"Today, most of the major streaming media platforms utilize the TPM to decrypt media streams, forcefully placing the decryption out of the user's control." (from https://www.defectivebydesign.org/dayagainstdrm) I… just… what? This isn't even slightly true. There's plenty of good reasons to object to Microsoft imposing hardware requirements on Windows 11 that aren't strictly required, but *nobody* is doing media decryption on a TPM because TPMs are nowhere near fast enough to do that

There's a universe where TPM-based remote attestation is used to validate the state of the kernel and userland to prove to a streaming media platform that the kernel implements appropriate levels of protection before any media is served to it, but it's not this one - higher levels of Widevine-protected streamed media *are* distributed in a way that can only be decrypted by hardware, but that hardware is the GPU, not the TPM, and the TPM isn't involved at all

Using a TPM for any of this would be much more fragile, easily circumvented, and buy the streaming media companies nothing they don't already have. Claiming TPMs are already used by them is an utterly bizarre claim for the FSF to make. There's no truth to it whatsoever.

@mjg59 the only thing happening in there is like a per-stream key decryption, and even then, airplay does that shit per chunk in the player

@mjg59 widevine just does it all in a proprietary binary or whatever

@durumcrustulum The relevant term of art is "protected video path" - there's a negotiation between the streaming service and the GPU itself, and the media content gets rendered at scanout time, literally never hitting the OS-visible framebuffer (hence screenshots of DRMed content being blank).

(The entire point of the GPU-enabled protected video path is that the decrypted media never hits the OS-visible framebuffer - that's why screenshots of DRMed content under Windows are blank. Using the TPM would mean the decrypted media would be visible to the OS again, making it much easier to scrape)

@mjg59 the FSF seems to continually prove that they understand neither software nor software governance, which is a bit of a dire state of affairs given their ostensible purpose.

@mjg59 how do they make it gpu only?

@sdubinsky Honestly never looked into it, but at a guess the GPU vendors provide keys that are baked into Widevine at the server end

@sdubinsky @mjg59 same way you do hardware video decode for regular video steams (e.g. H.264), except the stream is encrypted and the GPU is factory-programmed with the keys to decrypt it. at a broad level it's roughly comparable to how DVD-CSS worked.

@mjg59 For all the good work the Free Software Foundation has done and organized, they are a political organization and should be treated as such. Particularly in this case, they are a hardline political organization; to them, basically, if something isn't perfect (according to their terms), then it is essentially entirely unacceptable.

Under their current terms, their own work would never have been considered free by themselves for most of the initial development period.

@mkj I'm in favour of them campaigning against proprietary software and DRM, I just want them to be factually accurate in their criticism!

@mjg59 have not read this nonsense about TPM's for some time. picking up the old classics i suppose... and ignores the fact that TPM is more like a protocol than a piece of hardware. that would be a proprietary hell if everyone had (like Apple) their own TPM alike incompatible chips.

@gsuberland @mjg59 TPM goes about 8 months before some earth shattering exploit renders all the hardware obsolete. Stick with gpg.

@Nimbius666 @gsuberland Weird, they've been shipping for 20 years and nothing like that has happened yet

@mjg59 @gsuberland except for the 8 times it did. https://en.m.wikipedia.org/wiki/Trusted_Platform_Module

@Nimbius666 @gsuberland Which of these rendered which hardware obsolete? There's a difference between "Not every threat model is correctly protected against" and "This hardware provides no value"

@mjg59 AFAIK at least Amazon Prime Video requires TPM and a closed source web browser right now; just because you have a decrypt-capable playback stack, this won’t let you play back videos.

I do not know why, but suspect that part of the reason is that there are no decrypting audio chips, and as such, they still want some remote attestation so nobody can record the digital audio output.

Which still is dumb, as one can always grab the analog signal rather easily (even if it were encrypted via something like HDCP, capturing the audio signal by opening the device and connecting something to the speaker wires is still trivial).

@divVerent really? I can find no evidence of this

@mjg59 I have no technical evidence right now, but just remember that it was unusable on all my Linux devices, but worked fine on ChromeOS. Whether or not the monitor was connected via HDMI.

I do suspect some kind of remote attestation thing was used, as it was not even operable using the closed source Chrome browser on Linux.

@divVerent yes, Chrome on Chromebooks implements a stronger level of Widevine than on desktop Linux

@divVerent (it's not remote attestation or TPM based)

@Hunterrules0_o What is your explanation, then?

@Hunterrules0_o that's not what TPMs are most commonly used for in consumer space (well, other than making transparent Bitlocker possible)

@Hunterrules0_o just use a password for what? That doesn't let me protect secrets

@Hunterrules0_o you don't understand what TPMs are typically used for in consumer space

@Hunterrules0_o actually untrue, given that Windows now heavily pushed you into using a PIN for login rather than a password

@Hunterrules0_o that does not match my experience of people using modern versions of Windows - a PIN is both easier and more secure

@Hunterrules0_o scanning for what?

@Hunterrules0_o so scanning for systems that have an open VNC server that's exposing the login screen and then screen scraping and parsing that to identify whether PIN login is enabled?

@Hunterrules0_o I'm going to go with "Systems with unpassworded VNC neither represent typical naive users or users aware of modern security features"

@Hunterrules0_o super secure except you're able to gain access to them over unauthenticated VNC? No.

@Hunterrules0_o how do you know that from the login screen?

@Hunterrules0_o so they weren't at the login screen? That contradicts what you said earlier

@Hunterrules0_o your sample size here is 1?

@Hunterrules0_o all of them logged in and you verified that the user's online accounts all had MFA?

@Hunterrules0_o @mjg59 how do you know the thing you're entering your password into is the real operating system?

@Hunterrules0_o @mjg59 My point was that a password is only secure if you don't reveal it to third parties.

Being sure that the operating system that booted is the one you expect and has not been modified will strengthen password security.

@Hunterrules0_o @jamesh passkeys, which can be locally secured by storing the secrets bound to the TPM with a PIN that locks out brute force attacks

@Hunterrules0_o @jamesh I steal the secret and brute force it with my own software that doesn't impose lockout

@Hunterrules0_o @jamesh a sufficiently complicated password to get into that level of security is much harder to remember than a four digit PIN

@Hunterrules0_o @mjg59 How do you know that your local machine is running the software you think it is? How do you know it hasn't been modified to exfiltrate the secrets once you decrypt them?

@Hunterrules0_o @jamesh so I modify the kernel and reboot

@Hunterrules0_o @jamesh you only need admin level access to replace the bootloader with something that modifies the kernel on boot, but you can't bypass the PIN because the TPM's code can't even be accessed by the kernel

@Hunterrules0_o @jamesh how would it be recognised?

@Hunterrules0_o @jamesh like I've written code that used Windows APIs to replace the bootloader that's entirely legitimate and no antivirus complains about it

@Hunterrules0_o @jamesh well then, your virus sucked. Get good.

@Hunterrules0_o @jamesh (this code has run on millions of machines and never been flagged)

@Hunterrules0_o @jamesh don't know what to tell you, mounting the EFI system partition, dropping a bootloader there, and setting the boot list to run it instead of bootmgfw.efi isn't something AV complains about, and I have millions of systems providing evidence of that

@Hunterrules0_o @jamesh once you're in the kernel AV is irrelevant, you can simply disable it. And something being hard for you doesn't mean it's hard for people who know what they're doing - Microsoft ship debug symbols for the kernel, ghidra is shockingly good, finding any of this stuff and short circuiting it is trivial (I've done this on embedded devices that were much harder to deal with given the lack of debug symbols)

@Hunterrules0_o @jamesh I'm willing to listen to arguments along the lines of "This is not a sensible trade off", I'm going to point out that anyone who argues there's no actual security benefit doesn't know what they're talking about

@Hunterrules0_o @jamesh why? In this scenario what looks malicious?

@Hunterrules0_o @jamesh I mean that's cool but you clearly don't know what you're talking about here

@Hunterrules0_o @jamesh given valid Gmail credentials the least interesting thing I can do is order a package

@Hunterrules0_o @jamesh yeah but that's not what anyone with this capability would be doing

@Hunterrules0_o @jamesh gain access to corporate accounts, use as a spear-phishing vector to deploy ransomware, obtain millions in BTC

@Hunterrules0_o @jamesh what would limit me to any number of machines that small?

@Hunterrules0_o @jamesh which people put their corp email on

@Hunterrules0_o @jamesh and? Simply do not deploy the payload on systems that don't

@Hunterrules0_o @jamesh do you really know nothing about how modern malware distribution occurs?

@Hunterrules0_o @jamesh like I said, I have no objection to people saying the tradeoff isn't worth it, but if you say there's no security benefit you're simply wrong. This is the sort of scenario I'm paid well to defend against.