[1] Enforcing this behavior is achieved by loading the hardware with a unique encryption key that is inaccessible to the rest of the system and the owner.
Opponents often state that this technology will be used primarily to enforce digital rights management policies (imposed restrictions to the owner) and not to increase computer security.
The TPM should be[vague] designed to make the extraction of this key by hardware analysis hard, but tamper resistance is not a strong requirement.
Alternatively, the user may use software to modify the operating system's DRM routines to have it leak the song data once, say, a temporary license was acquired.
Using sealed storage, the song is securely encrypted using a key bound to the trusted platform module so that only the unmodified and untampered music player on his or her computer can play it.
Numerous remote attestation schemes have been proposed for various computer architectures, including Intel,[17] RISC-V,[18] and ARM.
[22] Other known applications with runtime encryption and the use of secure enclaves include the Signal messenger[23] and the e-prescription service ("E-Rezept")[24] by the German government.
Trusted Computing would allow companies to create a digital rights management (DRM) system which would be very hard to circumvent, though not impossible.
They also state that it may cause consumers to lose anonymity in their online interactions, as well as mandating technologies Trusted Computing opponents say are unnecessary.
They suggest Trusted Computing as a possible enabler for future versions of mandatory access control, copy protection, and DRM.
Cryptographer Ross Anderson, University of Cambridge, has great concerns that:[10] TC can support remote censorship [...] In general, digital objects created using TC systems remain under the control of their creators, rather than under the control of the person who owns the machine on which they happen to be stored [...] So someone who writes a paper that a court decides is defamatory can be compelled to censor it — and the software company that wrote the word processor could be ordered to do the deletion if she refuses.
Given such possibilities, we can expect TC to be used to suppress everything from pornography to writings that criticize political leaders.He goes on to state that: [...] software suppliers can make it much harder for you to switch to their competitors' products.
For example, a law firm that wants to change from Office to OpenOffice right now merely has to install the software, train the staff and convert their existing files.
The law firm won't in practice want to do this, so they will be much more tightly locked in, which will enable Microsoft to hike its prices.Anderson summarizes the case by saying: The fundamental issue is that whoever controls the TC infrastructure will acquire a huge amount of power.
There are many ways in which this power could be abused.One of the early motivations behind trusted computing was a desire by media and software corporations for stricter DRM technology to prevent users from freely sharing and using potentially copyrighted or private files without explicit permission.
The law in many countries allows users certain rights over data whose copyright they do not own (including text, images, and other media), often under headings such as fair use or public interest.
The steps implicit in trusted computing have the practical effect of preventing users exercising these legal rights.
A number of incidents have already occurred where users, having purchased music or video media, have found their ability to watch or listen to it suddenly stop due to vendor policy or cessation of service,[29][30][31] or server inaccessibility,[32] at times with no compensation.
Such an override would allow remote attestation to a user's specification, e.g., to create certificates that say Internet Explorer is running, even if a different browser is used.
Such a capability is contingent on the reasonable chance that the user at some time provides user-identifying information, whether voluntarily, indirectly, or simply through inference of many seemingly benign pieces of data.
While proponents of TC point out that online purchases and credit transactions could potentially be more secure as a result of the remote attestation capability, this may cause the computer user to lose expectations of anonymity when using the Internet.
By using a third-party Privacy Certification Authority (PCA), the information that identifies the computer could be held by a trusted third party.
The kind of data that must be supplied to the TTP in order to get the trusted status is at present not entirely clear, but the TCG itself admits that "attestation is an important TPM function with significant privacy implications".
People have voiced concerns that trusted computing could be used to keep or discourage users from running software created by companies outside of a small industry group.
[40] In the widely used public-key cryptography, creation of keys can be done on the local computer and the creator has complete control over who has access to it, and consequentially their own security policies.
[46] Since 2004, most major manufacturers have shipped systems that have included Trusted Platform Modules, with associated BIOS support.
There are several open-source projects that facilitate the use of confidential computing technology, including EGo, EdgelessDB and MarbleRun from Edgeless Systems, as well as Enarx, which originates from security research at Red Hat.
Some limited form of trusted computing can be implemented on current versions of Microsoft Windows with third-party software.