Total Lock-down Ambitions - Part II - Down to the Very Core, Including the Hardware (CPU, GPU, Peripherals, and More)
When we started this short new series yesterday afternoon (introduction followed up by Part I a few hours later) we sought to explain the status quo, provide good links that can explain what's truly going on (in layman's terms, Plain English), then suggest alternatives or escape routes.
Just because many people do something or passively accept something does not mean everybody else should too.
Several companies and organisations ought to be making hay with the Vista 11 issues, an associate has argued, pointing more specifically to "DRM / TPM2 requirements."
As we explained last night, instead of distinguishing themselves and antagonising these broadly reviled "antifeatures", both Canonical and IBM decided to join Microsoft in advocating lockdown, including things that prevent users booting their PCs or perfectly functional servers [1, 2].
"They seem afraid to risk bringing attention to the real issue of DRM," the associate opines. In the case of Apple - which is not really an alternative to Microsoft in this respect - "the M1 - M4 chips in Apples have hard wired DRM, as another example" of the creeping threat.
It should be noted that community-run distros barely bother with "the clown" (cloud) or with things like TPM. There's simply no motivation for a community to restrict itself or treat itself like an untrusted enemy. If people cannot create their own distro (it's a large task and it requires rare skills or a wide range of different skills), then they can at least join a large community that can collectively represent and serve its members.
DRM as a topic, the associate believes, is unfortunately a suppressed issue. That echoes our own experiences. It became like a silent monster that almost nobody talks about anymore. The problem persists, unresolved, thriving in apathy or a lack of visibility. They also change the acronyms by which DRM is referred to, so don't scan the Linux source code for "DRM" (it's something unrelated, it's mostly to do with graphics).
The DRM issue is very prevalent in 2025. It's in almost everything "modern". "It's hard to find info though," the associate says.
Searching the Web for "DRM", even in the technical sites, would bring up many unrelated results pertaining to direct rendering and some scientific terms from other domains. That makes research somewhat challenging, set aside search engines getting worse over time and the Web getting littered with unlabeled LLM slop.
The associate can recall "audio and video internals in M1, M2, M3, and M4" (Apple's chips), "but that will be very hard to (re-)verify" (due to chaff on the Web). Vista 11 is trying to get people to adopt similar hardware or similarly restricted hardware. It would not be better for the users, but it would be better for some corporations.
Here's an "Analysis of Obfuscation Found in Apple FairPlay":
FairPlay comprises a set of algorithms created by Apple for digital rights management (also called DRM, digital rights management). FairPlay is currently used to manage the decryption of iOS applications during their installation on Apple devices. In fact, we know that Apple distributes all applications in the Apple Store through the IPA file format. The IPA file format contains encrypted information that will then be used by the operating system to install an application. All of the encrypted information is handled through FairPlay, which takes care of keeping the decryption key and the whole process secure to avoid the possibility of decrypting the contents of.ipa files to share the contents of an app (perhaps paid for) in the wrong hands.In this article, we are going to summarize some static protection measures that I was able to find within user-space daemons running FairPlay, the DRM system used by Apple. All information is believed to be current as of the date of the article; the operating system from which the binaries were extracted is macOS 13.5.1.
Microsoft boasts about "GPU-Based" DRM and reports exist of monitor-related playback issues (due to DRM). Someone blames HDCP2.2 and another one says "there might be some sort of DRM issue with the way that the DisplayLink driver is handling video".
When it comes to Windows, this conundrum was covered a lot in the Vista days (we gave authoritative links in the previous part).
An associate thinks that "maybe the removal of the 3.5mm headphone jack is related," not to mention phasing out VGA in favour of "smarter" ports that are a lot more prone to failure (the cables/cords are brittle as they're not analogue and error correction/compensation is deficient). A lot of the underlying mechanisms are proprietary, patented, and their disclosure is likely subjected to signing some NDAs (and only if one is employed by some consortium/consortia member).
I still use VGA on my main laptop. It works OK for "HD"-sized displays.
A decade and a half before AnandTech died, Anand Lal Shimpi said about the "The Protected Audio/Video Path":
Remember all of the garbage the PC industry went through with trying to enable HD-DVD/Blu-ray playback? Unfortunately, most of those efforts were spent on enabling protected video playback, and most of the companies involved didn't spend much energy on enabling protected audio playback.There are two forms of content protection that help secure both audio and video when playing back a Blu-ray disc: HDCP and AACS. HDCP protects the data as it leaves the PC; it's why you need an HDCP compliant graphics card, graphics driver and monitor if you want to play an HDCP enabled Blu-ray disc on your PC with a digital video output (DVI or HDMI). The idea behind HDCP is that a user should not be able to easily intercept the decoded signal and make a bit-for-bit copy of the audio and video before it reaches the display.
The Microsoft boosters are totally in support of this. Microsoft says yes, so they will too. 3.5 years ago when Vista 11 was only speculative "Gravitee" wrote:
Everyone seems to be really excited about Windows 11 because of the new UI, or are complaining about it because of the hardware requirements. But I have not seen much analysis on WHY these hardware requirements are this way.It has occurred to me, that the reason why they want to require us to have the latest CPUs with TPMs is because these CPUs will lock Windows down tighter than an Xbox One.
The whole point of a TPM is to be able to 'trust' the hardware despite the user having physical access to it, because they are incredibly difficult to reverse engineer even with access to the hardware. It is impossible or almost impossible to access the innards of a TPM without destroying it.
Why would Microsoft do this?
Well it would appear that Microsoft have finally got around to addressing the issues with the Windows Store which have been keeping developers away, and they have decided that they actually want Developers to use the Windows Store now.
What is it that developers would want which involve the use of a TPM? DRM.
A DRM which is backed by a TPM is probably going to be much more secure than Denuvo. Denuvo is limited from requiring TPMs because TPMs are not common or are disabled by default, so this would shut out a lot of potential customers. But if TPM is made a hard requirement by the OS, then that market of devices with a TPM will become large enough that it is worth shutting out those who don't have TPM.
Unless Microsoft/Intel/AMD have made a big mistake in their implementation somewhere, which I doubt, the TPM DRM will most likely be next to uncrackable. Microsoft have many years of experience locking down the Xbox One quite successfully, and if it were possible to hack I'm sure that it would have been done by now. The only successful attack against PS4/Xbox One that I know of is being able to manipulate system memory externally, but CPUs now encrypt memory so that is no longer feasible).
Microsoft are luring us in with eye candy.
But don't be fooled, Windows 11 has a dark side and with TPM DRM becoming normalised on the Windows Platform, this will be the end of our complete freedom to be able to mod games, and the start of high prices.
Sure it will stop Pirates, I have no sympathy for them. But it is 2021 now, is Piracy really that high these days when everything is so easily accessible from a variety of storefronts at competitive prices?
Windows 11 will usher in a new era of Windows 11 exclusive titles (and features), cannot be modified, and distribution of keys will become more limited by relying on the Windows Store, leading to higher prices.
It won't only be just a more limited marketplace by Microsoft being the gatekeepers, but without having to compete with Piracy anymore there would be no incentive to price lower to a point that the consumer is wanting to spend, because there is no threat of turning to piracy if they don't like the price.
Just look at the Xbox to see exactly how things are going to end up. Games are always priced higher on Xbox compared to PC because the only competition is boxed copies from retail, which realistically is not a very competitive option either as retail stores have to charge high to cover their high overheads.
Xbox gamers too will have their day of reckoning too when Microsoft and Sony feel bold enough to require activation codes for all games so that they cannot be resold or traded anymore.
I humbly request, that gamers do not buy into Windows 11 automatically. Hold out for as long as possible, which will force Microsoft to address these concerns if they want us to actually use it.
If I were a YouTuber, I would be calling attention to this issue.
If I were Valve, I would be making noise about Gaming on Linux again to defend their turf.
Unfortunately, I can anticipate that Valve, with their recent co-operation with Microsoft, might see fit to work with Microsoft rather than against. The allure of getting access to the TPM as well to be able to do the same thing, might be too tempting.
I definitely hope that I am wrong about all this.
So HDMI, HDCP etc. (restricted/obfuscated display signal), along with GPUs and CPUs are getting more obscure and in the process they try to shut users out of the internals, usually in the name of protecting "content" (copyright holders), not users' interests.
This is basically about monopolies. This is not about security.
In the next part we'll examine DRM on the Web. Your average Web user is exposed to lots of DRM inside the Web browser; but there are no warning signs and Mozilla will suppress notifications about it once this becomes "the norm" (or Firefox become completely irrelevant).
Of course the browser-level DRM is in a lot of ways connected to and reliant on the hardware "playing ball".
This is a "vertical integration"-type problem. █