The Dangers of Microsoft Pluton

nowadays 98% of things implying "security" are actually unwanted products, protections for "the other side" or trivial distortions of reality where, conveyed by "security" itself, the user himself becomes the product

- no, I don't need protections for the side channel, I never asked for them

- no, I don't need a unique identifier, who is the demented person who asked you for it

- no, I am not going to glitch the power supply, and even if I did it means I am interested in doing it and wish it worked instead I was prevented from doing it

- no, I don't care at all about having a hw store for certificates, which are ephemeral and dropped from above anyway so what am I supposed to trust?

- and so on

"not secure by design" nowadays comes close to being a coveted feature

Security has degraded to snake oil on a lot of topics. Boot infection are really rare and the whole TPM module isn't really needed in my opinion and I don't want it either for my systems. There are edge cases and sensible applications, but I don't want to see it as standard.

> Boot infection are really rare

Gee I wonder why. /s Such statements are tedious to say the least, preventions have been implemented, obviously it curtails such abuse, obviously that reduces frequency.

> the whole TPM module isn't really needed in my opinion

It's nice that you have no key material that would need to be kept strictly on the device, but a lot of users actually do. We don't want people's Webauthn tokens carried away, we don't want Bitlocker keys stolen, most certainly we do not want biometric authentication data stolen. Maybe you have reduced that risk to near zero, but that's not the case for the vast majority of users.

> Gee I wonder why

The frequency dropped even before TPM was deployed on most machines and I guess most systems still haven't it enabled today. Reason for that is that there are simply more direct and profitable ways to get system access, see most applications of ransomware for example.

> It's nice that you have no key material

You can use many different types of authenticators. If you use Windows Hello you need TPM and they try to hinder you adding alternative means without TPM being activated. But that is a different story and solely on Microsoft. No need to falsely or passive aggressively suggest that a system would be insecure without these specific means.

> The frequency dropped even before TPM was deployed on most machines

I interpreted your sentence as two disjoint statements and thought you find UEFI/SB and TPMs all useless. But yes, it indeed started dropping before. TPMs don't deal with that topic unless we're speaking of Trusted Boot, which is a whole separate concept.

> [...] hinder you adding alternative means without TPM being activated. But that is a different story and solely on Microsoft.

No it's not solely on Microsoft. If there isn't a safe place to store keys, it makes sense to dissuade storing them. Fairly obvious, isn't it?

> You can use many different types of authenticators.

It's not a very realistic suggestion for most users and use-cases. Having a built-in module that does the job has a lot of upsides.

> No need to falsely or passive aggressively suggest that a system would be insecure without these specific means.

I didn't say such a system would be insecure, however it can't safely store key material, it would be less secure in a bunch of contexts.