This month I want to highlight an article, Windows 11: TPMs and Digital Sovereignty by Can Bölük, Daax Rynd, and everdox. TPM (Trusted Platform Module) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. TPM allows your device to attest a known, trusted state, and allows operators on the device (such as programs) to decide how to treat the device based on the state.

Windows 11 is creating a mandatory hardware requirement for TPM 2.0; this signals a massive shift that Windows PCs are on the path of becoming a closed platform, much like the iPhone. As mentioned in the April, 2020 Tech Item of Interest (Zoom Privacy and Security Issues), accessibility and security are opposing forces. That which is fully secure is inaccessible, and that which is fully accessible is completely insecure. TPM is not guaranteed bad, however it unlocks the potential for businesses to treat PCs as closed ecosystems, restricting access for only the highest trust profiles, which in turn limits accessibility. As technologists, we should tread carefully when dealing with the security/accessibility trade-offs; oftentimes the customers’ interests are not top of mind.

https://secret.club/2021/06/28/windows11-tpms.html

“So why is the TPM useful? The TPM (along with suitable firmware) is critical to measuring the state of your device – the boot state, in particular, to attest to a remote party that your machine is in a non-rooted state. It’s very similar to the Widevine L1 on Android devices; a third-party can then choose whether or not to serve you content. Everything will suddenly revolve around this ‘trust factor’ of your PC. Imagine you want to watch your favorite show on Netflix in 4k, but your hardware trust factor is low? Too bad you’ll have to settle for the 720p stream. Untrusted devices could be watching in an instance of Linux KVM, and we can’t risk your pirating tools running in the background!”