I'm not sure if I understand your argument. As long as you can put your own things on your TPM and use it for your own good it's not too bad right? And in corporate environments it's reasonable to not own your own device right?

Sure Infineon can probably get my data, but that's far beyond the scope of my threat model.

As long as the system is open to putting your own keys on there I'm fine with it.

> I'm not sure if I understand your argument. As long as you can put your own things on your TPM and use it for your own good it's not too bad right?

As long as software that uses the TPM cannot detect whether you tampered with the TPM or not, it is principally all right.

But as I wrote down: this is exactly the opposite of what trusted computing was invented for: make the machine trustable (for the companies that have control over the TPM/trusted computing), because the user is distrusted.

Indeed, so the user should not buy a computer where they're not in control of the TPM, if you can't disable it/add your own keys, then don't buy that computer

That rapidly converges on "you can't buy a computer and use it", because economic interests favor trusted computing devices.

> That rapidly converges on "you can't buy a computer and use it", because economic interests favor trusted computing devices.

I would rather argue that it converges to "you become more and more morally obliged to learn about hacking (and perhaps become a less and less law-abiding citizen) if you buy a computer and use it".

Your way rapidly turns into "I was shot by a SWAT team for running a program I legally own"

Yea, maybe we shouldn't live in the US, or other authoritarian nations, but few of us have options like that.

Only if only 1% of the population know the risks, teach the other 99% to care. Same with any civic problem