undefined | Better HN

0 pointsmjg591y ago0 comments

> What do you mean "too new"? Like, you replaced your TPM? That's a thing on servers, but not laptops.

I buy a GPU in 2025. I buy a new motherboard in 2026 and plug the GPU into it. How does the GPU learn about the new EK CA? These are devices that can be moved between systems, you can't delegate this to the platform vendor or TOFU, the GPU would need to generate independent trust in the TPM.

0 comments

cryptonector1y ago

One way I might handle this would be to have a TPM on the GPU itself. Then you can move the GPU about all you like, and it will work. The GPU would have to implement an API and protocol that allows the DRM site to do attestation via software running on the CPU, but that seems doable.

The other way would be accept that the GPU that the content is to be played on might not be the same as the device on which the TPM exists. You could have the GPU on a computer halfway around the world and use a TPM from another system to which the user account is registered on the DRM site. Not great, but as a form of account sharing and subject to account sharing detection, it's not bad.

mjg59OP1y ago

Why do any of this rather than just have the GPU prove its identity to the streaming platform? You're adding a lot of complexity for no obvious gain.

cryptonector1y ago

Well of course. My comment was about how TPMs could be used but how still you were correct that TPMs aren't the FSF's enemy. I was exploring that space to further show that.

j / k navigate · click thread line to collapse

0 comments

cryptonector1y ago

mjg59OP1y ago

Why do any of this rather than just have the GPU prove its identity to the streaming platform? You're adding a lot of complexity for no obvious gain.

cryptonector1y ago

Well of course. My comment was about how TPMs could be used but how still you were correct that TPMs aren't the FSF's enemy. I was exploring that space to further show that.

j / k navigate · click thread line to collapse