Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

But if I never adopt TPM these compromises aren't necessary. Doing so would only give me negatives.


But there isn't a compromise.

You can use the "smartcard part" of a TPM. This gives you secure/non-extractable key storage.

You can use the attestation/trusted computing part of a TPM. This gives you trusted computing, which can be used for DRM, if you install software or use a service using DRM and grant it access to your system. If you don't like that, just don't do that. (Today's DRM solutions don't even use TPMs anymore, for what it's worth.)

If you want/need neither, just use neither!


If everyone were forced to use TPM it probably would still be used as a DRM mechanism. My problem is with enabling the usage in the first place whereas I only have negligible security improvements.

The only think that kept DRM from leveraging it was indeed the low usage in consumer spaces.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: