RIP Microsoft WordPad. You Will Be Missed::It’s truly the end of an era as we say farewell to a real one.

  • Aa!
    link
    fedilink
    English
    311 months ago

    Assuming you use bitlocker on your PC, how do you know the entire content of the TPM (your bitlocker encryption key, etc) cannot be fetched from the TPM by the manufacturer or any third parties they shared it tools and private keys with?

    The TPM specification is an open standard by the Trusted Computing Group, and there are certification organizations that will audit many of these products, so that’s a good place to begin.

    As with any of the hardware in your device, it does require some amount of trust in the manufacturers you have chosen. These same concerns would apply to anything from the onboard USB controllers to the CPU itself. There’s no way to be absolutely certain, but you can do your due diligence to get a reasonable level of confidence.

    And because it is hardware based, how do I as a user know that it does what it claims it does as I would with a software based encryption software that is open source (like truecrypt/veracrypt).

    This is a reasonable thing to think about, although very few individuals are qualified to understand and audit the source code of encryption software either, so in most cases you are still putting your faith in security organizations or the community to find issues.

    When it comes to security, it often comes with a trade-off. Hardware devices can achieve a level of security that software can’t completely reproduce, but they are a lot harder to audit and verify their integrity.

    In any case, the TPM is something that software solutions have to explicitly call in the first place, it isn’t something that activates itself and starts digging into your hard drive. Which means if you don’t want to use it in your security solution, then it will sit there and do nothing. You can keep using your encryption keys in clear memory, visible to any privileged software.

    I don’t know specifically about the XBox and how it uses it, but the TPM absolutely can be used as part of a DRM scheme. Since the TPM can be used to encrypt data with a key that can’t be exported, it could be part of a means to hinder copying of content. Of course this content still has to be decrypted into memory in order to be used, so people looking to defeat this DRM usually still can. DRM as a whole is often shown to be a pretty weak solution for copy protection, but companies won’t stop chasing it just the same.