Comment by john01dav

These so-called security features have wildly different threat models than other security features.

Secure Boot and TPM are ways to attest that what is running is what Microsoft signed. This is only useful if I think that non-nation-state attackers will have physical access to my hardware. Nation-state attackers can probably get something signed with the public secure boot keys. TPM is just more of the same — it lets the software running on a computer verify that it has not been changed from what Microsoft signed. If I controlled the signing key (perhaps every manufactured device has its own key that is sold with the device, which I can then sign whatever OS I want with), then I could gain some security without this control loss, and that would be useful.

Regarding bitlocker, I can encrypt my drive just fine with no TPM as long as I do not expect my OS to be tampered with (which requires physical access or running something untrusted as root). I can simply use a long password with many hash cycles, so if someone stole my drive they could not decrypt it without the password. But, if the key were in the TPM, then nation-state actors could probably get it back out, depending on exact implementation (for example for biometric unlock). So, in this way, using a TPM is less secure.

We should also do away with TPMs in most cases, since all that they serve to do is attest that the corporation with the keys to the TPM decided what was running and that no one interfered with that. It's DRM, plain and simple.

There are other security updates that I may want, however, even if I am not concerned about giving an attacker root of physical access. For example, Windows has had vulnerabilities which can be exploited over a network.