While TPM allowed users to opt in and out, TPM 2.0 is activated by default when the computer boots up. The user cannot turn it off. Microsoft decides what software can run on the computer, and the user cannot influence it in any way. Windows governs TPM 2.0. And what Microsoft does remotely is not visible to the user. In short, users of Windows 8 with TPM 2.0 surrender control over their machines the moment they turn it on for the first time.Read more.
It would be easy for Microsoft or chip manufacturers to pass the backdoor keys to the NSA and allow it to control those computers. NO, Microsoft would never do that, we protest. Alas, Microsoft, as we have learned from the constant flow of revelations, informs the US government of security holes in its products well before it issues fixes so that government agencies can take advantage of the holes and get what they’re looking for.
Experts at the BSI, the Ministry of Economic Affairs, and the Federal Administration warned unequivocally against using computers with Windows 8 and TPM 2.0. One of the documents from early 2012 lamented, “Due to the loss of full sovereignty over the information technology, the security objectives of ‘confidentiality’ and ‘integrity’ can no longer be guaranteed.”
Elsewhere, the document warns, “This can have significant consequences on the IT security of the Federal Administration.” And it concludes, “The use of ‘Trusted Computing’ technology in this form ... is unacceptable for the Federal Administration and for operators of critical infrastructure.”
Rüdiger Weis, a professor at the Beuth University of Technology in Berlin, and a cryptographic expert who has dealt with Trusted Computing for years, told Die Zeit in an interview that Microsoft wanted to completely change computing by integrating “a special surveillance chip” in every electronic device. Through that chip and the processes of Windows 8, particularly Secure Boot, “users largely lose control over their own hardware and software.”
But wouldn’t it contribute to higher levels of security? Certain aspects actually raise the risks, he said. For example, during production, the secret key to that backdoor is generated outside the chip and then transferred to the chip. During this process, copies of all keys can be made. “It’s possible that there are even legal requirements to that effect that cannot be reported.” And so the TPM is “a dream chip of the NSA.”
Perhaps even more ominously, he added: “The other realistic scenario is that TPM chip manufactures don’t sit within reach of the NSA, but in China....”