Windows 11 Now Enforces the Same System Requirements in Virtual Machines - Including TPM

[jagdtigger]

14 minutes ago, leadeater said:

This is a fundamental part of AMD EPYC security processor for fully encrypted VMs

Except this high end business feature wont end up on consumer cpu's, otherwise those would cannibalize their server sales....

[leadeater]

9 minutes ago, jagdtigger said:

Except this high end business feature wont end up on consumer cpu's, otherwise those would cannibalize their server sales....

Nope, nobody going to be doing any serious hosting on Ryzen and this is supported on Ryzen Pro anyway which you can already buy. Why would I buy a single socket server limited to 16 cores when I could get dual socket with 128 cores? Similar answer to TR as well, why limit myself to 64 cores and a platform that isn't good at being a server.

 

They aren't on consumer products because they currently aren't needed and not every CPU die that gets made validates as working with these features enabled.

 

No consumer CPU has ever cannibalized server CPU sales, never will as well.

[Kisai]

15 minutes ago, leadeater said:

 

What??

Someone hasn't been watching the cheaters, that's how -ALL- anti-cheat tools are defeated. Heck that's the same concept that is used to mod Unity games as well, taking advantage of the load order of DLL's.

 

15 minutes ago, leadeater said:

So, and what are you going to do with encrypted data streams you cannot read? Try and retransmit them and then get banned... What is your point here.

My point is that everything I've explained, I've seen tools do, and bots have made no secret of how they operate. That's why when people start claiming it's impossible I call BS. If the decryption key was never available to be read at some point, they would never be able to tamper with the network, but can still tamper with the game memory.

 

Step 1: read the network data before the game client does anything with it

Step 2: Do Evil Plan.

Step 3: replace the network data in the game client before it compresses and encrypts it.

 

You do realize there are entire Winsock LSP's dedicated to Step 1 and 3 back in Windows 7 right? That's how malware manages to "steal" accounts from people foolish enough to run it.

 

 

[leadeater]

2 minutes ago, Kisai said:

Someone hasn't been watching the cheaters, that's how -ALL- anti-cheat tools are defeated. Heck that's the same concept that is used to mod Unity games as well, taking advantage of the load order of DLL's.

Ah no, I've also used cheat tools. What you said literally makes no sense. Injecting DLLs is not patching C++ runtime.

 

2 minutes ago, Kisai said:

If the decryption key was never available to be read at some point, they would never be able to tamper with the network, but can still tamper with the game memory.

Not if you cannot read the game memory. Are you even reading what I said?

[Kisai]

51 minutes ago, leadeater said:

Ah no, I've also used cheat tools. What you said literally makes no sense. Injecting DLLs is not patching C++ runtime.

I don't think we're speaking the same language here, but are talking about the same thing that has different terminology. I explicitly recall the source code of the tool 10 years ago saying "Patching MSVCRT" in it's source, by which it would be doing what Microsoft Detours/Minhook does to redirect and rewrite the functions at runtime without knowing all the functions in the dll it's masquerading as.

 

The current version of said cheat tool for said korean mmorpg that defeats the anti-hacking software. Just uses Minhook.

 

[LAwLz]

4 hours ago, Caroline said:

Too much posts to quote but I'll just say all multiplayer games are literally unplayable at this point, cheaters are just a tiiiny part of a massive problem which is community, simply users in general. This goes from the simple kids saying they'll have sexual intercourse with your mother to idiots who just use the chat to insult anyone who's under their level and creeps who take the game extremely seriously and could go as far as hacking your computer in order to doxx you.

Users like that really make normal people just abandon the game because it's not fun anymore, why would I play something that's full of insufferable freaks? no sense on that.

 

Also, if you're not in a game since day 0 realistically -unless you're a "pro gamer"- there's no chance you can catch up later because of level differences, you start playing and get matched against guys who have played the same for 5+ years and are the highest level.

 

From what I've seen online games are pretty much all the same nowadays, MOBA style or shooters, none is my type. Oh, and let's not forget about launchers, looks like each developer has its own and you need to install all of them in order to play whatever game you want instead of just double-clicking a shortcut on your desktop, it's ridiculous.

 

Therefore, singleplayers are better.

What kind of games are you playing? I don't play a lot of games these days but my experience is completely different from yours. I honestly don't agree with a single thing you said.

 

If you think some kid saying they fucked your mom is an issue that makes the game worth quitting over then you need some thicker skin. Also, I seriously doubt you've had your computer hacked in order to dox you. When someone says "my uncle works at Microsoft and I can hack you" they aren't really serious.

 

I honestly don't think games are that "toxic". All the games I play have really nice communities.

• Genshin Impact? People are really helpful and nice. Even recently when someone joined my world to steal some of my fishes he asked if it was okay first, and then offered to help me in return if I wanted.
• Minecraft? Don't play it much online but people seem nice.
• Overwatch? People always liked me when I played that (probably because I mained Mercy but still). Even my friends that didn't play support characters never got any hate, although that might be because some of them are pretty good at the game.
• Hearthstone? You can only emote so even if someone is being "toxic" it's at best them spamming "well played" a bit, and you can't even spam it.
• Animal Crossing? Everyone is super nice and friendly. But that game really is all about being friendly and helping others.
• D&D? If you find a good group it's great. Finding the group might be difficult. Not because people are assholes (some are but they can get booted from the group), but because it's hard to schedule.
• WoW? Don't play it anymore but everyone was nice back when I played it. If you find a good guild you get a ton of friends as well that you get to learn to know.

Maybe it depends on what games you play, but even back when I was super into Halo I didn't think the players were bad. Sure you got the occasional 12 year old screaming into their mic but even when that occasionally happened it was not a big deal.

 

Also, maybe this is me being inexperienced with modern games, but I feel like the modern games I have tried in the last couple of years have been fairly easy with a really low skill cap. Everything is really slow, people take multiple hits, a lot of things are out of your control, and so on, that it doesn't really matter how good you are. Whenever a new COD or Battlefield comes out it's mostly about learning the new maps and then maybe a couple of weapons, and that's it. You get some practice aiming and so on, and you're set. Of course that doesn't go for all games, there are plenty of games that have a high skill-cap still being released, but overall it seems like the really popular games are easy to learn. Besides, doesn't most games have a hidden ranking system? For example in hearthstone you always meet people that are of a similar skill level as you, even when you don't play ranked.

 

I don't think games are the same either. I am looking at the games on Twitch right now and there are plenty of online games that aren't MOBAs or shooters. Here are some of the games that Twitch brought up as "recommended for you", that people are playing and streaming:

• Genshin Impact - Fantasy/Action RPG in anime style
• Minecraft - Exploring and crafting
• GPA - Realistic RPG
• Gartic Phone - Drawing game
• Among Us - Social/lying game
• Rust - Survival game
• Super Smash Bros - Fighting game
• Fall Guys - platformer / mini-game... game
• Jackbox - Trivia and mini-game... game
• Hearthstone - Card game
• Age of Empires - RTS game

 

Want me to keep going? Because I can. All of these games are fairly new and not the standard shooter or MOBA. 

 

 

The only things I agree with is that launchers are a pain in the ass, and that single player games are better.

[Kisai]

3 hours ago, LAwLz said:

What kind of games are you playing? I don't play a lot of games these days but my experience is completely different from yours. I honestly don't agree with a single thing you said.

This is really starting to derail the topic, but everyone's experience will be different. As they say, if you go looking for trouble you will find it.

 

Quote

If you think some kid saying they fucked your mom is an issue that makes the game worth quitting over then you need some thicker skin. Also, I seriously doubt you've had your computer hacked in order to dox you. When someone says "my uncle works at Microsoft and I can hack you" they aren't really serious.

"Get a thicker skin" isn't advice, it's mockery. Yes, you need a thicker skin to play online because you may be playing against manbabies, but you have to realize the difference between those that are resorting to playground insults, and those who will ACTUALLY HAVE THE MEANS AND OPPORTUNITY TO HARM YOU. 90% of the time, the people you are playing with are there to have fun, but then there are people who go into games explicitly to ruin the fun of others, and that's when doxxing and swatting happens. One of the  big dangers of streaming is that the person you're playing against will stream-snipe you and use information you have publicly available to harm you. 

 

This is why "real name" policies such that Activision-Blizzard and Facebook use, are actively harmful, anonymity doesn't make people play nice, it makes people targets.

 

 

Quote

I honestly don't think games are that "toxic". All the games I play have really nice communities.

• Genshin Impact? People are really helpful and nice. Even recently when someone joined my world to steal some of my fishes he asked if it was okay first, and then offered to help me in return if I wanted.

Genshin is not a MMO. It's at best described as a single-player experience that can be played co-op. Basically it's a MMO-like PvE experience without any of the social aspects.

Quote

• Minecraft? Don't play it much online but people seem nice.

You haven't the slightest idea of what people will do to minecraft players. What happens is trolls want to ruin other peoples fun, login to their server, and blow up their hard work with the dynamite. Similar things happen with Roblox, Terraria, and other "infiniminer" clones. These games are largely targeted at younger teens, but adults want to play in the same sandbox and treat kids with the same level of abuse they treat customer service workers.

 

Quote

• Overwatch? People always liked me when I played that (probably because I mained Mercy but still). Even my friends that didn't play support characters never got any hate, although that might be because some of them are pretty good at the game.

Overwatch is basically a Team Fortress Clone, and has all the toxicity of team deathmatches going all the way back to Doom and Quake. If you only play with friends, you are fine. If you play in anything competitive, you're basically in a soul-destroying endless loop.

 

Quote

• Hearthstone? You can only emote so even if someone is being "toxic" it's at best them spamming "well played" a bit, and you can't even spam it.
• Animal Crossing? Everyone is super nice and friendly. But that game really is all about being friendly and helping others.
• D&D? If you find a good group it's great. Finding the group might be difficult. Not because people are assholes (some are but they can get booted from the group), but because it's hard to schedule.

Perhaps you're not privy to what happened in the streaming D&D scene, but a recent popular D&D DM was found to be abusing around a dozen women off-stream that he had been playing with. And I'm not talking about just "oh you could have made better decisions" but actual gross "why won't you put out" type of aggressions.

 

Quote

• WoW? Don't play it anymore but everyone was nice back when I played it. If you find a good guild you get a ton of friends as well that you get to learn to know.

WoW, FFXIV, and various other MMORPG's all eventually devolve into two camps:

- Hardcore raiders who use all the hacks/mods/parser-cheats they can and claim it as "quality of life improvements", and treat it as competitively as team deathmatch FPS players do.

- Story PvE players who find the the other group immensely toxic and destructive to the game. These are the players who pay the most to just sit in the game and fish/craft, but are chased out by the above and the game developer often ignores their requests for more content "for them" rather than the raiders (who keep getting "harder and harder" dungeons, and no "casual" PvE player can play, because they don't use all the hacks the raiders do.

 

Trust me, I've played enough MMORPG's from Beta to "sunset" and what destroys the game the fastest is unchecked mods/cheats/hacks. Wizardry Online - destroyed by hackers. Mabinogi EU - destroyed by hackers, Archeage (F2P) - overrun with bots, and the English localizer had to basically reboot it and make everyone start over on a non-F2P version. The same thing happens over and over and over, and it's like none of these MMORPG devs have played their competitors games except WoW and FFXIV to learn from their mistakes.

 

Quote

Maybe it depends on what games you play, but even back when I was super into Halo I didn't think the players were bad. Sure you got the occasional 12 year old screaming into their mic but even when that occasionally happened it was not a big deal.

Ask women what happens when they have voice chat on.

 

Quote

Also, maybe this is me being inexperienced with modern games, but I feel like the modern games I have tried in the last couple of years have been fairly easy with a really low skill cap. Everything is really slow, people take multiple hits, a lot of things are out of your control, and so on, that it doesn't really matter how good you are. Whenever a new COD or Battlefield comes out it's mostly about learning the new maps and then maybe a couple of weapons, and that's it. You get some practice aiming and so on, and you're set. Of course that doesn't go for all games, there are plenty of games that have a high skill-cap still being released, but overall it seems like the really popular games are easy to learn. Besides, doesn't most games have a hidden ranking system? For example in hearthstone you always meet people that are of a similar skill level as you, even when you don't play ranked.

The low skill cap is because shooters are largely competitive, and if the skill requirement gets too high, then nobody will join the game, and if long-term players get too skilled, nobody will want to play against them.

 

A game I've been playing recently, Dead by Daylight, has this problem. They re-arranged their ranking system because, quite literately, the matching system would keep pairing unskilled players against highly skilled players, and people ragequit (disconnect) extremely frequently.

 

Quote

I don't think games are the same either. I am looking at the games on Twitch right now and there are plenty of online games that aren't MOBAs or shooters. Here are some of the games that Twitch brought up as "recommended for you", that people are playing and streaming:

• Genshin Impact - Fantasy/Action RPG in anime style

Single-player/co-op RPG

Quote

• Minecraft - Exploring and crafting

Minecraft is largely played single player or community servers the streamer has control over.

 

Quote

• GPA - Realistic RPG

I haven't heard of this one

Quote

• Gartic Phone - Drawing game

This is a web game, and it can get rather raunchy and abusive towards the streamer if they don't curate their players. Most of the time it's streamers playing with other streamers and there is no competative aspect to it. It's playing "telephone" with drawings, and it's meme fuel.

 

Quote

• Among Us - Social/lying game

Among Us is extremely toxic when playing publicly. Most streamers are playing with their friends/mods or their viewers, not randoms.

Quote

• Rust - Survival game

It's super-toxic, and players I've seen play it, quit after they die once.

Quote

• Super Smash Bros - Fighting game

Usually only playing with their audience

 

Quote

• Fall Guys - platformer / mini-game... game

Fall Guys are usually public matches, but due to the prevalance of frequent hackers early on in the game's life, a lot of people quit playing it. It now supports playing custom games with the audience without needing to be friends on Steam

 

Quote

• Jackbox - Trivia and mini-game... game

Jackbox is a HTML5 web-based game (the game host is actually a flash-based game as well) , most games require at least 8 players to start, and playing publicly is basically a risk with most games as they are all user-generated content mechanics. Most of the time players will only be playing with a curated audience, otherwise they're going to get a lot of not TOS-friendly user input.

 

Quote

• Hearthstone - Card game
• Age of Empires - RTS game

 

Want me to keep going? Because I can. All of these games are fairly new and not the standard shooter or MOBA. 

 

Basically, cheating is endemic of MMO games where you can not curate the participants, and all it takes is ONE cheater to wreck the game for the other players. This is why streamers often only play with other streamers because streaming is part of being transparent about not cheating. MMORPG's take cheating to an entirely other level, where bots consume server resources and upset the game economy, modders alter the game so they have advantages over other players in the same content, and raiders berate and mock players who won't break the game's TOS just to play at their level.

 

 

Quote

 

The only things I agree with is that launchers are a pain in the ass, and that single player games are better.

The launchers are the patch tools but also the session generators, if you yoink the session key from the launcher you can basically play without logging in until the game gets a patch. This works with pretty much every game that uses a launcher, and the reason why MFA is a necessity, because if the user downloads a malicious cheat program that sends the session key to someone who has designs on looting the account, that will happen.

 

And a TPM could in theory protect the session key. So YOU could login without having to enter your password repeatedly, but in practice, it's just like the problem with account sharing netflix, if someone plays on two separate machines, they will have to keep relogging in anyway and the TPM use case goes away.

 

What a TPM could in theory do to protect games is protect the login mechanics so that stealing the session key can't be done in the first place, and "launcher" programs are no longer required (they can be patched by the store/steam/etc.)

 

[suicidalfranco]

1 hour ago, Kisai said:

<snip>

 

Tl;dr

You must be fun at parties

You're the kind of people I'll never want to play a game with

[StDragon]

There's a missed opportunity here with regards to anti-cheating in FPS games. Rather then prevent aimbots, there should be aimbot vs aimbot AI competition. 

[jagdtigger]

Anti cheat is just as pointless and ineffective in stopping cheaters as drm stopping pirates.... Same for TPM, there is no way to build protection against human stupidity.

[StDragon]

14 minutes ago, jagdtigger said:

Anti cheat is just as pointless and ineffective in stopping cheaters as drm stopping pirates.... Same for TPM, there is no way to build protection against human stupidity.

It's a numbers game; nothing is 100% effective. But the effort to mitigate can and has proven to pay for itself. Though too draconian and there can be a backlash with toxic PR (Sony, I'm looking at you).

TPM basically replaces the need for a hardware Sentinel HASP USB key (unless portability of the license seat is the objective)

[jagdtigger]

2 hours ago, StDragon said:

unless portability of the license seat is the objective

Conspiracy theory again, but with TPM they can tie the SW to the HW and if it dies they just "SOL buy it again".....

[leadeater]

52 minutes ago, jagdtigger said:

Conspiracy theory again, but with TPM they can tie the SW to the HW and if it dies they just "SOL buy it again".....

They could try it but they'd get their asses spanked so hard through court systems in multiple countries they'd forget what it feels like to sit down.

 

Even Microsoft OEM licenses allows you to transfer it to different hardware and that's a license tied to hardware.

[jagdtigger]

4 minutes ago, leadeater said:

They could try it but they'd get their asses spanked so hard through court systems in multiple countries they'd forget what it feels like to sit down.

Well AFAIK they can do it if they make it crystal clear when you buy the product... But this is going to be rampant (if it happens) with SW that is in a quasi monopolistic situation (windows, office, adobe, etc).

[leadeater]

26 minutes ago, jagdtigger said:

Well AFAIK they can do it if they make it crystal clear when you buy the product... But this is going to be rampant (if it happens) with SW that is in a quasi monopolistic situation (windows, office, adobe, etc).

No I really don't think they can, Windows OEM case and point. They tried that on and backed off it already. Writing stuff in a EULA or ToS is not actually legally binding and is not allowed to nor overrides laws, you cannot agree in a EULA/ToS to give up any legal rights.

 

The Windows OEM license already states it's not transferable and tied to the first system it's installed to with motherboard upgrades not being allowed. In practice this has never been enforceable, with motherboard failures and replacements not being the only example. 

 

One of the primary reasons they cannot is software is not a physical product, it's a right of usage, and so far the only way I know of that companies have gotten away with something like this is for a software that is companion to hardware so the software itself is useless without that hardware. They then release new hardware that doesn't support the old software, nice clean legal slap in the face.

 

Edit:

Also resale or used OEM Windows licenses has already been legally tested in the EU and is allowed, so there's already case law about this.

[Fetzie]

24 minutes ago, leadeater said:

No I really don't think they can, Windows OEM case and point. They tried that on and backed off it already. Writing stuff in a EULA or ToS is not actually legally binding and is not allowed to nor overrides laws, you cannot agree in a EULA/ToS to give up any legal rights.

 

The Windows OEM license already states it's not transferable and tied to the first system it's installed to with motherboard upgrades not being allowed. In practice this has never been enforceable, with motherboard failures and replacements not being the only example. 

 

One of the primary reasons they cannot is software is not a physical product, it's a right of usage, and so far the only way I know of that companies have gotten away with something like this is for a software that is companion to hardware so the software itself is useless without that hardware. They then release new hardware that doesn't support the old software, nice clean legal slap in the face.

 

Edit:

Also resale or used OEM Windows licenses has already been legally tested in the EU and is allowed, so there's already case law about this.

I don't know if it is EU law, but at least in Germany software cannot be locked to specific hardware and, for example Microsoft, has to let you use your Windows 10 license on another PC.

 

It would be an interesting test case if somebody were to challenge a TPM hardware id ban in court over here.

[StDragon]

5 hours ago, leadeater said:

No I really don't think they can, Windows OEM case and point. They tried that on and backed off it already. Writing stuff in a EULA or ToS is not actually legally binding and is not allowed to nor overrides laws, you cannot agree in a EULA/ToS to give up any legal rights.

 

The Windows OEM license already states it's not transferable and tied to the first system it's installed to with motherboard upgrades not being allowed. In practice this has never been enforceable, with motherboard failures and replacements not being the only example. 

 

One of the primary reasons they cannot is software is not a physical product, it's a right of usage, and so far the only way I know of that companies have gotten away with something like this is for a software that is companion to hardware so the software itself is useless without that hardware. They then release new hardware that doesn't support the old software, nice clean legal slap in the face.

 

Edit:

Also resale or used OEM Windows licenses has already been legally tested in the EU and is allowed, so there's already case law about this.

That apples to the EU, specifically Germany. Not so in the US.

 

https://www.microsoft.com/en-us/Useterms/OEM/Windows/10/UseTerms_OEM_Windows_10_English.htm

 

Transfer. The provisions of this section do not apply if you acquired the software in Germany or in any of the countries listed on this site (aka.ms/transfer), in which case any transfer of the software to a third party, and the right to use it, must comply with applicable law.

 

a.      Software preinstalled on device. If you acquired the software preinstalled on a device (and also if you upgraded from software preinstalled on a device), you may transfer the license to use the software directly to another user, only with the licensed device. The transfer must include the software and, if provided with the device, an authentic Windows label including the product key. Before any permitted transfer, the other party must agree that this agreement applies to the transfer and use of the software.

 

b.      Stand-alone software. If you acquired the software as stand-alone software (and also if you upgraded from software you acquired as stand-alone software), you may transfer the software to another device that belongs to you. You may also transfer the software to a device owned by someone else if (i) you are the first licensed user of the software and (ii) the new user agrees to the terms of this agreement. You may use the backup copy we allow you to make or the media that the software came on to transfer the software. Every time you transfer the software to a new device, you must remove the software from the prior device. You may not transfer the software to share licenses between devices.

[leadeater]

2 hours ago, StDragon said:

That apples to the EU, specifically Germany. Not so in the US.

I know but they currently do not enforce it anywhere. An OEM license will happily activate on new hardware with sufficient time between activations and if not you can call MS support and do phone activation.

 

It's just a lot of scary words that they don't actually do.

[Kisai]

On 9/19/2021 at 1:52 PM, Fetzie said:

I don't know if it is EU law, but at least in Germany software cannot be locked to specific hardware and, for example Microsoft, has to let you use your Windows 10 license on another PC.

 

It would be an interesting test case if somebody were to challenge a TPM hardware id ban in court over here.

https://www.windowscentral.com/valorants-windows-11-tpm-gamble

Well, I guess we will eventually see it.

 

Quote

As such, it seemed like an out-of-left-field bit of news when Riot Games' Valorant started requiring TPM 2.0 and secure boot to run on Windows 11. Confusion ran rampant: Was this the beginning of a wave of games racing to catch up with Windows 11's requirements just for the sake of OS adherence, or was Riot spearheading a new breed of anti-cheat initiative?

Definitely the latter.

 

For those who have not played the game, Valorant is already "as bad as denuvo drm" for system invasiveness, using kernel-level components.

 

Gamers Nexus also did a small bit on it.

 

At the same time though, as I mentioned earlier in the thread, vTPM's are a thing, and people who want to cheat/bot/hack a game will resort to VM's to get around it, even if all they're doing is making disposable Win 11 instances.

[jagdtigger]

1 hour ago, Kisai said:

as I mentioned earlier in the thread, vTPM's are a thing

What if someone clears out the TPM/fTPM in their system? In theory that would reset it back to blank....

[Kisai]

2 hours ago, jagdtigger said:

What if someone clears out the TPM/fTPM in their system? In theory that would reset it back to blank....

As per the article, the RSA key is burned into the chip. If you have a removable TPM, you could just swap it out if your PC is banned, but you'd have to de-provision the TPM in Windows first (which can do in 7 and 10) then clear it in the BIOS. The fTPM can probably be reset, but it likely does not reset the RSA key. Which brings about a potential problem on the secondary market where a fTPM has been blacklisted. Apparently (from what I read) fTPM's are software/firmware. So there lies the possibility of probably forcing it to be reset.

https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/msr-tr-2015-84.pdf

 

And compromise...

 

At any rate, the paper mostly talks about ARM, but it's still talking about TPM 2.0 

 

To the extent that I care, for a machine that you or I physically own, I'd rather have the TPM be removable and replaceable over the fTPM which might fail for reasons having nothing to do with normal use and rendering the PC inoperable even if the hard drives are dropped into a replacement computer. I've already personally experienced these problems when I was doing work at the office, and suffice it to say there is a reason why Microsoft pushes OneDrive very hard.

 

 

[jagdtigger]

10 minutes ago, Kisai said:

The fTPM can probably be reset, but it likely does not reset the RSA key.

Since the chip storing the FW is read only the only place it can store is the battery backed ram on the mobo. If you clear that i think the rsa key goes with it. Dont have the time and hw to test it though....

[Guest]

On 9/17/2021 at 6:53 PM, leadeater said:

The code is open under BSD license

Having it under a permissive license like BSD,MIT,Apache doesn`t mean it`s deriatives need to be open source as well (You need to have copyleft license like GNU GPL or GNU LGPL to force it`s deriatives to be free and open source as well). So, Since the license is permissive the vendors who spefically design those TPM`s don`t need to share  the code so, the concept of security through obscurity applies to TPM as you will never know what data of yours they are sending to the NSA.

[Guest]

18 minutes ago, jagdtigger said:

Since the chip storing the FW is read only the only place it can store is the battery backed ram on the mobo. If you clear that i think the rsa key goes with it. Dont have the time and hw to test it though....

Almost every motherboard has a special section called NVRAM which they use to store the secure boot keys (The keys will still be there if you remove the CMOS battery). So, I guess they use the same solution for TPM keys.

[LAwLz]

15 minutes ago, WickedThunder86 said:

Almost every motherboard has a special section called NVRAM which they use to store the secure boot keys (The keys will still be there if you remove the CMOS battery). So, I guess they use the same solution for TPM keys.

In a stand alone TPM (not fTPM) the seed key is burn into the hardware and does not have to be stored into memory at all.