undefined | Better HN

0 pointspuzzle7y ago0 comments

Beyond the rethoric, the substance is not very different from RMS' arguments against TPMs, which must be some 15 years old now. You'll have a hard time buying a device today without such a chip.

0 comments

pgeorgi7y ago

I think it's worth noting that the TPM plans of 2003 differ a bit from TPM-as-of-2018.

What was called Trusted Computing, Palladium, TCPA, etc. in 2003 and became known in geek circles as "TPM" is now implemented as TPM + Intel Boot Guard + Intel SGX + Authenticated Code Modules + various other things (and other vendors' equivalents).

The TPM is the most benign part of it all: a slow, passive crypto chip with a small storage that it can hide away from the CPU unless the right system state and keys are presented (although the presented system state might be 100% fake).

asciilifeform7y ago

The Cr50 does not limit itself to user key storage.

It turns the USB-C ports into always-on NSA-keyed backdoors (anyone in possession of the private RSA key, can reflash all three flash ROMs in the machine with whatever he likes, via the external ports, which cannot even be cemented shut, as the machine charges exclusively from USB-C.)

asciilifeform7y ago

Cr50 is quite different from the Infineon et al TPM item commonly found in x86 boxes. It is able to rewrite AP and EC firmware, overriding the advertised write-protect feature; access the microphone; etc.

No reason to take my word for it: I recommend to read Google's source, I have linked to the most interesting routines.

j / k navigate · click thread line to collapse

0 comments

pgeorgi7y ago

I think it's worth noting that the TPM plans of 2003 differ a bit from TPM-as-of-2018.

asciilifeform7y ago

The Cr50 does not limit itself to user key storage.

asciilifeform7y ago

No reason to take my word for it: I recommend to read Google's source, I have linked to the most interesting routines.

j / k navigate · click thread line to collapse