In comments submitted to America’s Federal Trade Commission, Microsoft says repairing its devices could jeopardize protections from the Trusted Platform Module (TPM) security chip.
“Don’t believe them,” argues a group of information security professionals who support the right to repair. Slashdot reader chicksdaddy quotes their report:
The statement was submitted ahead of Nixing the Fix, an FTC workshop on repair restrictions that is scheduled for mid-July… “The unauthorized repair and replacement of device components can result in the disabling of key hardware security features or can impede the update of firmware that is important to device security or system integrity,” Microsoft wrote… “If the TPM or other hardware or software protections were compromised by a malicious or unqualified repair vendor, those security protections would be rendered ineffective and consumers’ data and control of the device would be at risk. Moreover, a security breach of one device can potentially compromise the security of a platform or other devices connected to the network….”
As we know: Firms like Microsoft, Lexmark, LG, Samsung and others use arguments like this all the time and then not too subtly imply that their authorized repair professionals are more trustworthy and honest than independent competitors. But that’s just hot air. They have no data to back up those assertions and there’s no way that their repair technicians are more trustworthy than owners, themselves…
There’s nothing inherent in repair or the things called for in right to repair laws like providing diagnostic software, diagnostic codes, schematics and replacement parts that puts the integrity of the TPM or the trust model it anchors at risk. Nor does the TPM require that the devices it secures remain pristine: using the same hardware and software configuration as when they were sold by the OEM. After all, TPMs are in Dell computers. Dell makes diagnostic software and diagnostic codes and schematics available for their hardware and I haven’t heard Microsoft or anybody else suggest that a TPM on a repairable Dell laptop is any less secure than the TPM on an unrepairable Microsoft Surface.