Microsoft might want to be making Windows 12 a subscription OS

[Kisai]

1 hour ago, jagdtigger said:

That would defeat the purpose of encryption, what you want to back up is your data locally. Not to share the encryption key with a company who did enough things to deserve user distrust....

Emphasis on the "opted into the Microsoft account"

 

If you wanted to keep Microsoft from being able to decrypt your machine, you would have a local account an the machine would not be on the internet.

 

Honestly, I just hate the overall way bitlocker has been implemented, and I think we would have been better off having the hard drives with dedicated cryptography processors that simply query the TPM for the keys on start up. If you pull the hard drives from the server rack, but don't pull the TPM chip from the server, then the drives are useless, and they should be.

 

On a desktop, it's as much work to pull the hard drives out as it is the TPM chip when it's not built into the CPU. When it's built into the CPU, we'll you've screwed yourself using it. Build a new computer and transfer the data off the old computer, then pull the drives and reformat them.

 

Like it should be stated that the CPU fTPM is an incredibly bad idea to use for your disk encryption, because when the chip inevitably dies, or you need to replace the device, you've zero possibility of recovery.

 

Now think of that in a server context where the CPU has to be replaced or the fTPM gets erased by a bad firmware update that wipes or disables it. Now the entire server has been "lost"

 

Either way I firmly believe that:

- home/end users should not use cryptography tools like disk encryption on their toy computers (eg gaming computers) only some SFF computer they keep powered off most of the time sitting in the corner of their office for doing their taxes and banking.

- businesses, in particular, small businesses should not use cryptography tools on their office machines and should require their users to store all business data on the server that is actually encrypted and physically protected (eg mounted to a rack, that is closed and locked, inside a server room that is physically locked.)

 

Once you start making users use disk encryption, the assumption has to be that you would rather destroy the device than recover it. Hence NO DATA you ever want to save should be on it. Certain data is more valuable than others. Having the blueprints to military stuff, yes that laptop should self-destruct if it leaves the care of the person who has it. But then I ask, WHY is this data physically on a computer that is being transported. Why is the user of this device not working on the data remotely? That device when logged in, should connect over a VPN to it's destination and work on the data on the server, it should never touch the local machine.

 

That said, and having experienced a pretty lousy "attempt" at above you can't defeat PEBKAC. You have to go out of your way to actually secure the user's home if they are taking a computer home, you have to ensure that the user can't save anything to the local machine OR ANY CONNECTED HARDWARE that exists in their home. So if they plug their laptop with that has access to Top secret DoD projects once connected to the VPN, the computer should quite literately drop what it's doing if the network connection changes or anything is plugged into the laptop that hasn't been authorized.

 

Compare that to a home user who just wants to play Fortnite. Why the bloody hell would you encrypt the drive of a home user who wants gaming performance? 

 

The Windows OS is massively bloated if all you do is play games, but what are you supposed to do about it? Switch to MacOS? With it's lame GPU performance around that of a GTX 1060 (M2). Switch to Linux that has no native windows game support? MacOS might be a better OS experience than Windows, but Apple has stubbornly refused to release any Mac that could be a gaming computer, unless all you want to do is play games released before 2015. Meanwhile Nvidia's completely hostile approach to supporting Linux they had until last year? 

 

So I don't know. It's hard to see the trajectory of where the PC is going to be in three years. The Steamdeck is not going to automatically make game developers support Linux. But maybe if Apple released it's own M3 "steamdeck-like" device that Steam could run on, then maybe there might be actual options. But the approach taken thus far (Proton) is a bandaid, it will never allow new games that require DRM measures to operate, and unless game developers explicitly target the native Linux that the Steamdeck runs on, this is just a moving the goal posts.

 

In many ways I feel that all the companies out there except Valve are targeting recurring subscription revenue streams, and Valve is the only reason why we haven't seen PC gaming collapse. The problem isn't that Epic's game launcher is a piece of crap along with Ubisoft and EA's, the problem is that people don't want 5 different ways to purchase a game, they want to purchase it once, and play it on everything, and disk encryption is an antithesis of that.

[leadeater]

18 minutes ago, Kisai said:

and I think we would have been better off having the hard drives with dedicated cryptography processors that simply query the TPM for the keys on start up. If you pull the hard drives from the server rack, but don't pull the TPM chip from the server, then the drives are useless, and they should be.

They are called SED's and have their own flaws. Just use different software, not short on choices.

 

18 minutes ago, Kisai said:

Like it should be stated that the CPU fTPM is an incredibly bad idea to use for your disk encryption, because when the chip inevitably dies, or you need to replace the device, you've zero possibility of recovery.

CPU failure rates are the lowest of all PC components, a physical TPM device would be sooo much more likely to fail and you'd be in data loss situation without backups. fTPM is WAY better hardware reliability wise.

 

Your fTPM is not going to fail without the CPU itself doing so.

 

Once you take off DOA failures and only look at active service failures CPUs are below 1% failure rates.

[Kisai]

12 minutes ago, leadeater said:

They are called SED's and have their own flaws. Just use different software, not short on choices.

 

CPU failure rates are the lowest of all PC components, a physical TPM device would be sooo much more likely to fail and you'd be in data loss situation without backups. fTPM is WAY better hardware reliability wise.

 

Your fTPM is not going to fail without the CPU itself doing so.

I disagree.

https://www.tomshardware.com/news/amd-issues-fix-and-workaround-for-ftpm-stuttering-issues

https://arstechnica.com/gadgets/2021/11/intel-releases-patch-for-high-severity-bug-that-exposes-a-cpus-master-key/

 

My point is that we should have had the replaceable TPM chip as the standard instead of constantly having it be an "optional" part that shipped with nothing except some OEM systems

 

So upgrading your computer becomes less of a pain in the butt, just take the TPM and the hard drives and plug it into a new machine. If anything on the MB dies, time for an upgrade. Good luck ever getting that CPU fTPM key without buying the exact same MB again.

 

[leadeater]

31 minutes ago, Kisai said:

I disagree.

https://www.tomshardware.com/news/amd-issues-fix-and-workaround-for-ftpm-stuttering-issues

https://arstechnica.com/gadgets/2021/11/intel-releases-patch-for-high-severity-bug-that-exposes-a-cpus-master-key/

Those aren't fTPM failure and aren't causing problems with any encryption based of them.

 

31 minutes ago, Kisai said:

My point is that we should have had the replaceable TPM chip as the standard instead of constantly having it be an "optional" part that shipped with nothing except some OEM systems

You can have that but you have to accept higher failure rates and loss of access to data due to it, it's not an outright better thing to use a TPM physical device.

 

31 minutes ago, Kisai said:

So upgrading your computer becomes less of a pain in the butt

Step 1, disable the encryption. Step 2 etc literally normal, it's absolutely painless and less than 5 mins extra. Then turn encryption back on.

 

31 minutes ago, Kisai said:

If anything on the MB dies, time for an upgrade. Good luck ever getting that CPU fTPM key without buying the exact same MB again.

If you are worried about hardware failures then physical TPM is much worse. Good data on that is very sparse but they are built to very low cost and I wouldn't be all that surprised if they have higher failure rates than motherboards, if not at least they would be similar which is much higher than CPUs.

 

You should always have a recovery key, Bitlocker and other software have this. Loss of TPM doesn't mean loss of data unless you don't have the recovery key anymore.

 

Physical TPM won't be a thing for long, they are not the choice. You cannot buy a TPM module for any HPE Gen11 server and nether can you for AMD EPYC Gen10, fTPM only and that's how it's going to be going forward. Intel Gen10 was the last generation to support physical TPM.

 

Whatever your preference is you have one choice going forward, fTPM or Pluton or whatever else that will be in CPU. It's kind of a dead end argument realistically.

[jagdtigger]

56 minutes ago, Kisai said:

you would have a local account

And how many r=1 user can and will do the workaround to not get forced into it? This where you argumwnt falls apart.....