Comment by protocolture
3 months ago
Microsofts idea of security is security from being blamed for large scale breaches. I dont think they think about you or me at all tbh.
My point was, if you dont care about Secure Boot / Bitlocker / TPM2.0, then you probably dont also care about security updates. Not whatever insult you thought I was making.
If your thoughts were terminated, that was entirely self inflicted.
These so-called security features have wildly different threat models than other security features.
Secure Boot and TPM are ways to attest that what is running is what Microsoft signed. This is only useful if I think that non-nation-state attackers will have physical access to my hardware. Nation-state attackers can probably get something signed with the public secure boot keys. TPM is just more of the same — it lets the software running on a computer verify that it has not been changed from what Microsoft signed. If I controlled the signing key (perhaps every manufactured device has its own key that is sold with the device, which I can then sign whatever OS I want with), then I could gain some security without this control loss, and that would be useful.
Regarding bitlocker, I can encrypt my drive just fine with no TPM as long as I do not expect my OS to be tampered with (which requires physical access or running something untrusted as root). I can simply use a long password with many hash cycles, so if someone stole my drive they could not decrypt it without the password. But, if the key were in the TPM, then nation-state actors could probably get it back out, depending on exact implementation (for example for biometric unlock). So, in this way, using a TPM is less secure.
We should also do away with TPMs in most cases, since all that they serve to do is attest that the corporation with the keys to the TPM decided what was running and that no one interfered with that. It's DRM, plain and simple.
There are other security updates that I may want, however, even if I am not concerned about giving an attacker root of physical access. For example, Windows has had vulnerabilities which can be exploited over a network.
> if you dont care about Secure Boot / Bitlocker / TPM2.0, then you probably dont also care about security updates
Huh? I certainly care about the latter but not the former, and I doubt I'm in the minority.
Why, if you dont mind my asking?
And how long would you expect Microsoft to write updates for computers with insecure boot chains, and secure boot chains? How much should they spend on mitigations for classes of attack that you can shut down just by updating? Why would they risk being seen to support a platform, that they consider a potential vector of incredibly bad PR, just for end user convenience? They have been browbeaten into being extremely security conscious, especially after the SMB stuff.
Personally, my Win 10 laptops are becoming Debian laptops as god intended.
> Why, if you dont mind my asking?
Because I care that I'm secure, but I don't care that my computer isn't secure from me.
> how long would you expect Microsoft to write updates for computers with insecure boot chains, and secure boot chains?
Forever, because the same code works for both unless they go out of their way to do extra work for it not to.
> How much should they spend on mitigations for classes of attack that you can shut down just by updating?
There are basically zero attacks against ordinary consumers that SB/TPM protect from. The kinds of attacks regular people need to worry about are resolved through regular updates that don't need those things.
> Why would they risk being seen to support a platform, that they consider a potential vector of incredibly bad PR, just for end user convenience?
What are you talking about? There's no bad PR in allowing SB/TPM to be off. The bad PR comes from requiring them to be on.
> They have been browbeaten into being extremely security conscious, especially after the SMB stuff.
SB/TPM aren't actual security. They're DRM masquerading as security.
> Personally, my Win 10 laptops are becoming Debian laptops as god intended.
That's good, but it doesn't invalidate any of the above.
For secure boot and TPM, I'm not worried about someone breaking into my house and hacking my bios. I'm worried about getting a virus. Secure boot is useless but updates are important.
For bitlocker, I like it. But I use the password version that doesn't need any particular hardware.
How long do I expect updates? Well for starters, not even ten years of support for processors that were state of the art in 2018 is very bad. And windows 10 stopped being the newest option in 2021, so would ten years from that be so burdensome for security updates?
And no it's not a PR risk to release updates for windows 10. You don't need to stretch that hard, please.