> And please note that they only list big brands leaks. Since you can use any OEM's attestation key, /any/ OEM leak can break those so-called "security protections".
Inevitably though, the price of these will rise, the most capable eyes on the planet will have a few very thorough looks at all the TPM chip firmware they can get their hands on, and eventually platforms will be so secure and the price will be so high the only ones left to have them are three-letter agencies (if even these).
Anti tamper measures have their place - I'd really love to have a device that cannot have a persistent backdoor implanted - but the very second the state of the anti-tamper measure becomes visible to user-level applications, they become an arms race between Big Money (=DRM rightsholders and big game studios) and my freedom.
> I'd really love to have a device that cannot have a persistent backdoor implanted - but the very second the state of the anti-tamper measure becomes visible to user-level applications, they become an arms race between Big Money (=DRM rightsholders and big game studios) and my freedom.
The two can be reconciled by not having any privileged keys baked in by the manufacturer. It's only the manufacturers keeping records of the baked in attestation/signing key(s) that allows for remote attestation to be scaled up into treacherous computing. Otherwise if device owners could generate/load new attestation/signing keys and have them be indistinguishable from any original ones, then that same process can be emulated. This would likely require legislation to reign in manufacturers' desires to retain backdoors, but the point is that it is possible from a technical perspective.
Inevitably though, the price of these will rise, the most capable eyes on the planet will have a few very thorough looks at all the TPM chip firmware they can get their hands on, and eventually platforms will be so secure and the price will be so high the only ones left to have them are three-letter agencies (if even these).
Anti tamper measures have their place - I'd really love to have a device that cannot have a persistent backdoor implanted - but the very second the state of the anti-tamper measure becomes visible to user-level applications, they become an arms race between Big Money (=DRM rightsholders and big game studios) and my freedom.