Post by @LedgeDrop

In reply to 4 earlier posts

@Astertheprince@lemmy.dbzer0.com on lemmy.dbzer0.com Open parent

Denuvo has been broken, company promises countermeasures against new DRM bypasses — zero-day game releases become norm as security concerns mount over hypervisor-based bypass

Open parent Original URL

368

@thedeadwalking4242@lemmy.world on lemmy.world Open parent

On the one hand software freedom. On the other this has me thinking about how fascinating this problem is from academic standpoint. How can you ensure software can ONLY run on the machines you allow? Even if the user has ring 0 access? Is it mathematically impossible to achieve?

Open parent Original URL

@LedgeDrop@lemmy.zip on lemmy.zip Open parent

It’s totally possible to achieve. TPM is the desktop equivalent of the technology that runs on your cellphone to have apps detect if you have an unlocked bootloader or root. It’s the same technology prevents your favorite concole (ie: switch 2, ect) from running pirated games. This improved security does come at a price: we/the users are the enemy and cannot be trusted. This means modifying your system will be prohibited and we (the consumer) will have to trust that Big Tech has our best interests in mind. /s

Open parent Original URL

@SomethingBurger@jlai.lu on jlai.lu Open parent

What’s preventing spoofing this with a fake implementation?

Open parent Original URL

LedgeDrop in !technology

@LedgeDrop@lemmy.zip · 13d

To expand on this a bit: It’s all built on top of the concept of “a chain of trust”, starting at the hardware level. (as mentioned) TPM is a chip that’ll store encryption keys at a hardware level and retrieval of these keys can only happen if the hardware is unmodified. I assume that part of this key is derived from aspects of your OS (ie: all device drivers are signed by MS). The OS will fetch this key, if it’s valid - the OS knows that the hardware is untampered, it can then verify that the OS is unmodified, which can then be used by application to determine that their not modified, etc. Now you could spoof your own TPM chip (similar to how Switch 1’s are chipped/nodded), but the deal-breaker is that when you add your key to the TPM chip, you sign it with a hardware vendor specific public key. And that vendor private key is baked into the hardware (often into the CPU, so the private key never crosses the hardware bus).

View on lemmy.zip

Comments (1)

Showing 0 of 1 cached locally.

Syncing comments from the remote thread. 1 more reply is still loading.

Loading comments...

About Community

Technology

!technology@lemmy.world

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

83897

Members

18814

Posts

Created: June 11, 2023

View All Posts