> If all DVD players came with watermark detection instead of copy protection
That is an enormous "if". Do you think Microsoft is going to or is able to enforce this on every single software provider? Even in your Android example that's just not happening, and you can happily sideload apps. You can still develop your own apps on the same Android phone that you use for banking.
> And sorry but how many people have bypassed Playstations or Switches. This is what you’re talking about. Most people will just accept it.
People accept this with consoles because a console is a device exclusively for consuming media, and all developers apply for a devkit. I just don't see that happening in the PC space. You think Microsoft is suddenly going to dump this on third party software developers and force everyone to go through certification and to buy devkits? Without a mass exodus to Linux?
Google SafetyNet is basically swiss cheese with lots of bypass solutions for custom ROMs.
A TPM may only attest that it has received an expected set of measurements (hashes). As long as discrete TPMs or PCs with unlocked CPUs exist (w/o Boot Guard), one may simply take a TPM and replay "golden" measurements to it. Bypassing this would be trivially easy.
A TPM does not have control over execution on the CPU. It only receives data from the CPU. If you have control over execution on the CPU from the reset vector, you can just replay whatever you want to a TPM and extract secrets that way. That's why TPM backed disk encryption without configuring a PIN is insecure.
Microsoft does not have the same level of control over the entire PC ecosystem as Google has over Android. That's why it's important to support open source alternatives.
Widevine L1 requires a trusted execution environment for decrypting video and only showing it on HDCP monitors. It's built on top of Intel PAVP, AMD secure display, or ARM TrustZone in the case of ARM chromebooks and Android devices. TPM is not involved, except in the ARM case where I believe it is used for antirollback counters (on x86, the security coprocessor would probably have that responsibility).
> Does TPM support/requirements actually have any meaningful impact on a home user?
Disk encryption, Windows Hello and PIN bruteforce prevention. I have no love Microsoft and avoid using Windows whenever I can, but I think making those features accessible to more people is a good thing.
There are none. It's so immensely frustrating to me that so many people believe that a TPM is a DRM device. I'm sure Richard Stallman's Treacherous Computing article played a big part in this.
A TPM is useless for DRM, and there are way more suited solutions like Intel's PAVP that takes an encrypted video stream and puts it on the screen directly, yet I don't see nearly as much uproar about that.
I think if the process was made easy, it would save quite a bit more than 1% of these devices from the landfill, assuming you have enough power users to build a community. Plenty of people flash their chromebooks to MrChromebox UEFI to give them a new life, because it's easy enough for mere mortals, and because Google doesn't lock them down.
I believe if given the tools, people would gladly donate their time to make something fun with it. Heck, that's what I do in my spare time. But it's impossible if everything is completely locked down, as if a music streaming box contains nuclear launch codes that must be protected at all costs.
I firmly believe that permanent key fusing to lock bootloaders should be outlawed. At the very least the keys (and schematics) should be released once the device reaches EOL.
I would like to be able to ensure that only boot loaders signed with my private key can be executed. Secure Boot serves that purpose well, can I do that with your approach?
Likewise, demand and use cases for network boot exist, otherwise it wouldn't be here. Same goes for every other feature most users would consider bloat.
All Zen 1 CPUs and newer have the PSP / ASP security processor which is ARM based and runs before the x86 cores are released from reset. This applies to all Zen models, not just the PRO versions.
The fTPM does indeed run on the PSP, so on the ARM cores, among many other things like DRAM training.
Disappointed with Lenovo's decision to enable PSB on my T14, having previously hoped one day I'd run coreboot on it, I decided to write a checker and crowdsource a list of PSB-enabled devices so that others may avoid buying hardware that disallows custom firmware.
That is an enormous "if". Do you think Microsoft is going to or is able to enforce this on every single software provider? Even in your Android example that's just not happening, and you can happily sideload apps. You can still develop your own apps on the same Android phone that you use for banking.
> And sorry but how many people have bypassed Playstations or Switches. This is what you’re talking about. Most people will just accept it.
People accept this with consoles because a console is a device exclusively for consuming media, and all developers apply for a devkit. I just don't see that happening in the PC space. You think Microsoft is suddenly going to dump this on third party software developers and force everyone to go through certification and to buy devkits? Without a mass exodus to Linux?