It can (that's why it's being pursued) and that, ironically enough, could even empower decentralized and P2P networks. You're thinking of firmware boot signing and other things that are separate to the TPM chip but even there, you can use your own signing keys. It has nothing to do with "using your own keys" which is out of the domain of what TPMs do anyway, TPMs are always owned by the device user. TPM 1.2 uses SHA1 for everything which is a broken hash function so there is a major difference in robustness between them. In theory it performs just as well as TPM 2.X but they will not be supported because, again, I will not be able to use my own keys. TPMs have been a requirement on PCs since at least 2016 I think, and in reality most came with them before that too (but there's a v1 vs v2 difference). ChromeOS uses the TPM extensively and fully supports remote attestation: I'm pretty sure all Chromebooks have a TPM and it's a firm requirement for making one. > Most Chromebooks themselves don't have a TPMĬitation needed. Maybe the Wild West era of the web was a silly dream fueled by novelty and inexperience and in the future we will look back and clearly see we needed more guarantees regarding web browsing, just like we need a central authority to guarantee and regulate SSL certificates or domain names. Maybe this trusted computing stuff really is what the web is bound to become, either using your certified TPM keys or maybe your Electronic National ID card or maybe both in order to attest the genuineness of the device that is making the requests. Lastly there is the social problem: is DRM the future of the web? In theory it performs just as well as TPM 2.X, but they will not be supported because, again, I will not be able to use my own keys.
I have a few old business laptops at home that have a 1.X version of the TPM. Most Chromebooks themselves don't have a TPM, so even though they are guaranteed updates for 10 years how are they going to browse the web? (maybe in that case Google could actually deploy a software TPM with their keys since it's closed source). The hardware problem is this: you will not be able to use older or niche/independent hardware.Īs we established that software simulation is impossible, this makes a ton of older devices utter e-waste for the near future. But the fact that you would have to use Microsoft's or Apple's keys makes this completely impossible. If you built a kernel module the browser would have no real way of knowing if it sent requests to a piece of hardware or a piece of software. In theory you could simulate via software the workings of a TPM. This is probably the biggest nail in the coffin for a ton of computers out there. The freedom problem is this: you will not be able to roll your own keys. There is a freedom problem, there is a hardware problem and there is a social problem.
0 kommentar(er)
