go with it. Rubber hose cryptography isn’t useful either, even if there is also a password for your account. This should be quite valuable to many, if perhaps not all, users.
Because Microsoft have the Secure Boot code signing keys. And none of their users expect a "free software philosophy" that lets them use their own modified kernel, or DKMS to build new copies of kernel modules on demand - so you don't have to make users jump through any "machine owner key" hoops.
And a lot of your customers are big corporations who barely trust their own employees - and inexperienced users for whom forgotten passwords and suchlike are a big problem.
With the TPM, that corporation's shared PC at the reception desk can have an encrypted disk without all the receptionists needing to know the password, only their own passwords.
With the TPM you can remotely force a reboot to install updates, and the computer will fully boot afterwards - not get stuck at a disk encryption prompt. Ideal if your corporate work-from-home policy is for employees to remote desktop on a PC under their desk.
With the TPM, the PC can boot, unlock the disk and join wifi before any passwords have been entered - so a corporation's employees only need to remember their windows password, and if they forget it, helpdesk can reset it remotely. It's great for the user too, who doesn't lose their non-backed-up data.
With the TPM you can have a short, weak passcode to unlock your PC, without worrying about brute force attacks. That's great if you want a cell-phone-style experience - or if you find long passwords an inconvenience, rather than a badge of honour.
With the TPM a corporation can give a laptop to a service engineer, who'd really like to install some games to play when he's stuck in a hotel over night for a service call, and who has unsupervised physical access - secure in the knowledge it's very difficult for them to install unapproved software.
For a corporation that wants hardware-bound keys, the TPM is superior to things like Yubikeys, precisely because of its inflexibility. Why give people a second factor that keeps working when they move PCs and that's compatible with different platforms, if you never want them to move PCs or change platforms without going through you?
It just so happens that the majority of these only benefit large corporations and forgetful users, while most Linux users are quite happy remembering long unique disk encryption passwords thanks very much.
Which brings something up: how do you get back in if you suffer a traumatic brain injury or something like that? I feel like a lot of software assumes the operator can do things like remember unique passwords for a long time.
Sure, I can do that NOW, but will I still be able to in my seventies?
TPM also offers PIN or Password options. It is flexible.
That said, the root of all DRM is not the TPM or the GPU or whatever... it is hollywood.
Devices with dTPM were released in 2006. BitLocker leveraging dTPM released with Windows Vista. Corporations have been using BitLocker w/ TPM for nearly two decades at this point.
Apple has shown that the game console model can work for non-gaming software, and Microsoft wants in on that third-party app cheddar.
Suddenly, enforcing company security policies centrally without the client (laptop) being able to change then and still attest to connect to the corporate VPN, becomes a feature.
After all, it's not your computer, it's the company's.
I think inTune already uses the TPM for that kind of stuff, so "install this before we let you into outlook web, and also we'll check you're not a year behind with windows updates" is a thing.
Additionally, there are cheats using video capture cards, which cannot practically be prevented.
https://support-leagueoflegends.riotgames.com/hc/en-us/artic...
(e.g. display lists)
already some hacks doing this
To the average user, "Windows installs without error and hardware appears to work" = "Microsoft supports running Windows on this hardware", even if the hardware is EOL and requires drivers that haven't been updated since Windows Vista.
You can only guess, and badly at that.
Because we don't have it, that's why we get crap like kernel-level anti-cheat, various 'security' solutions made by companies of dubious reputation and technical ability, just because you refused to trust Microsoft.
And even if these companies are somehow not malicious, and can be trusted, they still often compromise the stability and security of the OS.
The amount of crap Riot's anti-cheat and Crowdstrike has caused is well documented.
It's the computer security equivalent of not trusting Big Pharma, and taking a random assortment of herbal medicine coming from god knows where, and containing god knows what.
See, I can make insulting comparisons too...
If there was no DRM, ordinary viewers would still choose Netflix over torrents, and perhaps some more tech-savvy users would choose it as well (since many do want to support film makers, but are opposed to DRM). It would still be as hard to create a “pirate Netflix” as it is now, because of legal threats and because it’s tricky to monetize it.
DRM literally serves no purpose outside of some corporate politics bullshit.
One of which is to prevent mainstream media player manufacturers from making a hardware or software player which can skip region coding/studio tags/anti-piracy tags/trailers/random adverts. Or even from having a generic "skip 30s" feature.
You want to legitimately be able to play our stuff so you can sell millions of units of your player to unsophisticated consumers? Agree to these terms, and this fee schedule, or you don't get a key to play them. Fuck us over, and we'll revoke your key. Lol.
But I agree, DRM should just be illegal in the first place.
TBH I can see now how the conglomerates created by buying smaller studios by big fish start owning everything. They've divided the market by themselves, and now they are rising their prices. Meanwhile I cannot make a screenshot of my favourite cartoon to create a meme, because of "copy protection". But I have right to do it you now? It's written in law in my country (Poland) that I can have small pieces recorded down, screenshotted etc, as long as I am doing some creative work on it, or just keep it to myself. THIS IS THE LAW HERE. And it's being ignored.
1. cheaper price for gamers only for games
2. maximum price for crypto/AI bros
I am admitting that yes closed beats open at money extraction/harvesting from customers, which is why you only ever see closed hardware. The whole idea is to kneecap business models which depend on handcuffing owners with digital locks. This is economic lawfare, I am not hiding that. We The People are not animals on a farm to harvest dollars from occasionally, as if they were milk and methane.
Also, let's say I'm gonna undercut someone on price for electronic devices. Unless I'm starting from a place of great personal wealth and don't take any capital at all, this needs investment, which means that an obvious solution to any scenario in which I'm meaningfully harming the bottom line of one of these incumbents could just be buy it out from under me, which is indeed how this generally plays out in the real world
If we are serious about regulating monopolies, we have to understand that remedies that rely on raising operating costs are simply always going to be ineffective
As far as I know there’s no real scalable way for that to work in the Windows ecosystem.
Especially in modern systems where the graphics card could do all of it and so the host PC never has access to the decrypted data or keys in the first place.
How are you doing that?
Applications like Play Integrity could be quite different: say a bank can refuse to move money if your instructions to move money comes from a device deemed not trustworthy by Play Integrity. That's like a bank can refuse to let you into their branch if you are dressed in swimwear. A game can also deploy this tech for anti-cheating purposes; really no different from a real-world casino refusing a customer who is known to be good at card counting.
Also why the hell you believe that the same copyright rules that apply to a movie that can take millions to make and keeps relevance for years should apply to a news article for example? It's madness.
Furthermore, there is also no legal basis in differentiating copyright by the budget involved to produce the work.
That follows a basic pattern for any effective change, normal people pretty much always just whinge and achieve nothing. They're lucky to even be allowed the pittance of political power that is voting, historically speaking.
I think if you want people to care, you need to find a real world case where they are being blocked from doing something they really want to do- the abstract philosophical arguments about freedom are total non-starters.
Possibly an alternative media supplier that was fundamentally less hassle, faster, and more reliable because it didn't have these systems could get people to switch. But good luck getting the digital rights owners to let you put their content on your platform.
Or maybe convince people they can get higher quality media that way. I have a newish Mac with an amazing HDR screen, but few of the streaming sites are willing to stream the HDR content to my device.
However while audio accelerators came back the protected media path business means they aren't "generally programmable" from major OS APIs even when both AMD and Intel essentially ended up settling on common architecture including ISA (Xtensa w/ DSP extensions, iirc), and are mainly handled through device specific blobs with occassional special features (like sonar style presence detection)
*To all intents and purposes, I'm sure there's some exceptions with no market share.
Intel ME has a role in PAVP (Protected Audio/Video Path).
It's a legal hurdle, not a technical one that prevents the 'above the board' software suppliers from adding this feature.
Pirates clearly are able to extract the 4K video and upload them to torrent sites, but the average media consumer would rather pay a netflix subscription fee that deal with the shady underworld of those sites with the virus installing and crypto mining popups, warning letters from your ISP, etc.
They've managed to make it hard enough that the number of people that do it is insignificant to their bottom line.
[1] https://torrentfreak.com/could-piracy-help-netflix-win-the-s... [2] https://www.indy100.com/celebrities/sydney-sweeney-pirating-... [3] https://arstechnica.com/gadgets/2024/10/nfl-player-illegally...
Modern games console security shows you can easily build DRM that lasts 10+ years. Xbox One came out in 2013 and was never properly breached during its entire lifecycle, Xbox X/S replaced it and have also not been breached. Microsoft figured out how to make strong DRM ~15 years ago on devices they design and manufacture. There's nothing wasted about that effort given that it lets them subsidize the console costs and block cheating.
So I'd put accessibility and consistency as important parts of UX that torrenting can often miss out on. For the common person who is using Windows/Chrome, macOS/Safari, or a gaming console, those parts can easily be more important.
Of course, these methods start to shine when legitimate methods are even less accessible. For instance, U.S. sports streaming is an absolute mess with multiple networks, regional blackouts, etc., on top of buggy apps, so that you sometimes can't watch a game legally for any price. People have widely picked up illegal streams as an alternative, usually preferring familiar platforms like YouTube if the streams aren't taken down quickly enough.
As far as I’ve seen, they pretty much grow on trees as far as films are concerned. TV shows are a very different story though and outside of hugely popular series are far more inconsistent.
You have to learn how to navigate an ever-dwindling list of trackers and probably a VPN, which is already too tall a hurdle for the overwhelming majority of people. Time is often worth the price of a 4K Roku and a subscription, even though that's still a technically inferior experience at the end of the day.
Piracy has two very hard problems: privacy and moderation. Moderation requires authority; authority requires trust; and trust relies on identification. I think we might be able to resolve this by replacing moderation with curation, but that's going to take a lot of ground-work that I'm too ADHD to do myself.
About 9.5% ($23.244 billion) was from Windows "including Windows OEM licensing and other non-volume licensing of the Windows operating system; Windows Commercial, comprising volume licensing of the Windows operating system, Windows cloud services, and other Windows commercial offerings; patent licensing; and Windows Internet of Things."
Compared to FY 2023, devices revenue decreased 15% and Windows revenue increased 8%.
I've only ever seen one piece of x86 hardware that was sold with or without Windows in my lifetime. It was $15 cheaper at the time to buy the Windows version and install Ubuntu myself.
Personally I choose not to do that. My girlfriend sent those nude photos to me, not to my heirs or the executor of my estate. It's impossible to "get back in" without the password, and that's how it's meant to be. Of course if you've got no sexy photos, and lots of treasured photos of your family growing up, you might feel differently!
This "ideological purity" didn't come out of nothing, it came out of the very practical issue of who is in control. People forget that RMS came up with the whole thing because he wanted to fix a broken printer and was denied the source code that could help him fix the issue.
He wasn't siting in some ivory tower coming up with abstract philosophical questions, he was in some lab and had an actual practical problem he wanted to fix.
Ideological purity is a valuable thing. Look at Minix, hell, even look at the BSDs today. These are projects that have collapsed because of their feature obsession and ignorance of ideology. The differentiation of ideology is what makes free software uniquely successful - it is the feature.
> Mainstream users see Free Software people as irrelevant kooks, and thus easy to dismiss, which is why Free Software has so utterly failed as a movement.
Mainstream users don't think about Free Software at all. They certainly use it though. They rely on it, to provide and maintain the runtime their cell phone and iPad and router all depend on. It probably runs an RTOS on their grandpa's CPAP machine, it probably occupies the DVR for their cable TV and it's likely running on their games console and personal computer, too.
Free software is even more inescapable than proprietary software. If users cared enough to understand the difference, you and I both know they would accuse the businesses of being the irrelevant kooks. Not a single "maintream user" I know would defend Apple or Google or Microsoft's business practices as software companies. No one.
> I'm sure flat-earthers feel that my belief that earth is an oblate spheroid is peculiar, too. Of what relevance is that to anyone?
As the other comment suggested, this is both an insincere response and one where you are the flat earther here. The FSF has reasons that they hold the principles they do, and you haven't refuted any of their ideology. You are the guy lambasting Gallileo, and when Gallileo asks you why heliocentrism offends you, you are replying "because the mainstream clergy sees you as kooks." It's not a response at all.
> The emacs developers don't even understand how large chunks of emacs work
Nobody is so stupid that we expect every kernel dev to understand the whole of the kernel. It's folly, and not what I was asking anyways. Nobody at Apple understands how the entirety of iOS works either, but that's not an implication that it's inherently insecure. What makes the FSF balk at Apple is the inaccountability. The lack of reason associated with their statements asserting the privacy and security of a system that sues it's auditors.
If you have a more reasonable heuristic to suggest, I'm all ears.
I'm lambasting the people who think this fictional Galileo is a good public persona to lead their political movement, because this Galileo can't convince anyone of anything because he is almost entirely devoid of the skills one needs to advance a political cause even if Galileo might have written some good C code 45 years ago.
>If users cared enough to understand the difference, you and I both know they would accuse the businesses of being the irrelevant kooks. Not a single "maintream user" I know would defend Apple or Google or Microsoft's business practices as software companies. No one.
I can see we have irreconcilable differences. I find this statement ludicrous.
I know lots of people who understand what free software is and choose to make a living selling proprietary software.
This will be my last reply to you.
That's not what I asked you, though. Do those same people defend Microsoft and Google and Apple's business strategies? Do they respect what the apex of proprietary software looks like, replete with advertising, data collection, vaporware promises, removed features, integrated spyware and mandatory junk fees? Unless your friends are an LLM, I suspect they don't, because they've been burned before and know better. As no serious economist promotes laissez faire economics in the 21st century, laissez faire software is not healthy for humans either. The abuses are right in front of us, and the blame is simple to dole out.
It's for your own good that you stop replying to my comments if you're going to twist my words and avoid the topic. Free software isn't bound by the pragmatic demands of a market, and yes, that means that it can fail, but it can also end up displacing entire product categories as well. Anyone familiar with the past 3 decades of computing history knows this to be an irrevocable and proven fact. We would not be having this conversation on the internet if proprietary networking standards prevailed over open ones.
(The Earth being round doesn't directly matter in practice to most people. It does have inevitable consequences though.)
Or perhaps a better example is anthropogenic climate change : here too the implications are extremely inconvenient for most people, so denial is rampant.
> Device Key Set. An HDCP Receiver has a Device Key Set, which consists of its corresponding Device Secret Keys along with the associated Public Key Certificate.
> Public Key Certificate. Each HDCP Receiver is issued a Public Key Certificate signed by DCP LLC, and contains the Receiver ID and RSA public key corresponding to the HDCP Receiver.
> The top-level HDCP Transmitter checks to see if the Receiver ID of the connected device is found in the revocation list.
[1]: https://www.digital-cp.com/sites/default/files/specification...
This is not the case, unless we are talking about trade secrets, and in case of trade secrets, only applicable to board members and employees.
Of course for music DRM has proven to be pointless. People want to stream music, not buy music, and preserving media across so many media obsolenscence events has been such a pain that streaming is the only manageable solution for most people -- consumers don't want to make and manage copies anymore.
The same should apply to movies and such, but maybe not -- it's not clear yet.
This is not how corporate fiduciary duties work (courts repeatedly ruled there is no explicit responsibility to maximise profits or minimise taxes; Swedish Aktienbolaget are a notable exception there), though it is a common misinterpretation of them.
The point being is that Microsoft's implementation on Win 11 Home ("device encryption", aka unconfigurable BitLocker) is sufficient for nearly all of their user base. If you're a target of a 3-letter agency, additional security measures are required.
So they're a heck of a lot more flexible.
But in a corporate environment, you might not give a shit about Linux support, and you might think it's better if the user can't unplug the key and plug it into another PC, because corporate workers should only connect to corporate systems with their corporate-issued laptops, and corporate helpdesk will sort out any hardware problems.
Knowing any data on it cannot be recovered by malicious actors can be very reassuring.
The proper solution should be secure by design and user friendly. We shouldn’t compromise the former for the latter.
Not at all. You can get your recovery key back via a few different means (for 11 Home, OneDrive/printed/PDF, for enterprises, various ways) and boot into the Windows Recovery Mode environment to perform the same repair options one would have without BitLocker in place.
That's exactly where you got your priorities wrong.
Yes there is a tradeoff. But backing up your data is easy (especially in a corporate environment), while security is hard.
And computers do get stolen a lot all the time, just not in your circle.
How is restricting which machines can run Windows 11 "forcing an upgrade cycle" on the software? It's clearly doing the opposite, by making Windows 11 upgrades less likely.
The real motivation people have for upgrading to Windows 11 is Windows 10 going out of support. And the EOL date is totally orthogonal to the TPM requirement.
Sadly even in tech many people do not seem to see smartphones as real computers.
If you/people were brutally willing to crack them open, the "enjoyability" of using them for "hacker-minded people" could be improved insanely.
No thanks, an outright ban is necessary. This will not prevent manufacturers from doing business no matter how they may whine about it, and frankly if this does somehow kill their business it should
Use Microsoft edge for playback (so you get 4K HDR). Stylish as addon to remove any player hud.
Especially useful if you want to legitimately use copyrighted content but obviously can't just use a pirated version.
ViewHD 2 Port 1x2 Powered HDMI 1... https://www.amazon.com/dp/B004F9LVXC?ref=ppx_pop_mob_ap_shar...
Ever wondered why netflix 4k web-dls take a while for less popular shows?
Netfliy monitors these more tightly apparently and blacklist keys that are used to download. Then the group needs to buy some new device, the old one is burned.
Macs haven't had TPMs for a while now (I think Apple never really used it and dropped it even before the Apple Silicon switch), but of course they have their proprietary equivalent.
Not entirely fair. There is still a kernel and a privileged userspace layer. That hasn't changed. The OS implements a common API that abstracts over ISAs and other finnicky hardware details that are under constant short term churn.
It's just that peripherals themselves have become so incredibly complex that many of them now require their own embedded systems in order to operate. The hardware was always a black box it's just that now it contains an entire embedded OS.
BS. Either we're privileged and can copy their precious content, or they're privileged and we cannot.
The current status quo is they sit above us in the truly privileged hardware modes while we are isolated, virtualized and sandboxed for their safety. It's not our computers anymore, they're just allowing us to use them.
> truly privileged hardware modes
The presence of a hypervisor doesn't imply paravirtualized hardware. Neither does the presence of an entire OS on modern GPUs imply a reduction in kernel responsibilities. Ring 0 is still ring 0. The OS is still managing and abstracting hardware in the same way that it always was.
That doesn't mean that these other things aren't concerning developments. Particularly having an entire unauditable shadow OS running on the CPU is an incredibly dystopian scenario that almost seems unbelievable. But technical accuracy is important when discussing these things.
Also, how does criminalizing it actually help anything, since the difficulty is in the scale of it happening and the difficulty of detecting it rather than the severity of the penalties, and imposing draconian penalties on random kids only turns the public against you?
And you can't even get evidence of intent from this anyway because DRM circumvention tools don't actually come with a ski mask and a set of lockpicks. You install a tool called "video downloader" which supports a hundred sites and 10% of them have some kind of DRM which it automatically strips in the background, you may not even be aware that it's happening when you use it.
Pirating high-res videos already requires special hardware to remove HDCP. It's cheap now because HDCP is notoriously weak. A future standard may start needing a $500 device, or even a $5000 one.
Is it still relevant nowadays? I thought most people just went to online streaming, and you don’t need DRM to enforce all that stuff there.
> Pirating high-res videos already requires special hardware to remove HDCP.
That is true, and a new standard might make it harder for a few years, but:
1. The switch won’t happen overnight, which means pirates would still use HDCP while working on the new one.
2. It’s possible to make piracy prohibitively expensive, but the standard would have to be really really complex. Like, “putting hidden watermarks with display serial number on the stream and revoking keys just for that display” kind of complex. I don’t think it’s feasible.
Controlling that is worth quite something.
No matter who is re-elected, there's a preset window for law & policy, which perhaps only public outrage (and opportunist politicians) can shift. Outrage is a high bar (may be perhaps outside of Twitter).
If you modify it thanks to remote attestation you can no longer prove that it is unmodified using the TPM.
In Android phones for example you cannot screenshot banking apps. And if you root (modify the OS of) your phone, banking apps refuse to work.
Some monitors [1] have cheats like that built in now, too. They are much more limited than what cheats do today because they only have access to information visible on your screen (can't see other players through walls).
[1] https://www.tomshardware.com/monitors/msis-ai-powered-gaming...
If you're cheating with a video capture card, this likely means you're allowing a program to rewrite your inputs to more accurately target player models. You will likely be banned if you do this on the same machine via screen capture. A video capture card can process the information on a separate computer, e.g. location of enemies by searching for specific colours, then write into a virtual USB mouse on the gaming rig to keep the player's crosshair on the enemy model. I'm not sure about specifics, but this kind of cheat is almost undetectable; it is only really mitigated by the cost and effort involved to do it.
Players can add additional mitigations on top of this, like only activating aim assist while the shoot button is pressed, to make it entirely undetectable.
The size of market share is irrelevant, doesn't change the hard fact that Microsoft does indeed produce hardware.
Like the healthcare system's consolidation and scale that allows it to deal with massive extra costs and the degree to which that system is beholden to predatory technological models is if anything a great motivating example for the potential benefits of a ban
Not necessarily. I'd bet that the fraction of $ microsoft makes from selling windows licenses _retail_ is a rounding error away from zero compared to what they get selling bulk/volume licenses to corporate / OEM.
It's in microsoft's interest to make sure that dell/hp/lenovo ... etc have reasons to keep buying licenses to put on the new computers they're selling.
I suspect that TPM is about making the PC less open than it traditionally has been. For the majority of people on this site, that's going to cause a deathly-allergic reaction. For the majority of the population, there's some security advantages to having windows manage device security from POST.
Corporate customers already have a VLK which will cover Windows 11 [Pro/Enterprise]. The hardware is the only cost for VLK customers -- Windows licensing is already covered under the existing Enterprise Agreement. EAs often have current version and current version - 1 covered, thus a VLK will entitle one to both Windows 10 and 11 as of today.
It would be odd to think that corporate customers haven't been using BitLocker w/ TPM since at least Windows 7, if not Vista. FDE has been a Corporate Security Checkmark(TM) since it became available.
> I suspect that TPM is about making the PC less open than it traditionally has been.
By traditionally, do you mean prior to 2006 as that is when we first saw and started using TPMs?
I suspect Microsoft has numbers which suggest people rarely upgrade their OSes anymore; they're more likely to upgrade their hardware. Enthusiasts still will do whatever but these changes aren't targeting or caring about enthusiasts.
For this theory to work, it would have to be that there's a significant population that a) wants to run Windows 11 instead of Windows 10; b) will buy a new computer to do that; c) would not pay the price of an OEM license for a version upgrade.
That's a far more direct option, which also largely doesn't work. Corporate IT doesn't like doing in-place major OS upgrades. Consumers just plain won't, unless it's free and easy.
I don't see how this supports the theory that this is all about revenue from Windows OEM licenses from forced hardware upgrades.
I buy a GPU in 2025. I buy a new motherboard in 2026 and plug the GPU into it. How does the GPU learn about the new EK CA? These are devices that can be moved between systems, you can't delegate this to the platform vendor or TOFU, the GPU would need to generate independent trust in the TPM.
The other way would be accept that the GPU that the content is to be played on might not be the same as the device on which the TPM exists. You could have the GPU on a computer halfway around the world and use a TPM from another system to which the user account is registered on the DRM site. Not great, but as a form of account sharing and subject to account sharing detection, it's not bad.
My point in my above reply was to say that even if TPMs were used by GPUs then TFA's point would still stand.
Unfortunately it's not available on consumer hardware anymore, and in the cloud only Azure really supports it AFAIK. And you have to write apps for it specifically, and then you have to have clients that know how to do remote attestation and bind it to secure channels, and you have to program in a threat model in which rewinds are possible at any moment. This is very hard, and it turns out most people in the market don't really care about their data that much (are happy to share it with trustworthy institutions). So it never really took off. But the tech is decent.
This is exactly my problem. Before ideas like this surfaced, the demarcation line between who controls what was purely based on ownership. The machine that I own acts only on my behalf and in my best interests, the server that you own does so for you (or atleast for PCs this has always been the case)
TPMs, attested bootchains and whatnot trample on this whole concept. It's like your very own hardware now comes with a built in Stasi agent that reports on your conduct whether you like it or not. It bothers me on a visceral level and I'm constantly wondering if it's just me.
Attestation is just a tool. It can be used for all kinds of things and doesn't privilege one side or another. The average app developer doesn't truly care what device you use, they just want to cut out abuse and fraud, which are real problems that do require effective solutions.
Ultimately, trade requires some certainty that both sides will act as they promise to act. Attestation is more important for individuals attesting to companies because individuals have so many more ways to hold companies to account if they break their agreements than technology, like the legal system, which is largely ineffective at enforcing rules against individuals due to cost.
Almost complete disagree on TPMs. A better comparison than a spy would probably be a consulate (ok, maybe an idealized one, located underground in a Faraday cage): Their staff doesn't get to spy on you, but if you ever do want to do business with companies in that country and need some letters notarized/certified, walking into their consulate in your capital sure beats sending trustworthy couriers around the world every single time.
To torture that analogy some more: Sure, the guest country could try to extend the consulate into a spy base if you're not careful, and some suspicion is very well warranted, but that possibility is not intrinsic to its function, only to its implementation.
It's not just you.
It disgusts me so deeply I wish computers had never been invented. A wonderful technology with infinite potential, capable of reshaping the world. Reduced to this sorry state just to protect vested interests. They used to empower us. Now they are the tools of our oppression.
I think it's fair to assume that in a world in which almost every device supports attestation and makes it available to any service provider by default, without giving users an informed choice to say no or even informing them at all, service providers are much more likely to provide access exclusively to attestation-capable clients.
That, in turn, has obvious negative consequences for users with devices not supporting attestation (whether out of ideological choice, because it's a low cost device and the manufacturer can't afford the required audits and security guarantees etc.): Sure, these users will always be able to just refuse to transact with any service provider requiring attestation.
But think that through: We're not only talking about Netflix here. At what availability rates of attestation will decision makers at financial institutions decide that x% is good enough and exclude everybody else from online banking? What about e-signing contracts for doing business online? What about e-government services?
I am at the same time excited about the new possibilities attestation offers to users (in that they will be able to do things digitally that just weren't economically feasible for service providers, since they often have to cover the risks of doing so) as I am very wary of the negative externalities of a world in which attestation is just a bit too easy and ubiquitous.
In other words, the ideal amount of general purpose attestation availability is probably high, but significantly below 100% (or, put differently, the ideal amount of friction is non-zero). Heterogeneity of attestation providers can probably help a bit, but I'm wary of the inherent centralizing forces due to the technical and economical pragmatics of trusted computing.
When it comes to financial or legal matters (and this includes online banking) a small dedicated hardware element for signing fingerprints is all that's ever been required. Anything more is an overreach.
It doesn't matter. Those devices fail hardware remote attestation.
> Some remote servers won't give you service if you do that, but nothing is locking you out of your device.
The device's purpose is to be used. If it can't be used without giving up things like banks and private communications, it won't be used.
Device is not locked, it just turns into a paperweight if you actually unlock it.
> As Android dominates the global market, you already live in that world where most devices are open.
Wanna know what else dominates the global market? WhatsApp. In many regions of the world, without their services, you are ostracized.
Marriott (the hotel brand) shipped a release of their Android app that refused to run on unlocked devices.
It probably didn't impact the majority of (locked) Android devices, so why would Marriott care?
And with one app update, a valid user configuration became less capable.
I just installed KDE Connect, and an open source keyboard. Banking apps refuse to run because of those (because my keyboard might see my keystrokes!!!). They don't even need a failed hardware attestation to refuse you service.
So even if you don't try to modify your device, your device might still end up like half a paperweight. I either can't do banking, or I can't use the functionality I want.
Where is the evidence this device strips HDCP?
I'm not saying that the TPM is incapable of being abused by manufacturers and OS authors, but the FSF really weakens their argument when they predicate it on something that's not actually true. Ex falso quodlibet (you may prove anything if you rely on a falsehood).
I believe that's intentional (it would be illegal to import if it was advertised).
> What makes you think it will strip HDCP?
I've got 6 in use for lecture/talk recording without worrying about HDCP. Especially useful for presenters casting to chromecast or presenters using macbooks with DRM software (as blackmagic SDI converters don't support HDCP at all)
However, the detection and enforcement can theoretically be done by any device or software that has access to the audio signal. The monitor, the GPU, the playback software, the operating system, etc. could each individually decide not to play the file, making it not work. Some of those can be bypassed in various ways, some can't. But instead of computers, there are smartphones, commercial media players/receivers, and televisions/projectors, which seem the most likely places to target for enforcement, and those would affect most people.
Nevertheless, I do wonder how real this actually is. Again from the decade-old Wikipedia article, it seems like Cinavia was meant to target both recording devices and playback devices. However, the Aurora theater shooting happened not long before the article stopped getting meaningful updates, and I wonder if public safety concerns stalled its deployment. Also, the article mentions that people were finding ways to remove or neuter the signal. I also didn't encounter any problems with what I assume to be protected media (a 4K movie and a 1080p TV show), either recording my screen with my Android phone, nor with playing it back on that phone and with VLC on my Windows computer with an nVidia graphics card.
I don't know whether streamers use it but it was widely deployed in the era when movie piracy revolved around making pirated Blurays. For instance the PS3 would silence the audio on a burned Bluray that had a theatre or TV cammed title protected by Cinavia on it.
A lot of this is about catching the fat head though. People who play videos using some hacked up VLC on Linux don't bother the studios, they're long tail and don't make a revenue impact. They're after the ordinary people who want to watch pirated stuff on a regular home cinema system.
Everyone loves cryptography and wants it working in their favor. Everyone. It's great for us when it protects our messages and browsing from surveillance capitalism and warrantless government espionage. It's extremely bad for us when it becomes the policy enforcement tool of corporations and governments.
Remote attestation means we either we run the software which does their bidding and protects their interests and bottom line or we don't participate in society or the economy. Only way it could get worse is if the government starts signing software as well. One day even the goddamn ISPs will refuse to link to our hardware if it fails attestation.
It's literally the end of free computing as we know it. Everything the word "hacker" ever stood for, it's over.
Expensive, yes, but at that point you're already spending real money on a second computer with a GPU to do computer vision on the game video stream, so...
edit: to further your point, though, I think most people's gaming monitors don't support HDCP _at all_. [citation needed]
It priveleges the side that designs and uses it. By and large that's going to be the corporations, not individuals or those acting to maximize their interest.
I don't doubt that. But the price of attestation, if it's not properly isolated from the hosting OS (like Microsoft's completely unrealistic attempts of bringing the whole OS into the trusted computing base, kernel and applications and all), would be a homogeneity of computing I don't think is necessarily worth the benefits.
The good news is that such proper isolation is not only possible but even desirable (it keeps the trusted computing base small), and if done well could actually replace annoying half-measures such as "root detection": Who cares if my phone is rooted, as long as my bank's secure transaction confirmation application is running in a trusted, isolated enclave, for example?
From this point on this is more of an emotional argument rather than a technical one, but I feel like the negative effects way outweigh the positive ones. Giving MORE power (be it technical or poltical) to big tech companies is just tipping the scales in their favor so much we will even worse off than we already are.
But if you work in anti-fraud and are fixated on solving this problem as effectively as possible, I can imagine not caring about this too if I were you...
Not at all. The OS is not "managing" anything. It has no direct access to the real hardware. Only the firmware does. The OS is just talking to the API the firmware presents.
They're not our devices anymore. They're intel's, nvidia's. They dictate how we use them. The hardware's just sitting there, waiting for the right electrical signals to come in. But the OS is not the one sending those signals. Their firmware's in charge of that. It's the middle man between the OS and the device we paid money for. If the firmware doesn't like the tune we're singing, it shuts us down.
There are completely separate computers inside these things. They don't run our code, they only run signed code. Whoever has the keys to the machine's code owns the machine itself. And it sure as hell ain't us.
Yes, firmware has continuously become more complex. Yes, if you go back far enough (quite a long ways) there wasn't any.
Peripherals have always been a black box that increased in complexity over time. That increase in complexity does not imply a decrease in management complexity on the part of the kernel. Far from it! Modern device drivers are far from simple.
> They're not our devices anymore. They're intel's, nvidia's.
This is arguably true, but it is also a rather separate topic of discussion.
> They dictate how we use them.
That's largely only in theory. Now if you had said that Apple or Samsung were dictating how we use our phones I would have been inclined to agree. But I don't think gating certain features in the CPU or GPU for the purpose of market segmentation qualifies as dictating how I use my device. I don't like the practice, but I can't deny that I am able to use the APIs provided by the device in an arbitrary manner without it phoning home to the manufacturer or otherwise authorizing the specifics of their use.
> But the OS is not the one sending those signals.
Depending on how you define "sending those signals" and where you consider the boundary between sender and receiver to be you could reasonably argue that the OS never did that to begin with, or alternatively that it has always done so and still does. It's really quite arbitrary and depends entirely on where you consider the boundary of the device to lie.
I purchase a peripheral. It is a black box that implements some device or manufacturer specific API. The kernel has a device driver that abstracts over this and provides a generic userspace API that will (hopefully) remain relatively stable for multiple decades. That's the extent of the contract and that hasn't changed at all.
The device driver situation is already nearly unmanageable. Imagine how much worse it would be if the kernel needed to manage every last minute hardware detail down to the model and even sub-model variants. For example, for every USB mouse and keyboard, past and present. And that's before we even consider things like the firmware for the USB controller on the mouse, which in all likelihood is its own modularized unit from an entirely different manufacturer. But we're going to need to account for every last detail of that ourselves if we fully commit to the "all opaque firmware bad" route. After all, for the kernel to "truly" be in control of the hardware I suppose it will need to manually manage every last pin that falls under software control.
Technical accuracy and nuance is really quite important here. There are many different nefarious things happening at once. Conflating them only serves to confuse the discussion and leads people to (wrongly) believe that there's no need to worry about those weirdos ranting and raving in the corner.
Complexity is not the point. Control is. The operating system should be in complete control of the system, and it isn't.
Complexity is part of the reason for that. The actual hardware is exceedingly complex, so manufacturers simplify it with firmware that presents a more convenient API.
That's convenient but it means we are no longer in control of the hardware. We merely interface with the convenient abstraction presented to us. It's that abstraction which actually drives the hardware, not our "drivers".
And that obviously becomes a mechanism by which to control us. Access to perfectly good hardware could be denied by the firmware for unacceptable reasons such as market segmentation or copyright enforcement.
> But I don't think gating certain features in the CPU or GPU for the purpose of market segmentation qualifies as dictating how I use my device.
BS. I want to copy stuff. It's not letting me. It's that simple. Some nonsense about "protected video paths".
The hardware is working and able but a fundamental computer operation cannot be performed because the firmware doesn't want to. Computer says no.
> The device driver situation is already nearly unmanageable. Imagine how much worse it would be if the kernel needed to manage every last minute hardware detail down to the model and even sub-model variants.
If that's the cost of maintaining control, we should pay it gladly. Better than growing comfortable with the manufacturer's convenient abstraction which also conveniently allows them to control what we do with "our" machines.
> There are many different nefarious things happening at once.
There is exactly one thing happening here: corporations usurping control of our devices to protect their interests and profits. The means by which they do so are far less important, they are merely details.
These details are irrelevant in the grand scheme of things. It's all about control, about giving you less of it, the minimum amount of it. The exact mechanism by which they do it is irrelevant.
It's always some abstraction, some indirection, a little bit of clever cryptography. Maybe there's an even more privileged hidden OS running on the CPU which can access everything while we can't. Maybe there's some signed firmware running in a completely separate computer in the hardware and that computer acts as a middleman and gatekeeper. It doesn't matter. Our goal should be to take over the functions those components are doing, whatever it is that they do. They should be running our code, doing our bidding.
> Conflating them only serves to confuse the discussion and leads people to (wrongly) believe that there's no need to worry about those weirdos ranting and raving in the corner.
What else is new? Stallman has been warning everyone about exactly this for nearly half a century already and people still treat him like some lunatic religious zealot despite the cyberpunk reality we live in today. Even I made that mistake at some point in my life.
If they won't listen, they'll suffer the consequences. They'll end up living under the control of corporations. Might as well remove the word "hacker" from this website's name because everything it ever stood for is over.
In my opinion, Stallman's mistake is he's way too nice about it. Always speaking softly and being reasonable about everything. Always getting bogged down over precise wording and irrelevant details. GNU has an entire glossary page dedicated to precise wording.
Meanwhile, the entire industry has worked around his ideas by isolating his free software and maintaining control with firmware. To have a truly "freedom respecting" computer with no firmware blobs, you gotta get one from literally decades ago. Because these days everything has firmware which you do not control. If you're lucky. If you aren't, you get something that's literally locked down to the point you have no choice whatsoever. What good is free software if you can't run it? It's worthless. It's worse than worthless: one day you wake up and you realize you were working for free for the corporations who are now profiting off of you while denying you the control you wanted.
It's all very simple. Free computers are subversive weapons. They have the power to literally wipe out entire sections of the economy. They have the power to defeat judges, armies, nations. They are quite literally the most important invention of mankind.
Naturally, corporations and governments will do everything in their power to control what you can do with a computer. First, they reduced computers to toys which could run all programs, except the ones they didn't like. This sort of "computer" is what we are discussing right now. Computers where you can do everything except copy their precious content. They are currently in the process of reducing computers to toys which refuse to run all programs, except the ones they like. That's the mobile landscape. Does it matter that hardware remote attestation is the mechanism by which they're doing it? Not much.
I can barely find the words to describe how disgusted this status quo makes me feel. I know what they're doing and I know they're succeeding. It makes me sick. Like I'm witnessing something great be destroyed due to greed and fear. I feel sick.
If that makes me the weird fellow raving in the corner, so be it. I'll keep raving in every thread about the subject until the day I get banned by dang. There's no point to this site if they win anyway. What good is Hacker News if you can't hack?
SGX works, conceptually, because of the division of labor between Intel and the people running the machines:
1. Intel can't break into your enclave even by subverting SGX, because it doesn't have access to the computers (isn't your cloud operator or network admin).
2. The people with access to the computer can't break into your enclave, because SGX blocks everyone except the enclave owner and Intel.
With Nitro, Apple's approach and a few others the logic becomes:
1. Amazon can't break into your enclave even if Nitro has a back door because Amazon don't have acces.... oh, wait.
SGX is conceptually sound because subverting it at the design level requires the CPU maker and the cloud operator to team up against you. This could happen, especially if you use a US cloud and the US government gets involved, but the bar is much higher. And of course you can always choose to run the hardware somewhere the USG can't get at it, requiring a coalition of those two governments or providers
For most public cloud users having to trust the cloud operator is just a fact of life. Even if the SE were strong up to but excluding collaboration of the CPU vendor and the cloud operator, the user would have to run most if not all of their code in the SE, which is one thing the SEs invariably can't do.
(I think it is gross that this is how Microsoft and the PC OEMs think is the best way to increase revenue together, but I think there's enough evidence that this theory is relatively accurate portrait of one of the factors for why Windows 11 is the way that it is.)
what on earth makes you think that "what the users actually don't [or do care about]" has any affect on what corporate IT does with their users' devices?
do you think corporate IT is going to say "oh ok" when a user says "i don't want to upgrade to Windows 11 or a laptop that has TPM"
c'mon. lol.
But it seems that you're disagreeing with the GP. So let's say for the sake of argument that you're right about that. Just what is your theory for how the Windows 11 TPM requirement is leading to more Windows licensing revenue?
For example Macs and RedHat systems require HDCP if you've used Spotify or Apple Music since the last reboot (which applies to most speakers).
Some Chromebooks can't provide direct display out but cast to a ChromeCast instead, which also always requires HDCP.
We've also had talks on media and cultural studies which use a clip from e.g. a Netflix or Amazon Prime show as part of their talk. HDCP is almost guaranteed in this case.
If your HDMI chain signals that it can't handle HDCP, some computers will obey that (and downgrade or stop playback). But most broadcast HDMI tech can't even signal that HDCP is unavailable, so you'll get HDCP by default.
That's why every major venue, university or event has HDCP killers stockpiled. For 1080p60 that used to be cheap chinese HDMI splitters, nowadays it's mostly these Hagibis cards. If they're really fancy they'll have an HD Fury with HDCP removal license, but those cost ~$600.
It's quite easy to grab the encrypted media files, as they go over the wire - do this from two devices and compare what you get. (you don't need to strip the DRM to see if the two files are identical)
If that's just a total of a single day, 365 cheap netflix devices per year certainly isn't out of the question, especially with the number of people involved in the many ripping groups.
You can absolutely install Linux, run secure boot (e.g. to protect you against "evil maid attack"), use your TPM to store your SSH keys, and live a happy and attestation-free life.
You can also do other things, but if you don't want to, why would you?
No, this is a misunderstanding of what a TPM is.
A TPM is a secure element inside your computer, similar to the chip running your credit and debit card. That's it. Without you using it (i.e. your OS or an application you installed asking it to do something), it's exactly as dangerous as a blank chip card in your house that you don't use and didn't open any account for.
If you don't want anybody to talk to it, don't install applications or OSes on your computer that do things you don't want. You have full control over that! Not running software that's not acting in your own best interests is generally good practice anyway, TPM or no TPM.
> [...] a small dedicated hardware element for signing fingerprints is all that's ever been required [...]
You might be happy to hear that that's exactly what a TPM is, then!
As you say, a TPM alone can't do much of anything and doesn't pose much of a threat. Of course expanding the acronym - Trusted Platform Module - is a bit of a giveaway. They were always fully intended to serve as the root of trust for much more nefarious things.
Conversely, DRM is alive and well on almost universally TPM-less devices.
By the way, all of your comments in this thread end up dead – I had to vouch for them to be able to answer. Not sure what’s up with that.
Because the immediate next step after locking devices down is profit extraction from users.
Do you think Apple would have been able to maintain their App Store margins absent device control?
This has already been shown with videogame DRM like Denuvo. It's so hard to crack that only a handful of people know how, and yet they end up racing eachother so eagerly every time a new game comes out that it's usually done in under 24 hours. Unless you can beat "so secure that only a handful of people in the world can crack it" the situation will always be the same.
Minecraft: ~185,000,000
World of Warcraft: ~7,250,000
Dragons Dogma 2: ~4000
This seems more along the lines of nobody bothers to crack games nobody wants to play.Hardware: makes cracking much much harder and out of reach for a lot of people. Even the people that can do it are going to be drastically slowed down due to this.
Streaming: means you can block specific device keys once you know they are compromised (the hacker managed to mod the TV to be able to record from it).
[1]: https://www.reddit.com/r/CrackWatch/comments/1hqd4p3/crack_w...
[2]: https://www.reddit.com/r/CrackWatch/comments/ieo7u4/crack_wa...
No it hasn’t.
> Everytime a new game comes out that it’s usable done in under 24 hours
This is not even remotely true and is not based in any kind of reality.
But cracking Denuvo takes real skill- and there's no financial reward in it. Back in the 90s bootleg DVDs and CD-ROMs had organised crime making money from it.
There was something called Macrovision back in the VHS/DVD days that tried to defeat digital/analog conversion, and I'm sure visual techniques could be devised...
But I imagine someone with a good OLED and a good mirrorless camera (or even a cell phone nowadays) could make a pretty good 4K replication of any media that displays.
Sure, but the closer you get to the eye ball, the bigger the loophole is.
It's not common anymore, but _way_ back in the day, some releases were made *in the projection booth* with a semi-pro camera on a tripod pointed at the screen. (look for old NFO files with `TS` or `TeleSync` in them to get an idea of when this was common-ish)
The analogue loophole will remain open until there's a HDMI to optical nerve technology that we're all forced to get at birth.
This is kind of a pointless tangent, but you might not have to go that far. It's probably hard to get a recording of the Apple Vision Pro for instance.
I hadn't actually thought about that! For 99.995% of my time on this earth, "screen" meant "flat, glass, viewed from some distance". I guess it's time to spend some time thinking about what new ways to exploit the analogue loophole are...
I wonder which part would be harder: designing something to fool the "am I on a head? Where are the eye balls looking?" bits or the optics needed to re-combine the stereo?
DRM won't make me pay, it'll only take your trash out of my mindspace... which is probably a blessing anyway.
If we were to even assume the Column/Row drivers chips only accepted encrypted data they still have the individual traces coming out of them. The pitch of the traces is super tiny, but still possible to tap, but would be a massive pain, but still do able.
Although you can get devices that strip the encryption from an HDMI signal these days so it's kinda moot. So it's not exactly something anyone would need to do these days.
With a little bit of work (display a few calibration targets and build a quick and dirty LUT to match your display) you can get really convincing results.
(and I agree the result would likely be subpar, but better than it's ever been at any previous point in time)
Although it can only trip on certain devices or media players (mainly Blu-ray players, including PS3 onwards), I did read an idea that suggested Cinavia being placed inside an OS's kernel in a secure enclave to make it system-wide.
Aren't all device attestation schemes underpinned by authenticated boot which itself is underpinned by a TPM? This is certainly the case for Android - AVB is implemented on top of secure boot on all the devices I've ever owned (and Play Integrity, if I had ever permitted it to run, on top of that). Do I have some misunderstanding about the stack?
> Conversely, DRM is alive and well on almost universally TPM-less devices.
You mean software DRM I assume? Because the only TPM free hardware backed DRM that comes to mind is GPU based encrypted streams where the GPU does the decoding and final compositing locally. And even then the TPM-equivalent exists, it just isn't accessible to the end user.
SGX can be used to do various interesting things without attesting the state of the broader system, but none of the examples that immediately come to mind feel much like DRM to me.
> comments in this thread end up dead
Thanks for letting me know. I guess I should email them?
There's simply too much incentive for abuse.
The only way I personally could see supporting them is if there were first a legislative requirement that trusted modules always be user-modifiable.
However, the reason I think it's only "kind of" pointless... it is in fact true that as far as I know, there is no way to pirate any of the "immersive" TV shows Apple has released. You can't watch them on any other VR headset, or even watch some 2D version on a flat screen.
Which means there are videos out there in the world right now which are immune from the analog loophole, at least as far as I know. It's a very small subset of all the content that has been produced, and it will stay that way, but it does exist.
Cracking Denuvo as a hobby is not something a sane person would do, and the downsides if caught are higher when one is fully employed.
At least to me, a decade has passed since I left college and had spare time and energy to tackle such projects just for cred.
I'd imagine they do this via huge (non-consumer level) cameras as well as by professional editors and graders who spend countless hours on the process.
But that doesn't really contradict your point. I don't know. I've never seen a good screen recording but I don't download pirated films so perhaps I've never seen an instance of someone really trying to get it right.
Professional editors and color graders have to lower the dynamic range, because there is basically nothing that can get as bright as, say, the sun, and because basically no display can sustain peak brightness over the screen, which introduces an EOTF transfer curves, reducing the peak brightness and thus dynamic range.
You're right about pirated films, but that's because they're typically recorded in a run of the mill cinema while it's playing, not in controlled conditions in front of a carefully calibrated screen-camera combination taking a photograph of every frame.
True, any preboot password method (even fully software) will be sufficient to prevent data exposure when a laptop is stolen.
The whole TPM + secure boot thing is more to prevent evil maid attacks where a laptop is messed with (eg installing a bootloader that intercepts the password) and then placing it back in the user's possession so they can be tricked into entering the password.
That whole scenario is extremely far-fetched for home users. Laptops get stolen but then they're gone.
TPM means the system can boot and then do face login or whatever using the user's password in exactly one place.
This is as much as most users will tolerate. And it also means Microsoft account recovery can work to unlock a forgotten password.
The whole point is Microsoft don't want user devices to ever be trivially bypassed, regardless of how unlikely that is (probably more likely then you think though).
These things are everywhere: they're used by small businesses, unsophisticated users etc. but the story which will be written if anything happens because the disk was imaged sometime will be "how this small business lost everything because of a stolen Windows laptop" and include a quote about how it wouldn't have happened on a MacBook.
I've been using bog-standard FDE for as long as I can remember. One extra password entry per bootup for almost-perfect security seems like great value to me.
In fact in many cases a preboot password is safer. Because the comms between the TPM and the OS can often be sniffed. And if the TPM doesn't need validation because it hands off its keys, it can be bypassed that way.
Again not really something that consumers have to worry about, but it's not quite difficult anymore to pull this off.
Vast majority of users neither have that much important data to steal on their computer at all, just some family photos, some movies downloaded from the internet, there is the case of credentials saved in the browser, but the most important stuff (such as banking sites) nowadays requires a multiple factor authentication (such as password + OTP on your phone) to do any operation.
Let's just go back to single-user operating systems with exFAT drives.
If an individual expressly defeats the point of any particular security mechanism, that's on them. But to paint this broad brush of "I know someone who does X which makes Y pointless, so Y must be meaningless for everyone else" is silly.
The vast majority of homeowners aren't going to have a house fire. The vast majority of drivers aren't going to have an accident. Etc. etc. etc.
It's insurance.
> The current recommendation seems to be against SMS 2FA because the security of SMS really is that bad, so if you need 2FA, use an authenticator app or similar.
This is correct. But SMS 2FA is better than no 2FA. The attacks you speak of are targeted attacks, where the victim and phone number are known.
> Any snake oil can be painted as defense-in-depth.
It's not snake oil, however.
I've only met one person who's phone was stolen. They grabbed it while it was unlocked and within minutes after began scamming all the person's Instagram and other contacts asking for quick money for an emergency.
This is a huge upgrade, and nothing to sniff at. I also had someone try to grab my phone out of my hand and run off whilst walking on the streets in France. Unfortunately for him I can run extremely fast. Once he saw I was catching up and about to beat the crap out of him, he gently placed the phone on the road whilst running and gave it back to me. Before phone security got really good a guy like that would have been using the sneaky approach and then visiting a back room in a phone shop to reflash all the hardware IDs, but secure boots and the mobile security chips have got good enough that this is no longer feasible.
Also, SMS isn't, because attackers often get access to the SMS network itself (see e.g. Salt Typhoon) in which case they can do automatic mass account stealing because they can see all the totally unencrypted SMS codes.
The security of SMS really is that bad.
"Often"?
Without secure boot (backed by TPM), I can boot a small USB device that has LEDs on it to indicate to me that the target system has been infected to send me a copy of the target's password, after I already imaged the disk (or when I have another team member steal it or take it by force later).
If there's a UEFI password to access UEFI settings, I can reset it in under 20 minutes with physical access. Some tamper-evident tape on the laptop casing may stop me if I haven't already had a resource intrude into the target's home/office to have some replacement tamper-evident sticker material ready. Very very few places, even some really smart ones, make use tamper-evident material. Glitter+glue tamper-evident seals are something I can't spoof though.
It's not that hard to get into a hotel room. Often enough if a business books a hotel for you it's because they want access to your laptop while you're at lunch with another employee who so kindly suggests to leave your backpack in the hotel room.
disclaimer: all above is fictional and for educational and entertainment purposes only
Which is the same thing that happens with secure boot, because they just steal the whole device and leave you one that looks the same to enter your password into so it will send it to them.
Meanwhile if you're using tamper-evident materials then you don't need secure boot, because then they can't undetectably remove the cover to get physical access to remove your UEFI password or image the machine.
This angle of attack is generally unheard of, but should be considered. I can think of some mitigations that can work.
Tamper-evident materials are well-known by the crowds that will target users. There are many criminals among us, so many that those who don't have criminal psychology have a hard time wrapping their mind around it. Given this, I am cynical, and every defense within reasonable cost should be leveraged.
Depending on the implementation it's occasionally more secure. For me it's never "better."
A significant fraction of banks, retirement accounts, financial web services, ..., can fully reset your password using just the SMS "2FA," sometimes most also requiring an e-mail verification. That turns the device into a single factor much weaker than a password (making physical attacks -- ex-lovers, nosy houseguests, ... much easier). There are a variety of easy methods for taking over a phone number temporarily or permanently for <$15, so for the ones without e-mails it's literally just a cost/benefit analysis for a crook.
Knowing how often SMS 2FA gets screwed up, I'd strongly prefer to avoid services offering it (especially those requiring it) even if there were no other downsides. Toss in the inconvenience of having to drive into town (many rural places I've lived), find a point of higher ground (many taller cities I've visited), or whatever just to get cell service, and the whole concept is a nightmare.
And so on. It's painful to use, usually much less secure, and rarely meaningfully more secure.
It's rubbish. The circumstances that would make it even theoretically useful are rare and in practice it doesn't even work then. There is no reason to pay good money so you can be insured against alien abductions under a policy whose terms won't pay out even if you somehow actually get abducted by aliens.
> This is correct. But SMS 2FA is better than no 2FA.
The alternatives to SMS 2FA don't just include no 2FA, they also include any of the better 2FA alternatives to SMS.
Choosing SMS is like saying we should all bottle our urine in case we need something to drink later. There's juice and soda in the fridge and a tap full of water right over there, don't be crazy.
> The attacks you speak of are targeted attacks, where the victim and phone number are known.
How do you mean? Anyone who can snoop SMS gets a list of usernames and passwords from a data breach, tries them all against a hundred services, when that user exists on that service the service says "we sent SMS to your phone number at xxx-xxx-4578" so the attacker looks for any SMS code to any phone number ending in 4578 in the last ten seconds. Even if they don't have the phone number from the data breach, most commonly there is only one matching message, if there are two or three they just try all of them, and now they've compromised thousands of accounts on a hundred services because SMS is such rubbish.
On top of that, the targeted attacks also work against SMS. If you know the target's phone number you don't need to be able to capture every SMS to compromise them using SIM swapping or any of the other numerous vulnerabilities SMS 2FA is susceptible to.
> It's not snake oil, however.
It's a proposed solution with negligible or negative benefits over known alternatives. That's snake oil.
So then you're waiting for either that region to stabilize or demand for cracks to cause people somewhere else to get into the game, and in the interim you effectively have a temporary supply chain issue.
But it's hard to give credit for the ravages of war to the DRM pushers and it's not at all obvious that they've secured any kind of permanent advantage.
Also for technical reasons, Windows can't do the fancy one login/password screen (which assumes a file-level encryption, which is how it is implemented nowadays to support multiple users [1] [2]). This is due to Windows software that are expecting that everything is an ordinary file (unlike Apple which don't care on that aspect and Android which has compartmentalized storage). Even if we have an EFS-style encryption here, it will be incompatible with enterprise authentication solutions.
1: https://support.apple.com/guide/security/encryption-and-data...
2: https://source.android.com/docs/security/features/encryption
That's part of the reason. Another part is BigCo spamming the users asking for biometrics or whatever the current promotion-driver is, making opting out hard to find, and using their position of authority to assert that it's "more secure" (for your personal threat model no less, nice to be able to offload thought to a corporation).
The more recently released Trezor wallets are still new, and Yubikey 5C will probably be used in many places anyway just because of the keyring and no need for the usb-c cable.
1. Go into your room and screw around with the boot loader to somehow give me unencrypted access to your laptop after you login next time.
2. Go into your room. Take your laptop. Put an identical looking laptop in place that runs software that boots and looks identical. Have it send me all of your password attempts over WiFi to my van in the parking lot.
I'm going with option 2 every time. I have your original device. I have your password. TPM, SecureBoot, or whatever is irrelevant at this point.
Legend goes that security oriented people will visually customize their machines with stickers (and their associated aging patina) and all kinds of digital cues on the different screens just to recognize if anything was changed.
MS chose to impose TPM because it allows encryption without interactive password typing (BitLocker without PIN or password which is what most machines are running). That's it. The users get all the convenience of not having to type extra passwords when the machine starts, and some (not all) of the security offered by encryption. Some curious thief can't just pop your drive into their machine and check for nudes. The TPM is not there to protect against NSA, or proverbial $5 wrench attacks but as a thick layer of convenience over the thinner layer of security.
Maybe I am mistaken, but I feel that the people going to such lengths to ward off an attacker and the people who’d want to rely on fTPM with Bitlocker over FOSS full disk encryption with a dedicated passphrase are two entirely separate circles.
> The TPM is not there to protect against NSA, or proverbial $5 wrench attacks but as a thick layer of convenience over the thinner layer of security.
I agree with you there, it is convenience, not security, but as such, should it be any more mandatory than any other convenience feature such as Windows Hello via fingerprint or IR? I’d argue only for newly released hardware, but don’t make that mandatory for existing systems.
Especially since I had one case where fTPM was not recognized, no matter what I did, despite it being enabled in the UEFI and showing up in Windows 10 and on Linux, I could not install 11.
Repeat until password is extracted.
Bitlocker + PIN/password (hence my mention of a pre-boot password) is a good combination that isn't any worse than any "FOSS full disk encryption". Beyond the catchy titles of "Bitlocker hacked in 30s" is the reality that it takes just as many seconds to make it (to my knowledge) unhackable by setting a PIN or password.
Adding the (f)TPM improves the security because you don't just encrypt the data, you also tie it to that TPM, and can enforce TPM policies to place some limits on the decryption attempts.
> it is convenience, not security
It's convenience and (some) security by default. Not great security but good enough for most of those millions of Windows users. The security was the mandatory part, encrypting the storage by default. The convenience was added on top to get the buy-in for the security, otherwise people would complain or worse, disable the encryption. Whoever wants to remove that convenience and turn it into great security sets a PIN.
Point taken though, start with the toes, it gives you more to work with if you have to progress up the leg.