TPM 2.0 is a must - they said, it will improve Windows Security - they said...

It's quite ironic to say the least: all this modern features being implemented as a new standard for improved security - while latter on - the same features turn-up to be a the ones which make it vulnerable. As was the case with Intel SGX (Software Guard Extensions) - or maybe it would be more accurate to call it Intel Swiss Cheese - since it's filled with holes...


...and their number is piling up....


And now... it's TPM 2.0 turn - which for Windows 11 is even an oficial requirement:


....

Thanks for the links!

neves said:

It's quite ironic to say the least: all this modern features being implemented as a new standard for improved security - while latter on - the same features turn-up to be a the ones which make it vulnerable. As was the case with Intel SGX (Software Guard Extensions) - or maybe it would be more accurate to call it Intel Swiss Cheese - since it's filled with holes...

SGX, Intel’s supposedly impregnable data fortress, has been breached yet again

ÆPIC Leak spills users’ most sensitive secrets in seconds from SGX enclaves.

arstechnica.com

...and their number is piling up....

Intel issues patches for SGX vulnerabilities

Plus bugs squashed in Server Platform Services and more

www.theregister.com

And now... it's TPM 2.0 turn - which for Windows 11 is even an oficial requirement:

New TPM 2.0 flaws could let hackers steal cryptographic keys

The Trusted Platform Module (TPM) 2.0 specification is affected by two buffer overflow vulnerabilities that could allow attackers to access or overwrite sensitive data, such as cryptographic keys.

www.bleepingcomputer.com

....

Click to expand...

I think TPM hardware these days for security --especially as it's been on computers since probably before 2016 - 7 to 8 years is almost a Geological age in regards to modern computing hardware (and even software) is not the way to go.

TPM for me seems a good thing for Russian hackers --TPM = Total Putin Memorial.

Ms needs to get with it on proper security -- if using hardware don't rely on stuff around 7 years old.

But who am I -- an "Ageing" Old School Engineer in the face of "The Mighty Microsoft".



Cheers
jimbo

neves said:

It's quite ironic to say the least: all this modern features being implemented as a new standard for improved security - while latter on - the same features turn-up to be a the ones which make it vulnerable. As was the case with Intel SGX (Software Guard Extensions) - or maybe it would be more accurate to call it Intel Swiss Cheese - since it's filled with holes...

Click to expand...

This

There's two ways to be affected by this vulnerability:


"An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context."


"An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM."

Apparently the vulnerabilities were discovered in late 2022 but published (officially acknowledged and made public) only in 28 February 2023. Supposedly, they delayed the announcement - while trying to find a solution (a way to patch the vulnerabilities in question). Which... they also released "in theory..."


Since so far - there's no patch whatsoever in sight. Not by Microsoft, not by any OEM. Lenovo is the only OEM talking/advising about it:


The irony is still laughable - to say the least... Kinda like hiring a "Security" agency to protect your propriety - only to find out latter that their hiring process - doesn't involve a background check - you can even get hired without presenting an ID (by using an alias). This is particularity outrages while taking into account - that Trusted Computing Group was founded by the big 5 (AMD, Hewlett-Packard, IBM, Intel and Microsoft) - also one of the main reason why it's forced into Windows 11 (each of those companies get their shares out TPM 2.0 sold chips).

As for failures like above - this level incompetence is usually emphasised by one word: Nepotism. As in... let's say you finished top of your class as a software dev or engineer at MIT - which... can be enough to get you a job at Microsoft, Intel, AMD, HP, etc...) - BUT... there's a very slim chance that job will involve an impactful position. Maybe 5 or 10 years latter - you'll advance to a position - which can have a bigger saying. Yet, even then - the final world - will come from someone who may have barely finished the same college (with financial aids from parents - bribing teachers and such) - or someone mediocre at best - THO, this supervisor is related (or a good friend) - with someone from the top of the hierarchy at this companies - and that's what got him hired - even advancing to a top tier position. The one in question may be incapable at his job - but among his team there's 1 or 2 who are actually capable - and those are the ones who carry all the weight of a given project - even sabotaged by their supervisor's ignorance - whom still have the final word in making/taking big decisions (like pushing a product - that's still not properly baked). Not to mention - this supervisors will always take the credit - for a good job done by others (while in the same time - shifting all the blame on the other parties - when things go wrong... despite being the ones who pulled the trigger - by pushing some unfinished product).

It's the way of the world, something you'll see (probably most of you already are - at your workplace - if not actually the privileged party) - even in a small company let alone giants. Just my 2 cents.

That is like saying do not use AV, because one virus got through. Nothing is perfect, but that does not mean, that we should give up on everything. There are many security features and each complements the other. Hardware vulnerabilities are hard to fix, because there is like a decade between the manufacturing of the hardware and it's software counterpart (drivers, OS). Still many of those are blown of proportions. For example I have disabled Spectre mitigations, because the chance of getting affected by it are astronomical, yet the fix can lower perfomance by up to 30%. Those attacks will be used in targeted attacks against enterprises, which have other protections.

TairikuOkami said:

That is like saying do not use AV, because one virus got through. Nothing is perfect, but that does not mean, that we should give up on everything.

Click to expand...

This ^^^

TairikuOkami said:

That is like saying do not use AV, because one virus got through. Nothing is perfect, but that does not mean, that we should give up on everything. There are many security features and each complements the other. Hardware vulnerabilities are hard to fix, because there is like a decade between the manufacturing of the hardware and it's software counterpart (drivers, OS). Still many of those are blown of proportions. For example I have disabled Spectre mitigations, because the chance of getting affected by it are astronomical, yet the fix can lower perfomance by up to 30%. Those attacks will be used in targeted attacks against enterprises, which have other protections.

Click to expand...

Admittedly, Spectre is a big problem; but it is an architectural problem. Comparing faulty hardware to software in this regard doesn't pass for an accurate analogy. TPM is also an architectural thing and that is why it is found on the system board and physical cards with TPM can be purchased. One rarely ever hears of one purchasing a VS card to add to their system board. IMO TPM should be optional. (There was a time when it was.)

Ideally, security features compliment each other but evidently, for well over a decade now, things haven't been going so good for TPM, TPM1.2, and TPM 2. Maybe the 'third' time will be a charm? OR, what is more likely, TPM 3 will simply become another marketing gimmick for rendering otherwise perfectly good and healthy system boards "obsolete"much the same way TPM2 has. Let's be honest: Security features are notorious for generating bottlenecks, conflicts, system failures, and down grading over all performance. I'm not suggesting that all security features should be eliminated for this reason but mitigation at the hardware level should not be a 'hit and miss' scenario. Software can be easily re-written and made to work better. It's not so easy with a system board. Not everyone has thousands of dollars to replace a system board and hardware every three years to get the latest and "greatest" version of TPM which has proven itself time-after-time to be not-so-reliable.

Mitigation should be in the CPU itself and the option to shut it off should be in the BIOS and accessible via UEFI if need be. I'm fed up with paying for "protection" to the corporate syndicate only to have them up the anti while their so-called-protection consistently flounders. I feel as though I'm being held hostage to TPM. I'm trying to avoid a chicken or the egg debate here, but I've been watching this hardware vs software finger pointing game for a very long time now and it's starting to look like a big racket.

Dunno, the 2 vulnerabilities appear to me a huge enough issue to render the TPM 2.0 requirement for W11 pretty much a moot point, i.e. W11 might as well not have the requirement, it wouldn't make a practical difference

I am shaking my head in disbelief, how on earth could a consortium of the best security companies in the world have overlooked this issue

Haydon said:

Dunno, the 2 vulnerabilities appear to me a huge enough issue to render the TPM 2.0 requirement for W11 pretty much a moot point, i.e. W11 might as well not have the requirement, it wouldn't make a practical difference

I am shaking my head in disbelief, how on earth could a consortium of the best security companies in the world have overlooked this issue

Click to expand...

YES!! Precisely my sentiments as well. Evidently the issue is not the issue because if it really were the issue this wouldn't be an ongoing issue. Methinks the real motive behind Win 11 requiring TPM2 is merely to invalidate those systems that aren't using it. A brilliant marketing strategy when you think of what it means: zero liability for all systems that don't use TPM2, a classic scapegoat for both hardware manufacturers and Windows to pin the blame on the consumer, plus a massive incentive to go buy new hardware because who wants an obsolete and "unsecured" system? I know I sound like a conspiracy nut here because Windows would never deceive us and companies like Intel are 100% forthright; but as I stated before, the writing is on the wall and the proof is in the pudding. Verdict: TPM sucks.

Until they can get their stuff together together Windows and the hardware companies need to set this abomination aside. If they must include it then they would do well to include it as an option only and stop trying to make this lame duck mandatory. It's doing more harm than good and it's really messing up productivity. This TPM nonsense is one desperate measure people can do without.

TairikuOkami said:

That is like saying do not use AV, because one virus got through. Nothing is perfect, but that does not mean, that we should give up on everything. There are many security features and each complements the other. Hardware vulnerabilities are hard to fix, because there is like a decade between the manufacturing of the hardware and it's software counterpart (drivers, OS). Still many of those are blown of proportions. For example I have disabled Spectre mitigations, because the chance of getting affected by it are astronomical, yet the fix can lower perfomance by up to 30%. Those attacks will be used in targeted attacks against enterprises, which have other protections.

Click to expand...

Coconuts and Oranges. For your comparison to be valid (similar) - same as with TPM - the Antivirus in question would/should compromise your system - basically - a malicious party using the AV to steal or corrupt data on your system. If that would actually happen - the trust in that given AV would be severely crippled (quite hard to recover/repair their reputation after such incident). So, yes - they would loose most of their clients - switching to a different AV. For example: back in 2019 - Avast was in top of the charts in terms of popularity (for a Free AV - that is) - and yet, was enough for them to be caught doing the same thing as Google, Facebook even Microsoft....


And, despite of removing "the spyware feature" - it took them 3 years to wash their name to some extent (to convince security sites - to still include it in their AV recommendations - even if not at the Top - like they used too). At least enough for their AV products - to still be taken into account by enough people (let alone be considered top tier). Tho, it's mainly ignorance that kept it floating - as in: if you look for an AV on Google Play - Avast is listed among the recommendations - with over 100 millions downloads, yet... it's the same number of downloads it had back in 2019. Thus, for most part - it's mainly people whom are unaware of that incident - people who take that high number of downloads into account - who still bother trying it. They also released a new AV since then called "Avast one" - and that one has only 100k downloads. And again, they're only guilty of same harm as the other big companies (who have a thing for spying/telemetry - which was actuality part of their business model). Now imagine - if instead - that AV would compromise your system. How many would still have enough trust in that AV - to still use it in the future.

No to mention... an Antivirus is a software security app - which, if it happen to miss a Virus - it will probably take couple of days (if not the next day or next hours) - to release a definition for it. While TPM 2.0 is a Hardware Chip - where the chip itself is actually vulnerable. And, as mentioned in previous post - this vulnerabilities were discovered in late 2023 - and still not patched almost 3 months latter. As pointed out even by Sophos:

What to do?​

• Reference implementations aren’t always correct. If you have any hardware or software products of your own that rely on this TPM Library code, you’ll need to patch them. Sadly, the TCG hasn’t yet provided patches to its own code, but has merely described the sort of changes it thinks you should make. If you’re wondering where to start, the libtpms project is a handy place to look, because the developers have already started digging away at the danger-points. (Work your way through at least ExecCommand.c, SessionProcess.c and CryptUtil.c.)
• If in doubt, ask your hardware vendor for vulnerability information. Lenovo, for example, has already provided some information about products that include TPM code based on the reference implementation, and where to look for security bulletins to quantify your risk.
• Avoid letting untrusted callers tell you how to manage memory. If you’re passing buffer pointers and sizes into trusted code, make sure you check and sanitise them as much as possible, even if it comes with a performance cost (e.g. copying buffers in controlled ways into memory arranged to suit your own security needs), before processing the commands you’ve been asked to carry out.

Last but not least TPM is forced upon its users. Was never a popular "choice" - quite the opposite... even beyond bugs - it's not exactly a moral option. Yet, forced... "for profit alone (despite of being a failure)".

Haydon said:

Dunno, the 2 vulnerabilities appear to me a huge enough issue to render the TPM 2.0 requirement for W11 pretty much a moot point, i.e. W11 might as well not have the requirement, it wouldn't make a practical difference

I am shaking my head in disbelief, how on earth could a consortium of the best security companies in the world have overlooked this issue

Click to expand...

Nepotism!

Yet, they'll still keep it around and force it till the end of Windows (on other Operating Systems is only optional) - cause each of its founders...



...get their share of profit - while endorsing it and turning a blind eye.

neves said:

Coconuts and Oranges. For your comparison to be valid (similar) - same as with TPM - the Antivirus in question would/should compromise your system - basically - a malicious party using the AV to steal or corrupt data on your system. If that would actually happen - the trust in that given AV would be severely crippled (quite hard to recover/repair their reputation after such incident). So, yes - they would loose most of their clients - switching to a different AV. For example: back in 2019 - Avast was in top of the charts in terms of popularity (for a Free AV - that is) - and yet, was enough for them to be caught doing the same thing as Google, Facebook even Microsoft....

Avast Scandal: Why We Stopped Recommending Avast & AVG

Our readers have been messaging us and asking why we’re still ranking Avast and AVG on our website, despite them being caught up in a serious scandal. Well, aft

www.safetydetectives.com

And, despite of removing "the spyware feature" - it took them 3 years to wash their name to some extent (to convince security sites - to still include it in their AV recommendations - even if not at the Top - like they used too). At least enough for their AV products - to still be taken into account by enough people (let alone be considered top tier). Tho, it's mainly ignorance that kept it floating - as in: if you look for an AV on Google Play - Avast is listed among the recommendations - with over 100 millions downloads, yet... it's the same number of downloads it had back in 2019. Thus, for most part - it's mainly people whom are unaware of that incident - people who take that high number of downloads into account - who still bother trying it. They also released a new AV since then called "Avast one" - and that one has only 100k downloads. And again, they're only guilty of same harm as the other big companies (who have a thing for spying/telemetry - which was actuality part of their business model). Now imagine - if instead - that AV would compromise your system. How many would still have enough trust in that AV - to still use it in the future.

No to mention... an Antivirus is a software security app - which, if it happen to miss a Virus - it will probably take couple of days (if not the next day or next hours) - to release a definition for it. While TPM 2.0 is a Hardware Chip - where the chip itself is actually vulnerable. And, as mentioned in previous post - this vulnerabilities were discovered in late 2023 - and still not patched almost 3 months latter. As pointed out even by Sophos:

What to do?​

• Reference implementations aren’t always correct. If you have any hardware or software products of your own that rely on this TPM Library code, you’ll need to patch them. Sadly, the TCG hasn’t yet provided patches to its own code, but has merely described the sort of changes it thinks you should make. If you’re wondering where to start, the libtpms project is a handy place to look, because the developers have already started digging away at the danger-points. (Work your way through at least ExecCommand.c, SessionProcess.c and CryptUtil.c.)
• If in doubt, ask your hardware vendor for vulnerability information. Lenovo, for example, has already provided some information about products that include TPM code based on the reference implementation, and where to look for security bulletins to quantify your risk.
• Avoid letting untrusted callers tell you how to manage memory. If you’re passing buffer pointers and sizes into trusted code, make sure you check and sanitise them as much as possible, even if it comes with a performance cost (e.g. copying buffers in controlled ways into memory arranged to suit your own security needs), before processing the commands you’ve been asked to carry out.

Naked Security – Sophos News

nakedsecurity.sophos.com

Last but not least TPM is forced upon its users. Was never a popular "choice" - quite the opposite... even beyond bugs - it's not exactly a moral option. Yet, forced... "for profit alone (despite of being a failure)".

Click to expand...

Hi there

TPM - devices been around since around 2016 (TPMV2) or even earlier (TPM V1.2) so why this is a mandatory choice for latest W11 security baffles anybody even remotely interested in hardware development and security. Hardware around 8 years old is by computing standards a Geological age. We all want better security but "Classical TPM" isn't the way to do it.

However political rants against Ms isn't the solution -- they really aren't "The Evil Empire" as a load of people think they are. -=-Nor is this comment from a load of Press about President Biden --I'm actually 100% neutral about almost everything in US Politics - apart from their dreadful gun control (or lack of it) - but that's up to the electors. I suspect a few here from Texas might disagree with me on that one though. !!

I doubt whether the USA really wants to "Sign the death warrant" on Freedom" - many countries are infinitely worse.





cheers
jimbo

I think what likely happened is that everyone in the consortium relied on everyone else that such obvious buffer overflow issues have 'of course' been carefully looked at.

jimbo45 said:

Hi there

TPM - devices been around since around 2016 (TPMV2) or even earlier (TPM V1.2) so why this is a mandatory choice for latest W11 security baffles anybody even remotely interested in hardware development and security. Hardware around 8 years old is by computing standards a Geological age. We all want better security but "Classical TPM" isn't the way to do it.

However political rants against Ms isn't the solution -- they really aren't "The Evil Empire" as a load of people think they are. -=-Nor is this comment from a load of Press about President Biden --I'm actually 100% neutral about almost everything in US Politics - apart from their dreadful gun control (or lack of it) - but that's up to the electors. I suspect a few here from Texas might disagree with me on that one though. !!

I doubt whether the USA really wants to "Sign the death warrant" on Freedom" - many countries are infinitely worse.

View attachment 54801



cheers
jimbo

Click to expand...

That's just it TPM should have been a thing of the past - but it's still pushed "as a business move". As in... every TPM chip integrated and sold = extra financial gains for those who profit of making/releasing this "outdated & unreliable chips". If TPM was "Optional (as it is on Linux Distros)" - would have probably died by now. Bust since Microsoft - is even enforcing it as an "oficial" requirement - ALL the OEM who want to sell their stuff in 2023 feel compelled to still buy and use this chip with their products (in one way or the other).

That's not to say that Microsoft is Evil (i'm to old for such a term - imbued with ignorance), after all - even Hitler wasn't truly Evil, or Stalin, Mao Zedong, Putin, Trump, Jen-Hsun Huang and so on and so forth... They were/are just humans - with some mental issues (similar to millions of others) - in a "position of power" which they abused/abuse to feed their inner hunger/lackings/chaos or greed. As Jen-Hsun Huang the CEO of nVidia used to say - without an ounce of shame...


Same goes for whoever is taking this top decisions at Microsoft. It's a business... they're trying to max out their profits "however they can" - even that move does not benefit the user (or even has negative impact). You don't make billions of $ by having a moral compass or strong principles (every billionaire has this trait in common). And Bill Gates & his history with Microsoft - is a solid statement in this regard: a stolen idea + top tier marketing and a great sense of business (i give him that) = Microsoft & Windows. Again, BG's moves may be machiavellian - while taking his past into account (retrospective). But, his success is probably less than 20% related to software. And around 80% related to marketing & his sense of business (advertising upon advertising + making connection upon connections). When i was young (and naive) - i used to think it's DirectX and Gaming what made Windows so popular. It's not, quite the opposite... it's cause Windows became so popular (curtosy of BG, his marketing team and business partners - so hey - i am giving credit where credit is due) - most devs from every major Gaming company "felt compelled" - to learn DX and make games for Windows. While further on.... it's also why DirectX of developers kept getting bigger and bigger looking for ways of improve it - till Windows became the most popular gaming OS for PC. That being said... no, i'm not saying that Windows or Microsoft is mainly represented by greed. It's a HUGE company with huge team so - the greedy side is just small part of that. Tho, it is part of the head of Microsoft - so quite impactful - even having the last word. If you're to talking with 90% of Windows Devs (and they'd be honest about it - not afraid to loose their job and such) - the majority would probably be against TPM. And this people are the core of Windows, yet... it's not up to them. Like every other major company - they're compelled to follow the lead of a supervisor (be it a correct move or not - even immoral if you will) and work with what they got or... find another job. This is the way the corporate world (can also apply to small firms - some people will abuse whatever power they get).

So hey, repeat after me: The more you buy... the more you save! Once again... the more you buy... the more you save. Brainwashing is repetition - so again.... the more you buy?! The more you save! And again... The more you buy! The more you save! We should turn this into a song: The More You Buy! The More You Save! The More You Buy! The More You Save! Do it again now...

Haydon said:

I think what likely happened is that everyone in the consortium relied on everyone else that such obvious buffer overflow issues have 'of course' been carefully looked at.

Click to expand...

Just like OpenSSL. Everyone considered it to be safe (open source), yet the bug was discovered after 16 years, by an accident!

neves said:

The irony is still laughable - to say the least... Kinda like hiring a "Security" agency to protect your propriety - only to find out latter that their hiring process - doesn't involve a background check - you can even get hired without presenting an ID (by using an alias). This is particularity outrages while taking into account - that Trusted Computing Group was founded by the big 5 (AMD, Hewlett-Packard, IBM, Intel and Microsoft) - also one of the main reason why it's forced into Windows 11 (each of those companies get their shares out TPM 2.0 sold chips).

Click to expand...

You gotta buy them burgers to go with the chips!

But the whole point is surely that using a hardware device designed and barely changed since 2016 or earlier as a basis for "strengthed security" is just so much B/S -- In any case how much extra security does the standard "Mom and Pop" (non corporate) windowstoday really need.

The main issue today with these types of systems isn't hackers getting at the OS or injecting some eseoteric malware into a part of the CPU that 99.9999% of people have never heard of but in their being scammed and things like identity heft. It's very difficult to stop scams via software -- a lot of it would need to be done by really sophisticated A.I and even at current rate of development this is still years off.

Standard Windows security is more than adequate for most (non corporate / enterprise) users. Anything else is just bonkers, overhype and overkill.

As for "Ethical" businesses not making money -- that's not actually true these days. I'm not sure how you would rate a coffee shop selling (by my standards) a vile "vegan friendly" coffee with goodness knows what vile cows milk alternatives at 9 EUR a cup !!!! but presumably that type of business is probably coining it for example - even if arguably a better environment for the planet in sourcing its products than a more traditional venue. As for coffee you can't beat a double expresso (Italian style of course) at a much less wallet busting price of EUR 0.95 including a glass of iced water .

@Scannerman -- for you !!!

As for Security monitoring --especially when done by "security experts" -- remember "Quis custodiet ipsos custodes " -- Who guards the Guards.


Cheers
jimbo

jimbo45 said:

But the whole point is surely that using a hardware device designed and barely changed since 2016 or earlier as a basis for "strengthed security" is just so much B/S -- In any case how much extra security does the standard "Mom and Pop" (non corporate) windows today really need.

The main issue today with these types of systems isn't hackers getting at the OS or injecting some eseoteric malware into a part of the CPU that 99.9999% of people have never heard of but in their being scammed and things like identity heft. It's very difficult to stop scams via software -- a lot of it would need to be done by really sophisticated A.I and even at current rate of development this is still years off.

Standard Windows security is more than adequate for most (non corporate / enterprise) users. Anything else is just bonkers, overhype and overkill.

As for "Ethical" businesses not making money -- that's not actually true these days. I'm not sure how you would rate a coffee shop selling (by my standards) a vile "vegan friendly" coffee with goodness knows what vile cows milk alternatives at 9 EUR a cup !!!! but presumably that type of business is probably coining it for example - even if arguably a better environment for the planet in sourcing its products than a more traditional venue. As for coffee you can't beat a double expresso (Italian style of course) at a much less wallet busting price of EUR 0.95 including a glass of iced water .

@Scannerman -- for you !!!

As for Security monitoring --especially when done by "security experts" -- remember "Quis custodiet ipsos custodes " -- Who guards the Guards.


Cheers
jimbo

Click to expand...

Reminds me of an old Don Martin's Spy vs Spy comic. (But I digress.) TPM is well over a decade old. If they haven't got the wrinkles worked out of it by now then they never will. It's time to scrap the consortium and come up with a better idea. That is to say, if they're really so dedicated to security at the domestic end user level. Personally, I'm not so convinced that they are. I think these corporate fat boiz are simply just very dedicated to finding new ways of generating bigger profits to keep shareholders happy. Security is secondary. The matter is psychological and it's tried and tested. Security sells. After all who wouldn't trade their personal autonomy for a little more "security"? Even if it's imaginary it makes for a great selling feature. Anyone arguing otherwise has a huge historical track record to refute.

TPM is old and dated and TPM2 is just a patched up rework of the same sinking ship that consistently keeps producing new leaks and generating new headaches. I wonder how many more features Intel is going to have to scrap just to dance to this tune, features that were tried and tested, features that were proven to work well without TPM.

"Trusted Platform Module (TPM) was conceived by a computer industry consortium called Trusted Computing Group (TCG). It evolved into TPM Main Specification Version 1.2 which was standardized by International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) in 2009 as ISO/IEC 11889:2009.[4] TPM Main Specification Version 1.2 was finalized on March 3, 2011, completing its revision." - Trusted Platform Module - Wikipedia

It's old. It's dated. TPM needs to RIP with IDE.

How ironic that they're using an old and outdated idea to render newer hardware obsolete and unusable! What a glorious marketing strategy!

I do agree with the sentiments of this thread, the problem with using hardware as a means of security mitigation is that its often not patchable, so if it gets exploited then the hardware becomes obsolete, add that this consortium is a bunch of companies that make money from hardware sales you can see the obvious problem.

There is so many obvious security issues within Windows (default accounts admin, svchost system, apps been stored in writable user data area %userprofile%, versioned program paths making firewall rules and path based security harder to manage. firewall allowing all outbound by default, SRP/applocker off by default, the list goes on), it feels like they targeting the wrong areas and ultimately TPM has limited benefits.