Cool, if you can require them for every possible interaction on a platform but even that violates privacy if you have one universal value that ties it all together (the identifier of the specific TPM).
It's just the phone number/email issue but tied to hardware. If you think these things won't leak and allow bad actors to tie your accounts across services then I have some lovely real estate in Florida you may be interested in.
It also appears that resetting a fTPM works around this since it fully resets the TPM. Even if it didn't then people buying used CPUs could find that they're banned from games that they've never even played or installed on their system before
> It also appears that resetting a fTPM works around this since it fully resets the TPM. Even if it didn't then people buying used CPUs could find that they're banned from games that they've never even played or installed on their system before
It depends how the TPM utilization was applied in practice. The initial manufacturer key (Endorsement Key) is hardcoded and unextractable. All the long-lived keys are derived from it, and can be verified by using the public part of the EK. Usually EK (or cert created from it) is directly used for remote attestation.
It's just the phone number/email issue but tied to hardware. If you think these things won't leak and allow bad actors to tie your accounts across services then I have some lovely real estate in Florida you may be interested in.
It also appears that resetting a fTPM works around this since it fully resets the TPM. Even if it didn't then people buying used CPUs could find that they're banned from games that they've never even played or installed on their system before