You misunderstand what owner override is. It's not the ability to disable the TPM from functioning. It's having a way to tell the TPM to attest "yes, this system is totally running Microsoft/Hollywood-approved software" when it really isn't, if that's what the owner wants it to do.
Yeah. There's little point in overriding anything since these days everything requires remote attestation that software hasn't been "tampered with". What good is installing custom software if the applications we need refuse to run because we "tampered" with stuff?
I must misunderstand what override. Wouldn't the "override" term in this case be better served as being called "customised validated attestation state" ? Its doesn't roll of the tongue but correct terms matter.
Then don't run that software or don't buy that hardware in the first place? There are plenty of options here.
A TPMs main role in our current hardware ecosystem is to provide device identity and attestation. This has been driven by businesses that want an easier time to bootstrap hardware for their needs. Which means controlling what software is run on company owned hardware.
All of the FUD about lost of hardware freedom comes some from the fact that IT teams were tired of having to keep inventory and they needed a solution to enable the on boarding and off boarding of hardware. Look at what Apple is doing with their hardware and OS right now. It's not to take away more individual freedoms of their users. It is to help businesses and edu manage their Apple stuff stuff. The other vendors are trying to fix those pain points too.
Managed device attestation is the SBOM new new hotness of 2023 and you don't need to be a big business to take advantage of it.
> Then don't run that software or don't buy that hardware in the first place? There are plenty of options here.
Yeah, right. Just don't use any proprietary software. Just don't use any mobile app. Just don't buy any mainstream hardware and products. Enjoy all those ridiculously old FSF RYF certified laptops that won't run anything requiring the latest cryptographic user control features anyway.
How in the world is this a solution? These corporations should be forced by law not to do this stuff. The hardware and software should be open and free and they should have no choice but to run on it on our terms if they want to reach customers at all.
> Look at what Apple is doing with their hardware and OS right now. It's not to take away more individual freedoms of their users.
You gotta be kidding me. It is literally impossible for a user to run software on an iOS device without Apple digitally signing it. "Manage their Apple stuff"? What a bunch of BS. More like create their own digital fiefdom where they own users, determine what they can and can't do and sell access to them to third party developers like they were cattle.
You said it yourself, it's about "controlling what software is run on company owned hardware". We don't own these devices, the companies do. There is no freedom to be had here, we're all playing on their playgrounds.
Not all proprietary software currently insists that you get into a TPM-mediated Dom/sub relationship with its developers. Its currently possible, and might be ethically necessary, not to buy those ones, and instead to buy the other ones.
But it's also probably important to pursue a political avenue as well. The government should absolutely not be using this stuff, and shouldn't be advising citizens to do it to access government services. We could even pass a law requiring purchased hardware and software to meet a fiduciary standard towards its users.
> You gotta be kidding me. It is literally impossible for a user to run software on an iOS device without Apple digitally signing it. "Manage their Apple stuff"? What a bunch of BS. More like create their own digital fiefdom where they own users, determine what they can and can't do and sell access to them to third party developers like they were cattle.
Then don't buy Apple products? I totally agree with you in spirit in a lot of your points and I want more freedoms on my hardware. I just understand why we are in this situation as users. We don't have the market power like businesses do when it comes to hardware and most consumers don't care or don't understand their loss of freedoms.
> You said it yourself, it's about "controlling what software is run on company owned hardware". We don't own these devices, the companies do. There is no freedom to be had here, we're all playing on their playgrounds.
Yep, 100% agree here. There are zero freedoms when you are using company owned devices. They have every right to lock them down to the playground they desire for their users. The hardware market is building what their end users want. It just so happens their biggest paying end users are businesses.
That argument boils down to "if there's something you dislike about society, feel free to live a hermit life in the woods instead". That's not an argument, that's an ultimatum.
In order to receive my salary, pay taxes, fulfill children's schooling, and a myriad of other things there are plenty of proprietary software involved that requries a full hardware attestation to prove that the no part of the software stack is under user control.
It is completely unfounded to call this FUD. It is a fact of modern life. I do condone it because there are many obvious economic and political problems with it already, and could easily see how it could get much worse before it gets better. So far I have been able to isolate these "0wned" devices from the rest of my digital life, but that rest is getting increasinly marginalized.
The “vote with your feet” argument has always been BS. The trend is overwhelmingly towards the introduction of DRM. It may be that there are options now, but soon there won’t be any.
I can see why people would want that, but I can also see why people would want to have an additional certified copy of an important document, artwork, or piece of sports memorabilia, if that’s what the owner of that object wants.
> certified copy of an important document, artwork, or piece of sports memorabilia, if that’s what the owner of that object wants
I don't see how this is relevant. Real world objects can't be exactly duplicated, certificates of authenticity make sense in that context. Data is just bits, any copy will be exact reproductions. There is no need to certify that.
Yes but I don't see how that's in any way comparable to wanting a certified collector's item.
Validating our software as unmodified is really just digital oppression. It's a violation of our dignity as users and human beings. We have all these corporations shipping literal data harvesting and advertisement displaying malware and there's not a thing we can do about it because they have usurped control of our computers.
Who does this "validation" serve? Not us. It serves the "stakeholders". It gives them confidence that we won't be running software that harms their interests.
Asus talks about how to disable it:
https://www.asus.com/support/FAQ/1047459/
As do many other manufacturers, its a thing.