zlacker

>>foodst+(OP)
> Remote attestation has been possible since TPMs started shipping over two decades ago.

The difference now is that Microsoft are saying they will only support machines which have these TPMs, and therefore they can credibly argue in a few years that the only secure PCs (and thus the only PCs that ISPs should allow online) are ones which can produce a remote attestation to prove they are running the latest OS updates (from an OS vendor that is approved by the government).

> If Microsoft wanted to prevent users from being able to run arbitrary applications, they could just ship an update to Windows that enforced signing requirements.

The trap hasn't been sprung yet, but those are the teeth, yes. Then say goodbye to Tor, E2E encrypted messengers, unapproved VPN apps, and bittorrent clients that don't check a Content ID database.

>>dane-p+F3
Let's be realistic here. The real competition to Microsoft, Chrome OS, already has a feature to prevent you from delaying updates. It's not a bug or a risk, it's a feature. And it does not require any sort of TPM to be enforced. Microsoft could force all its users to run the latest version, and to run only signed executables today. What Pluton does is it allows those two things to happen more securely.