>>54036048
THANK YOU BASED MICROSOFT

Freetard software always seems to be full of security holes.

>>54036071

Even other freetards agree that Windows is more secure than Linux...

http://www.youtube.com/watch?v=OXS8ljif9b8

File: 1398855713008.jpg (26 KB, 403x373) Image search: [Google]

26 KB, 403x373

>>54036048
tfw the TPM chip shits itself and locks you out of your computer

>>54036048
>trusting a microsoft TPM

>>54036092
Theo de Raadt isn't really a freetard. He loathes Richard Stallman and the FSF.

>>54036071
Are you insane? This could mean the end of hacking software and modding games as we please.
Or if you're a pleb, fewer games and software products to torrent free versions of.

>>54036125
There's literally nothing bad about what you just said. I don't want my passwords and stuff hacked, game mods are a waste of time and only scumbags pirate games and hurt the developers.

Oh yeah, further lock down your operating system, shove "features" down everyones throat and make it even more proprietary!
THATS SURE A GOOD PLAN MR MICROSOFT!

>>54036198
From a certain perspective, you're right. But it will make me very sad not to be able to poke around in programs and figure out how they work.
There's just something wrong about being unable to inspect the code and data running on my own computer.

File: Jon_"maddog"_Hall_gives_Theo_de_Raadt_a_set_of_red_plastic_horns.jpg (135 KB, 1024x768) Image search: [Google]

135 KB, 1024x768

>>54036123
>de Raadt is not a freetard

>>54036048

and sends all your private keys straight to Redmond

>>54036291
>>54036291
>There's just something wrong about being unable to inspect the code and data running on my own computer.

wincucks will argue this

File: 1459252669130.gif (2 MB, 204x255) Image search: [Google]

2 MB, 204x255

>Yes goy, this new computer chip will make your data secure!
>What's that? No we're not looking at your data, I swear goy we would never do that we protect you!
>Telemetry? We want to give you THE best user experience goy, don't you know what's best for you?

>>54036291
>There's just something wrong about being unable to inspect the code and data running on my own computer.
Agreed. The thing is: if the user could disable such feature, a third party could also do it and possibly compromise the whole system.

>>54036095
Just like the iPhone's secure enclave might theoretically shit itself and make your phone unusable. most phones are backed up to the cloud and/or locally on your computer, so it's typically not a problem to restore a phone just by buying a new one and logging in to your account.
With a computer it's a bit riskier, since backing up is never a requirement, so it's up to the end user to ensure that everything's always backed up in case of total hardware failure. This is something you're normally supposed to do though.

>>54036125
MS already took massive backlash when it was revealed that windows store games couldn't be modified by obfuscating the game files, even if all you wanted to do amounted to a .ini tweak. In any case, I think the purpose of his security chip has nothing to do with what software you can run, but to prevent malicious software from taking control of the computer.

>>54036485
>>54036302
They don't need a new hardware feature to do what's already available to them in software. Windows is closed source so you can't tell what it's doing anyway.

Come on m$, just make it mandatory to use a dna check, constant internet access, a webcam and mic as requirement to use windows 10 and be done with it.

Also if any of the above get interrupted or mismatched, access to the computer gets locked and fbi notified.

>>54036198
>game mods are a waste of time
This is a dumb attitude. Sure not every game is moddable but the Windows platform goes too far by completely locking down programs and disabling all hooks into the .exe file. Considering most games have been kept alive far longer than they would normally by modding (Skyrim and old FPS games for example) and graphics mods like SweetFX breathe new life into older games, locked programs actively harm the PC gaming industry.

What effect will this have on duel-booting?

File: tumblr_inline_mqwdadrQEn1qz4rgp.png (21 KB, 160x160) Image search: [Google]

21 KB, 160x160

>>54036048
>letting someone else control your encryption who also uploads and stores your keys on american servers

>>54036485
f*cking epic XD

>>54036742
Mods are stupid for the most part. About 95% of them are just nude mods and other crap like that for sad weirdos and children to jerk off to. Nobody would really miss them if they went.

>>54036812
That's not the point, really. The point is the freedom (heh) the user has to modify a piece of code that's running on their machine.

>>54036048
I guess as win7 stops recieving support it'll be time to switch to linux permanently :/
>games should be played on consoles anyway

>>54036742
They didn't like that gfwl could be overwritten with a dll file, which turned out to be a good thing considering that they fucked all consumers in the ass when they ditched the service and left the games impossible to use otherwise.

So nothing like locking down completely their new service for when they ditch this service as they did before, people cannot use what they paid for.

>>54036812
If you're talking about Bethesda games mods are what makes the games actually playable. Not to mention communities have resurrected games would could have possibly died due to compatibility issues like VtM: Bloodlines or Arx Fatalis.

>>54036236
>TPM
>proprietary
I bet you're one of those hipsters who ironically jerks it to IBM hardware too

>>54036048
pajeet. pls

>>54036785
Only when using the "device encryption" feature in Windows 10 home edition. With Bitlocker (included with Ultimate, Enterprise editions) you have a choice of where your recovery key will be sent. Also, even with "device encryption" it's possible to change your encryption key with the command line, making the recovery key uploaded to Onedrive useless.

>>54036980
Thats what they tell you but you cant be certain what the propriety software is doing.

Thinkpads already come with TPM tho

It's an encryption chip, not a botnet chip. Linux implements it.

>>54036048

So what if you buy a PC with the intension of just installing Linux on it, will this DRM stop you from doing that?

>>54036911
They just can't think properly when they read something that is not "GNU/Linux", "animu", or "RMS".

http://www.businesswire.com/news/home/20150629005263/en/Trusted-Computing-Group-TPM-2.0-Library-Specification

>>54037014
>DRM
Did you fucking read the article?

How nerdy u gotta be to understand this bullshit

>>54036048
How many backdoors does it have?

>>54037128
Not much by the link OP posted.
>>54037451
Check it yourself: https://www.trustedcomputinggroup.org/developers/trusted_platform_module

>>54036048
>this entire thread
>but now I can't mod muh vidya games!!
>hurr proprietary
>this is the end of software modding!
why is /g/ so stupid

File: 1400292568346.jpg (696 KB, 1053x1070) Image search: [Google]

696 KB, 1053x1070

>>54036048
There seems to be some confusion in this thread about what TPM is. The point of it is to securely store encryption keys and verify that the efi firmware hasn't been altered (either by a virus or an "evil maid" attack). It's not a botnet, it's not DRM, it's easily disabled if you want, many linux distros work with it out of the box. You can even add and remove keys to it so you can self sign your efi stubs if you don't trust using MS's keys. TPM has been around for a while, this is just a new version which MS is trying to force companies to include, just like they did for 1.2. They are doing this because even though 2.0 has been around for a while no company wants to implement it because that would involve work and spending money. The reason MS pushes TPM at all is because of how many viruses hide in the MBR/EFI and are loaded before the kernel boots, thus being all but invisible and untouchable. As much as i love to bash MS, this is one of the few times they push something good on the world of computing.

And that whole upload your keys to a server thing is just in windows. I would expect you could opt out but the way MS has been lately maybe not.

To be clear, this isn't going to stop you from modding games, using pirated software, running linux, hell, it likely won't even stop you from pirating windows.

>>54036048
everyone that is falling for this is gonna opt-in automatically into the botnet.
But in all seriousness how will we survive we need another manufacture for free and open hardware

>>54038265
build your own computer if you don't want the microsoft brand auto-backdoor security chip in your pc you lazy futz

File: antimatter-explosion.jpg (399 KB, 2250x1420) Image search: [Google]

399 KB, 2250x1420

>>54036048
>microsoft
>security

>>54037028
>Locking a device to only using a specific OS
>Not DRM

Pick one, retard.

File: 1460383023351.png (182 KB, 619x573) Image search: [Google]

182 KB, 619x573

>>54036048
>tfw refurb lelnovo thinkcentre with windows 10 and this TPM shit enabled
>doesn't have any effect at all on what runs on it

>>54038468
I pick not DRM. It doesn't lock the device. Retard.

>>54038389
>Microsoft is making a hardware-based security feature called TPM (Trusted Platform Module) 2.0 a minimum requirement on most Windows 10 devices. Starting July 28, the company will require device manufacturers shipping PCs, tablets and smartphones to include TPM 2.0.

What part of brands did you not understand?
Most brands will include this stuff and might be even soldered on the motherboard and you can't get rid of it probably.


>>54037967
> It's not a botnet, it's not DRM, it's easily disabled if you want
Well you don't know it isn't a botnet because its closed source, also you don't know if you really can disable it because it isn't being shipped yet.
what do we actually know this chip will do?

>>54038498
>Hardware makers will need to implement TPM 2.0 in the form of chips or firmware. TPM will be activated by default, though it's not certain if users will have the option to disable it.

Users won't be able to disable it, on most devices if it's up to the manufacturer, for certain. Did you even read the article?

R- Retard!

>>54038510
When tpm and UEFI was first pushed there was the same FUD about it not being able to turn it off, being a spy chip, bot net, locking shit down so you cant use linux etc. The only thing that's proven true was that some systems (mainly laptops) didn't support legacy boot and that forced linux users to boot using MS's boot loader for a month or two while devs developed the tools to run linux with UEFI.

I can't say much for sure about 2.0, but according to my router and wireshark there's no strangeness coming from my 1.2 tpm, that doesn't mean there isn't the potential for strangeness, but i'm not going to live in fear of that, especially when modern processors use proprietary microcode and could contain backdoor as well. From what i can tell, even if it bugged and sending info somewhere, all you need to do is have a proper firewall.

>>54036125
How the fuck is TPM going to stop you from modding a game or hack ur anus? If you can read something then you can modify it. In worst case you attach a debugger and inject instructions into running code.

>>54038833

Encryption, do you understand it? Good luck modifying signed code and having it executed.

>>54038939
>run executable
>it gets decrypted
>dump image
>hack ur anus
>create a patched executable circumventing the need of running signed code
Yeah I'm not really seeing the problem. There is no way MS can force users to only run signed code.

>>54038939
The only signed code it's checking is the EFI firmware, it's not verifying every executable run on the machine. That would not only make 99.5% of software not run, but it would make the platform useless for developers. Meanwhile MS just added ubuntu to Win10 to try and win over more developers.

>>54039008
Intel SGX prevents that although that's probably going to get widespread later since there are no consumer CPUs supporting that yet

Basically the idea is to remotely attest using TPM and execute inside an SGX enclave

>>54039080
We are discussing TPM 2.0. Not Intel specific instruction sets and API. And what I gather from that technology is that you only protect certain parts of the code. And there are only exclusive windows tools at the moment. My guess is that there are significant performance penalties to use that technology.

>>54036092
>OpenAutism
No thanks

>windows 10 to decide which parts of the hardware market succeed
>windows 10 to predict market interest


dude microsoft is going to make a killing by fucking up the markets... all markets, at that.

BOTNET
O
T
N
E
T

>>54036123
That's because he believe in real freedom. The freedom of choice to do whatever man pleases. FSF and rms promote communism.

>>54039186
>Not Intel specific instruction sets and API

What makes you think AMD won't bend over and do the same?

>And what I gather from that technology is that you only protect certain parts of the code.
>My guess is that there are significant performance penalties to use that technology.

That's enough to protect software. Take VM-based protections like Themida, VMProtect, Securom and Denuvo for example, they obfuscate critical code parts (like initialization functions, license checks etc.) by transforming them into virtual machine instructions which decreases performance because you need to run an interpreter every time that code gets "executed" (so obviously you can't VM the entire program). You need to figure out the VM to do anything with the code and fool the license check, SGX would do the exact same thing except instead of virtualizing the code it would just encrypt it. You can figure out the VM given enough effort, but you can't decrypt the code (unless you extract the key from hardware) in case of SGX.

>>54036048
Ironically, OP, that's an Infineon TPM 1.2 FW3.19 on the Asus 19-pin module. Still uses SHA-1, that's why they require 2.0.

However, if you're running a modern Intel chipset, there's already a virtual TPM 2.0 implemented in the Intel ME firmware (ARC chipset), which actually does have a small amount of EEPROM.

AMD's Zen chipset will have one (Platform Security Processor) like that too. I hope they open the firmware: we'd like to audit it...

>>54036911
Anon's not wrong, it does run proprietary firmware (albeit quite well audited). There's an open software implementation somewhere but that's only useful for emulation.

>>54037014
No. >>54037967 is correct, and the upload your keys to an MS server thing actually doesn't happen with Bitlocker when a TPM is enabled in Windows Pro.

Why do you need a TPM? Because it's surprisingly hard on modern hardware to actually, securely delete things like ephemeral encryption keys. EEPROM is one of the few older things that can: NAND Flash cannot, and hard disks cannot reliably. RAM cannot either. It's just a little embedded chip that runs its own firmware that you can talk to and ask to store and seal keys - or not.

>>54039069
Um, bad news: it actually does NOT check signatures on the EFI firmware. You can MiTM it and do replay attacks, even with TPM 2.0. It believes you are sealing what you are sealing. TPMs are orthogonal to Secure Boot.

>>54039080
The SGX spec isn't fully finalised: it's already been partially broken.

>>54039304
Off-topic, but Denuvo's not VM. It's a function mutation engine which obfuscates using a whitebox AES implementation. You could break it with whitebox side-channels, and then remove it with superoptimisation.

>>54036198
"Heart the developed"
Listen you naive fag, intead of repeating what you heard on the Internet why not use selfdetermination for a change
Big companies game pay the developes, the money you pay goes to the fuckers producers, remeber? The scumbags who rush game developers and ruined games?

>>54036071
TPM also works with the Linux kernel. We have it on every workstation at the office. TPM has zero to do with anything botnet related, even by /g/ definition.

>>54039304
>What makes you think AMD won't bend over and do the same?
Licensing. It's basically a way for Intel to corner the market for certain applications. SGX screams "you need to use this hardware dongle to use our super expensive CAD software".

>That's enough to protect software
It will no doubt make it harder but is there even one software protection scheme that hasn't been broken or side channeld so far?

>>54039421
well I mean sure... except that it could easily offer a hardware backdoor.

and because it's all muh security, nobody will be surprised when you can't look inside.

Perfect place to put a backdoor.

Time to go full freetard i guess

>>54039383
>Off-topic, but Denuvo's not VM. It's a function mutation engine which obfuscates using a whitebox AES implementation. You could break it with whitebox side-channels, and then remove it with superoptimisation.

Why do every piece of information about it I see mentions it having a VMProtect-like VM? Is it some kind of decoy?

>>54036048
Nobody uses TPM though

>>54036048

> little crystal oscillator seatbelt

cute

>>54039234

Enjoy your binary blobs and buffer overflows.

>Secure

From everyone except Microsoft itself, maybe

Why should one trust the "trusted" platform module again?

>>54041158
If you hold its key, you can trust it. If Microsoft holds its key, they can trust it. One feature in the spec is you can unprovision and reprovision it with a different key. When unprovisioned, it forgets all keys that were previously in it. So, you can reset it and make it obey only you, but you cannot get keys out of it that were put in when it was not under your control.

>>54036048
>More secure
I'm the one that won't buy a new CPU when it requires Windows 10

Seems like Linux niggers think that TPM is Secure Boot 2.0 that will disallow installing Linux on devices. Ignorant twats.

>>54036092
>open-anus placebo
KEK

>>54042647
Fuck off terry, sane people are talking.

File: 1457657601557.jpg (114 KB, 720x480) Image search: [Google]

114 KB, 720x480

As and IT in the medical field, I love those TPMs. We used to have to use TrueCrypt but with a TPM and Windows 10, my offices can pass the strictest of security audits and it's all AD/GPO integrated. If consumer level hardware ships with TPMs too, I might start letting them BYOD.

>>54036092
>bsd
>freetard
I don't think you know your memes

>>54036048
I actually have a question. Now that my attention has been bought to this is it possible to use a TPM from one manufacturer on a different manufacturer's motherboard?

>>54036301
hes just a retard instead

I work for IT in gov and the amount of times bitlocker goes off for no reason is like at least 10 times a week.
Nobody is going to know wtf a bitlocker code is and they definitely won't have it saved somewhere useful.
It's gonna be fucked.

>>54036291
This will encourage stagnation. It will create a divide between end users being unable to become interested in software development through home brew projects and it will force tinkering types to either give up their hobby or join an industry that unilaterally controls everything.

Hacking is what brought us the best devices and software, and often brewed by users, not corporate employees. You would have us at an end for technology.

>>54038553
TPM is not some special new thing, it is likely on your linux running chinkbook. The problem is that sometimes it trips for arguably no reason and then you need to use the 25-digit "oh fuck where did I write that down, fuck i am fucked" code.

This isn't going to lock you to Windows. This will just make Windows, if you wish to use it, more secure.

>>54043965
Since nobody is answering I guess I'll have to take one for the team.

>>54043965
Yes, TPM modules are based on a general design requirement. Like cables.

>>54036048


Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.

>>54045612

>le fake benjamin franklin quote

>>54041298
>so you can reset it and make it obey only you
And here we have the utmost essential core piece of functionality. If you can do this, the TPM chip is a nice feature. If you cannot, it is an abomination that must be destroyed.

>>54037012
You can use it to store SSH keys securely. The authentication would be done within the TPM without the risk of leaking keys.

>>54042945
>BYOD
kek

>>54036048
Didn't they already announce this a year ago?

The TPM is one of those things.
It has a great potential to do good, but in reality, it will probably only really be used by propriatary software against the user.

I'm not against that though, as it'll hopefully drive people further away from nonfree software.

>>54045793
Precisely.

>>54045942
This guy has the right idea. All sorts of client keys can be stored in it securely. It could also for instance be used to secure a password manager or a bitcoin wallet.

>>54046071
>it will probably only really be used by propriatary software against the user
Only if everyone who doesn't want it as DRM disables it instead of realizing how useful it could be and making software to do good things with it.

Reeeeeeeeeeeeeee

>>54046128
>Only if everyone who doesn't want it as DRM disables it instead of realizing how useful it could be and making software to do good things with it.
I don't use nonfree software, so I'd have no reason to disable it.
It'll only make the more reasonable GNU/Linux distros even more attractive.