TPM can be secure. But secure for whom against what? Microsoft and “against you” are not implausible answers to that question…

TPM is not secure. At all. At least when when you’re using Windows.

https://youtu.be/t1eX_vvAlUc

Do you also have a source thats not a youtuber? Would be far more interesting to read on apparently it being a spy chip rather than just a HSM.

Here's a significantly more credible (stacksmashing) video that demonstrates how ineffective some TPM implementations are. If the TPM was integrated into the CPU die, this attack would likely not be possible. https://www.youtube.com/watch?v=wTl4vEednkQ

Despite the TPM being a pretty good and useful idea as a secure enclave for storing secrets, I'm concerned that giving companies the ability to perform attestation of your system's "integrity" will make the PC platform less open. We may be headed towards the same hellscape that we are currently experiencing with mobile devices.

Average folks aren't typically trying to run Linux or anything, so most people wouldn't even notice if secure boot became mandatory over night and you could only run Microsoft-signed kernels w/ remote attestation. Nobody noticed/intervened when the same thing happened to Android, and now you can't root your device or run custom firmware without crippling it and preventing the use of software that people expect to be able to use (i.e. banking apps, streaming services, gov apps, etc.).

Regardless, this is more of a social issue than a technical issue. Regulatory changes (lol) or mass revolt (also somewhat lol) would be effective in putting an end to this. The most realistic way would be average people boycotting companies that do this, but I highly doubt anyone normal will do that, so this may just be the hell we are doomed for unless smaller manufacturers step up to the plate to continue making open devices.

isn't the TPM integrated into the cpu die on many modern systems? i.e. AMD's PSP.

It’s not like these things aren’t publically documented by Microsoft.

You just need to be able to translate their doublespeak.

A tall order, and that's if you can even find it.

Apparently not.

Sure let’s just centralize hardware attestation to Microsoft’s cloud tied to a Microsoft account with keys you can’t change what could possibly go wrong?

This is all publicly documented by Microsoft you just need to translate their doublespeak.

Google is doing does the exact same thing and people were sounding the alarms when they did it but Microsoft gets a pass?

Use ChaGPT to outsource your critical thinking for you because I’m not gonna do it.

I've looked into this fella before because he didn't pass the smell test. He's running a grift selling schlocky cell phones and cloud services. His videos are excessively clickbait-y and show minimal understanding of the actual tech, it's more or less concentrated disinformation and half-understood talking points. GrapheneOS devs also had something to say about him: https://discuss.grapheneos.org/d/20165-response-to-dishonest...

That video contains many specific statements. This comment addresses none of them.

Secure against what threat model?