Trusted computing: Difference between revisions

(6 intermediate revisions by 3 users not shown)

Line 1:

Trusted Computing is a technology developed by the Trusted Computing Group. It aims to restrict the workings of a computer so that it may only behave in ~~expected~~ ways.

'''Trusted Computing''' is a technology developed by the Trusted Computing Group. It aims to restrict the workings of a computer so that it may only behave in ways allowed by the trust provider.

It is a controversial technology because it can be used to restrict the freedom of the owner of the computer. For this reason it has been dubbed by free software activist Richard Stallman "Treacherous Computing"<ref>{{Cite web |title=Can You Trust Your Computer? |url=https://www.gnu.org/philosophy/can-you-trust.html |url-status=live |archive-url=https://web.archive.org/web/20250729024422/https://www.gnu.org/philosophy/can-you-trust.html |archive-date=2025-07-29}}</ref><ref>{{Cite web |title=Trust me, i'm a computer |url=https://www.scl.org/3835-trust-me-i-m-a-computer/ |url-status=live}}</ref>

It is a controversial technology because it can be used to restrict the freedom of the owner of the computer. For this reason it has been dubbed by free software activist Richard Stallman "Treacherous Computing"<ref>{{Cite web |title=Can You Trust Your Computer? |url=https://www.gnu.org/philosophy/can-you-trust.html |url-status=live |archive-url=https://web.archive.org/web/20250729024422/https://www.gnu.org/philosophy/can-you-trust.html |archive-date=2025-07-29}}</ref><ref>{{Cite web |title=Trust me, i'm a computer |url=https://www.scl.org/3835-trust-me-i-m-a-computer/ |url-status=live}}</ref> If not used with care it can easily result in data loss.

==How it works==

Line 24:

==Why it's considered to be a problem==

One problem is user ownership and freedom. Depending on the device, various user actions may be restricted and or completely prohibited. Installing and using third party and or alternative software from operating systems to applications may be restricted and or completely impossible. Modifying certain system settings may be restricted and or completely impossible.

One problem highlighted by Stallman and others is user ownership and freedom. Depending on the device, various user actions may be restricted and or completely prohibited. Installing and using third party and or alternative software from operating systems to applications may be restricted and or completely impossible. Modifying certain system settings may be restricted and or completely impossible.

~~Another problem is~~ privacy and security. Because of hardware and software level backdoor, an affected system is vulnerable to remote tampering, sabotage and attack, both when the machine is on and off. Data including files and documents can be edited, encrypted and/or deleted without the user's consent nor knowledge. System settings can be edited without the user's consent nor knowledge.

Other highlighted problems relate to privacy and security. Because of hardware and software level backdoor, an affected system could be vulnerable to remote tampering, sabotage and attack, both when the machine is on and off. Data including files and documents can be edited, encrypted and/or deleted without the user's consent nor knowledge. System settings can be edited without the user's consent nor knowledge.

If a login account, such as a [[Microsoft account]] requires credentials stored in the TPM in order to sign in and unlock data encryption keys, then if the computer with the TPM is damaged, the user may not be able to log in to the account, so they can not decrypt the data on their computer. Thus hardware failure that does not affect storage devices directly can result in data loss and loss of any value associated with the account. It is possible to prevent loss by backing up credentials and decryption keys, but Microsoft Windows, for example, does not do reasonable diligence to make sure people use it safely.

==Examples==

Some notable examples include:

* Windows Vista, Windows 7, Windows 8 and Windows RT (They use a Trusted Platform Module to facilitate BitLocker Drive Encryption) <ref>{{Cite journal |title=A Disk Encryption Algorithm for Windows Vista |url=http://download.microsoft.com/download/0/2/3/0238acaf-d3bf-4a6d-b3d6-0a0be4bbb36e/BitLockerCipher200608.pdf |journal=[[Microsoft Corp.]]}}</ref>

*Windows Vista, Windows 7, Windows 8 and Windows RT (They use a Trusted Platform Module to facilitate BitLocker Drive Encryption)<ref>{{Cite journal |title=A Disk Encryption Algorithm for Windows Vista |url=http://download.microsoft.com/download/0/2/3/0238acaf-d3bf-4a6d-b3d6-0a0be4bbb36e/BitLockerCipher200608.pdf |journal=[[Microsoft Corp.]]}}</ref>

* [[Signal data collection|Signal]] messenger<ref>{{Cite web |title=Scaling secure enclave environments with Signal and Azure confidential computing |url=https://customers.microsoft.com/en-us/story/1374464612401582154-signal-nonprofit-azure-security |url-status=live}}</ref>

*[[Signal data collection|Signal]] messenger<ref>{{Cite web |title=Scaling secure enclave environments with Signal and Azure confidential computing |url=https://customers.microsoft.com/en-us/story/1374464612401582154-signal-nonprofit-azure-security |url-status=live}}</ref>

* and the e-prescription service E-Rezept<ref>{{Cite web |title=Confidential Computing soll Patientendaten schützen |url=https://www.healthcare-computing.de/confidential-computing-soll-patientendaten-schuetzen-a-996680/}}</ref>

*and the e-prescription service E-Rezept<ref>{{Cite web |title=Confidential Computing soll Patientendaten schützen |url=https://www.healthcare-computing.de/confidential-computing-soll-patientendaten-schuetzen-a-996680/}}</ref>

*[[Microsoft Windows 11]] requires TPM 2.0 module and Microsoft account for installation.

==References==

~~https://www.slashgear.com/windows-11-tpm-2-0-could-affect-other-software-as-well-05689649/~~

~~https://www.fsf.org/blogs/community/drm-carroll~~

~~https://en.m.wikipedia.org/wiki/Trusted_Computing~~

~~https://www.defectivebydesign.org/what_is_drm<nowiki/>~~{{reflist}}~~https://www.fsf.org/news/treacherous.html~~

~~[https://www.fsf.org/campaigns/campaigns/secure-boot-vs-restricted-boot https://www.fsf.org/campaigns/campaigns/secure-boot-vs-restricted-boo]~~

~~https://www.fsf.org/campaigns/campaigns/secure-boot-vs-restricted-boot~~

~~https://www.fsf.org/blogs/sysadmin/the-management-engine-an-attack-on-computer-users-freedom~~

~~https://www.gnu.org/philosophy/android-and-users-freedom.html~~

~~https://www.gnu.org/philosophy/loyal-computers.html~~

~~https://www.gnu.org/proprietary/proprietary.html~~

~~https://www.fsf.org/campaigns/fight-to-repair~~

~~https://www.gnu.org/philosophy/tivoization.html~~

~~https://foundation.mozilla.org/en/privacynotincluded/~~

~~https://www.ftc.gov/news-events/news/press-releases/2025/01/ftc-states-sue-deere-company-protect-farmers-unfair-corporate-tactics-high-repair-costs~~

~~https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/~~

~~https://wiki.archlinux.org/title/Trusted_Platform_Module~~

~~https://wiki.gentoo.org/wiki/Trusted_Platform_Module~~

~~https://arstechnica.com/tech-policy/2023/04/tesla-sued-after-report-that-workers-shared-invasive-images-from-car-cameras/~~

~~https://replicant.us/~~

~~http://www.trustedcomputinggroup.org/~~

~~https://www.intel.com/content/www/us/en/support/articles/000008927/software/chipset-software.html~~

~~[https://www.fsf.org/campaigns/campaigns/secure-boot-vs-restricted-boot t]~~

[[Category:Common terms]]

@@ Line 1: / Line 1: @@
-{{ToneWarning}}
+{{StubNotice}}
-Trusted Computing is a technology developed by the Trusted Computing Group. It aims to restrict the workings of a computer so that it may only behave in expected ways.
+'''Trusted Computing''' is a technology developed by the Trusted Computing Group. It aims to restrict the workings of a computer so that it may only behave in ways allowed by the trust provider.
-It is a controversial technology because it can be used to restrict the freedom of the owner of the computer. For this reason it has been dubbed by free software activist Richard Stallman "Treacherous Computing"<ref>{{Cite web |title=Can You Trust Your Computer? |url=https://www.gnu.org/philosophy/can-you-trust.html |url-status=live |archive-url=https://web.archive.org/web/20250729024422/https://www.gnu.org/philosophy/can-you-trust.html |archive-date=2025-07-29}}</ref><ref>{{Cite web |title=Trust me, i'm a computer |url=https://www.scl.org/3835-trust-me-i-m-a-computer/ |url-status=live}}</ref>
+It is a controversial technology because it can be used to restrict the freedom of the owner of the computer. For this reason it has been dubbed by free software activist Richard Stallman "Treacherous Computing"<ref>{{Cite web |title=Can You Trust Your Computer? |url=https://www.gnu.org/philosophy/can-you-trust.html |url-status=live |archive-url=https://web.archive.org/web/20250729024422/https://www.gnu.org/philosophy/can-you-trust.html |archive-date=2025-07-29}}</ref><ref>{{Cite web |title=Trust me, i'm a computer |url=https://www.scl.org/3835-trust-me-i-m-a-computer/ |url-status=live}}</ref>  If not used with care it can easily result in data loss.
 ==How it works==
@@ Line 24: / Line 24: @@
 ==Why it's considered to be a problem==
-One problem is user ownership and freedom. Depending on the device, various user actions may be restricted and or completely prohibited. Installing and using third party and or alternative software from operating systems to applications may be restricted and or completely impossible. Modifying certain system settings may be restricted and or completely impossible.
+One problem highlighted by Stallman and others is user ownership and freedom. Depending on the device, various user actions may be restricted and or completely prohibited. Installing and using third party and or alternative software from operating systems to applications may be restricted and or completely impossible. Modifying certain system settings may be restricted and or completely impossible.
-Another problem is privacy and security.  Because of hardware and software level backdoor, an affected system is vulnerable to remote tampering, sabotage and attack, both when the machine is on and off. Data including files and documents can be edited, encrypted and/or deleted without the user's consent nor knowledge. System settings can be edited without the user's consent nor knowledge.
+Other highlighted problems relate to privacy and security.  Because of hardware and software level backdoor, an affected system could be vulnerable to remote tampering, sabotage and attack, both when the machine is on and off. Data including files and documents can be edited, encrypted and/or deleted without the user's consent nor knowledge. System settings can be edited without the user's consent nor knowledge.
+If a login account, such as a [[Microsoft account]] requires credentials stored in the TPM in order to sign in and unlock data encryption keys, then if the computer with the TPM is damaged, the user may not be able to log in to the account, so they can not decrypt the data on their computer.  Thus hardware failure that does not affect storage devices directly can result in data loss and loss of any value associated with the account.  It is possible to prevent loss by backing up credentials and decryption keys, but Microsoft Windows, for example, does not do reasonable diligence to make sure people use it safely.
 ==Examples==
 Some notable examples include:
-* Windows Vista, Windows 7, Windows 8 and Windows RT (They use a Trusted Platform Module to facilitate BitLocker Drive Encryption) <ref>{{Cite journal |title=A Disk Encryption Algorithm for Windows Vista |url=http://download.microsoft.com/download/0/2/3/0238acaf-d3bf-4a6d-b3d6-0a0be4bbb36e/BitLockerCipher200608.pdf |journal=[[Microsoft Corp.]]}}</ref>
+*Windows Vista, Windows 7, Windows 8 and Windows RT (They use a Trusted Platform Module to facilitate BitLocker Drive Encryption)<ref>{{Cite journal |title=A Disk Encryption Algorithm for Windows Vista |url=http://download.microsoft.com/download/0/2/3/0238acaf-d3bf-4a6d-b3d6-0a0be4bbb36e/BitLockerCipher200608.pdf |journal=[[Microsoft Corp.]]}}</ref>
-* [[Signal data collection|Signal]] messenger<ref>{{Cite web |title=Scaling secure enclave environments with Signal and Azure confidential computing |url=https://customers.microsoft.com/en-us/story/1374464612401582154-signal-nonprofit-azure-security |url-status=live}}</ref>
+*[[Signal data collection|Signal]] messenger<ref>{{Cite web |title=Scaling secure enclave environments with Signal and Azure confidential computing |url=https://customers.microsoft.com/en-us/story/1374464612401582154-signal-nonprofit-azure-security |url-status=live}}</ref>
-* and the e-prescription service E-Rezept<ref>{{Cite web |title=Confidential Computing soll Patientendaten schützen |url=https://www.healthcare-computing.de/confidential-computing-soll-patientendaten-schuetzen-a-996680/}}</ref>
+*and the e-prescription service E-Rezept<ref>{{Cite web |title=Confidential Computing soll Patientendaten schützen |url=https://www.healthcare-computing.de/confidential-computing-soll-patientendaten-schuetzen-a-996680/}}</ref>
+*[[Microsoft Windows 11]] requires TPM 2.0 module and Microsoft account for installation.
 ==References==
+{{reflist}}
-https://www.slashgear.com/windows-11-tpm-2-0-could-affect-other-software-as-well-05689649/
-https://www.fsf.org/blogs/community/drm-carroll
-https://en.m.wikipedia.org/wiki/Trusted_Computing
-https://www.defectivebydesign.org/what_is_drm<nowiki/>{{reflist}}https://www.fsf.org/news/treacherous.html
-[https://www.fsf.org/campaigns/campaigns/secure-boot-vs-restricted-boot https://www.fsf.org/campaigns/campaigns/secure-boot-vs-restricted-boo]
-https://www.fsf.org/campaigns/campaigns/secure-boot-vs-restricted-boot
-https://www.fsf.org/blogs/sysadmin/the-management-engine-an-attack-on-computer-users-freedom
-https://www.gnu.org/philosophy/android-and-users-freedom.html
-https://www.gnu.org/philosophy/loyal-computers.html
-https://www.gnu.org/proprietary/proprietary.html
-https://www.fsf.org/campaigns/fight-to-repair
-https://www.gnu.org/philosophy/tivoization.html
-https://foundation.mozilla.org/en/privacynotincluded/
-https://www.ftc.gov/news-events/news/press-releases/2025/01/ftc-states-sue-deere-company-protect-farmers-unfair-corporate-tactics-high-repair-costs
-https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/
-https://wiki.archlinux.org/title/Trusted_Platform_Module
-https://wiki.gentoo.org/wiki/Trusted_Platform_Module
-https://arstechnica.com/tech-policy/2023/04/tesla-sued-after-report-that-workers-shared-invasive-images-from-car-cameras/
-https://replicant.us/
-http://www.trustedcomputinggroup.org/
-https://www.intel.com/content/www/us/en/support/articles/000008927/software/chipset-software.html
-[https://www.fsf.org/campaigns/campaigns/secure-boot-vs-restricted-boot t]
 [[Category:Common terms]]