Trusted Computing, Distrusted User


Trusted Computing worries me…

To install the new Windows 11 (which is at the time of writing at beta phase), having an enabled Trusted Platform Module is a requirement. The TPM is nothing new, it was standardised in 2009, chances are it's already embedded in your computer or phone. Up until now however, it wasn't really used apart from some specific cases. However, because Windows 11 requires it, it'll see more use very soon.

The module enables Trusted Computing, a technology invented to ensure a computer behaves in expected ways. Using encryption, it ensures your computer meets the requirements defined by the TCPA. It ensures you computer is 'safe'. In this case it actually means "TCPA-Conform", and the TPM ensures it stays in this state.

What's the problem with that, you might say? It'll only add to my computer's security right? Well, let me explain.

Trusted Computing: How it works

Big players like Microsoft, Intel and AMD are a few of the members of the TCG (former known as the TCPA), and together they invented TC. It has been standardised since 2005 as ISO/IEC 11889 and it was tried to be enforced in law in the CBDTPA, but the bill was killed in 2002. Nonetheless, the technology has been in use since a long time, for example in Windows Bitlocker and Linux Unified Key Setup (LUKS) (partially at least).

The general idea ia that the a specific chip, the TPM (or Fritz-Chip) returns cryptographic keys and/or certificates that are unique per system and per application. This then can be used for the following purposes:

  1. Encrypt / Decrypt data — Protected Storage

    Data can be encrypted and decrypted by application A, but cannot be decrypted by malicious-application B. This improves security, because the key doesn't have to be stored on the harddrive itself.

  2. Confirm Integrity — Integrity Measurement, Reporting and Logging

    The integrity of an application can be checked, because every application gets it's own unique certificate. If the application has been changed without you knowing, the certificate — or it's hash — changes too.

Remote Attestation: The real issue with Trusted Computing

In the first case, Protected Storage, TC seems like a good improvement on security. To us, it's the same as Two Factor Authentication, the "Something You Know and Something You Have"-principle. Since this can be achieved with a simple USB-drive or smartcard, no need for a TPM, let alone a complete new standard.

The second case, Confirming Integrity, is where it gets problematic. Since, the TPM can not know if you changed your application (because you're a tinkerer or developer) or an attacker changed it, it can block you from actually using that application.

The idea of Remote Attestation, where others can tell if your application was changed, makes this even worse. Here too, a TPM won't be able to tell if you — the computer's owner — or an attacker made the changes. Seemingly the application's fingerprint changed, thus the remote application won't send the sensitive data to your compromised system. In other words, you might be blocked to your online banking site, because you're a Linux user.

Also, a TPM will periodically need updated certificates — read: authorisation rules — to know applications that can be trusted. The update process will only be possible for known — proprietary — operating systems. And you have to allow the updates, or some (remote) applications will simply stop working.

In effect, this allows the TCG to prevent use of software not approved by them, unless it has been certified. It gives them an unfair advantage, since they can put any price and conditions to get certified, to get on the "approved" list. Hefty prices may put an end to small Software and Hardware projects, because they probably won't have the funds. No more Open-Source initiatives or DIY tic-tac-toe bootlegs.

When encryption trough TC will be applied to things like email and documents, the hole will get deeper still. Since the keys expire (or renew), your emails will not be readable after a while. Same goes for documents, since these are encrypted for one system and application only. No more opening M$FT Word documents in Libreoffice. No more sharing your written thoughts with others. If the government doesn't agree, they simple push new rules to everybody's TPM and these will simply invalidate your document and every computer will obey.

When it becomes an integral part of the internet, there's no way out. The rules for using a program can be remotely changed and you must accept, otherwise many ­— if not all — programs, will become unusable. To me, this smells of corruption and propaganda, though let's home I'm terribly wrong.

It's not a real problem yet, luckily…

The severity of this issue has also been acknowledged by the EFF, GNU and others. We're lucky the technology doesn't seem to really take off. For example, it seems impractical to implement DRM. There's other implementations, but these are pretty low-level and local only. So for now, no problem yet.

What helps reduce the trust in the TPM is the fact that it was hacked in 2019. Too bad this doesn't stop Microsoft from making it a requirement for Windows 11.

Therefore, we have to stay alert for new attempts to implement Remote Attestation.

How you can escape: Avoid Proprietary Software!

For now, you can escape this all by avoiding proprietary software. This means, avoid all software Closed Source Software, from now on Open Sourced only. Instead of getting used to yet another bloated operating system like Windows 11, install any Linux distribution (Ubuntu is great for beginners). If the step to Linux (or any other free Operating System) is to big, then at least use as much Open Source alternatives, like LibreOffice instead of iWorks for Mac or Office for Windows.

You can also support Defective By Design, a group against DRM software and hardware.


I am most concerned this idea will allow only a few big companies to define the rules in the world of Software and Hardware; Only those able to pay the premium and willing to confirm to all the rules will gain access.

We've experienced this first hand with our Email Service, where we had issues delivering our mails to about 25% of the domains. These however were amongst the most popular domains, counting up to about 80% of all outgoing mails. Turns out we had to get Return Path Certified to solve this issue, they said. Just fork over $ 10k+ and we would be good to go for the year to come, no matter the shit we would send, Inbox placement guaranteed, images and all. Off-course we didn't get certified, we don't want to add to the spam problem Hotmail seems to have. We found a way around the problem.

Our work as a Software Company might face the same issues when this TC really gets its way, and I'm not entirely sure if we'll be able (or willing) to play that game.

Other Sources