What you write is the classic fallacy many make when hearing about TPM, that it only serves to store private keys to do disk encryption/bitlocker. The reason for this is that in the past TPM was mainly used for that, but Win11 wants, finally, to do much more with that TPM.
TPM is a separate hardware chip intended to store private keys, but TPM is not the only one, your bank card is in fact the same, but your Android phone also comes with trusted boot (vs secure boot) and Trusted zone (vs TPM). I assume that with iOS it has long been similar to Android as well.
You need private keys continuously, for example to do disk encryption such as bitlocker, but also the moment you open Tweakers, because then you set up an SSL connection where you exchange public keys in both directions. But also with user accounts and kerberos (active directory) you continuously create private keys. Or if you use biometric login like a fingerprint reader.
The problem is that Windows stores all those private keys in the OS and the word private indicates that it is extremely important that they never leak. The only exception until recently was bitlocker because then you have to store a private key for the OS so you can’t store it in the OS layer either.
Win11 therefore, just like Android has long done, no longer wants those private keys in the OS layer, because the OS layer is always vulnerable. They now all have to be in that digital hardware vault that TPM calls in an X86 environment. And not only for private keys that the OS creates, but also for software such as the private key that you created in your browser when you surfed to this site, so it is made possible via API to also put keys in that vault as an application.
That does cause 1 problem, your OS gives away the private keys to the hardware, so the OS must be able to trust the hardware. And of course someone who wants to get into your system wants nothing more than to frustrate all your private keys, because almost the entire cybersecurity story is based on private & public keys. That is why you have to have a trust between hardware and OS and make sure that there are no unwanted guests in between and then you end up with secure boot for Windows or trusted boot for Android.
That is separate from underlying virtualization & shielding of memory, in short, preventing malware from injecting code into the OS including drivers (which must also support this, so obscure drivers that still worked under Win10 will be removed) as well as preventing applications from running each other. can influence. That in turn requires a series of engineering in the CPU department as well as being able to execute it without performance impact. Given that’s new that Windows uses that, and used to be of no concern to consumers, a lot of CPUs that fall by the wayside.
Then there is one future feature which Win11 does not yet enforce in the official requirements and that is protection of the SMM, which is a mode in which the CPU processes code at the very highest level as well as pauses all other instructions including the entire OS. Used when the CPU overheats so that it can shut down immediately but also for power events under ACPI, USB hotswap and a lot of other things. But SMM mode is also used when things are set on the TPM. It is therefore highly undesirable if malware ends up in that SMM mode.
Intel has SMM protection in their vPro platform since Coffeelake (provided the CPU has vPro in the first place), AMD currently has 0.0, Qualcomm from SD850.
Tweakers may have to do a good deep dive into W11 security.
[Reactie gewijzigd door sprankel op 11 oktober 2021 20:45]