The GPU, not the TPM, is the root of hardware DRM

Original Article ↗ Hacker News Discussion ↗

GPU vs. TPM as DRM Anchor

  • Many argue modern media DRM is anchored in GPUs and protected media paths, not TPMs.
  • GPUs (and sometimes displays) hold hardware keys, decrypt streams in isolated memory, and output via HDCP; OS never sees cleartext.
  • TPMs are too slow for bulk decryption and can’t talk directly to GPUs; at most they can help with key exchange or attest system state.

TPM, Secure Boot, and Windows 11

  • TPMs are described as “secure key stores + attestation engines” used for BitLocker, Secure Boot, and sometimes passkeys.
  • Disagreement over Windows 11’s TPM requirement:
    • One view: mainly to drive hardware sales and lock down the ecosystem.
    • Counterview: primarily to raise a baseline of disk‑encryption and boot‑chain security, especially for enterprises; indirect hardware churn is a side effect.
  • Some see TPM‑based device IDs as enablers for hardware bans (games) and stronger user tracking.

FSF and Free Software Strategy

  • Several comments say FSF focuses on the wrong threats (TPM, “GNU/Linux” branding) and is out of touch with how DRM is actually implemented (GPU, app stores, phones).
  • Others defend “ideological purity” as the core value of free software and argue mainstream has abandoned it, not vice versa.

DRM Effectiveness, Piracy, and UX

  • Consensus that DRM does not stop determined pirates; 4K/HDR WEB‑DLs appear quickly via compromised device keys, HDMI strippers, or the analog hole.
  • But DRM raises friction for casual copying, enables contractual control over hardware/software vendors, and limits mass “one‑click” piracy.
  • Many argue piracy often offers better UX (higher resolution on Linux, no device restrictions, better library management) but worse accessibility for non‑technical users.

Remote Attestation, TEEs, and Control

  • TPMs and TEEs (TrustZone, SGX, GPU secure enclaves) enable remote attestation: proving device and OS state to a remote party.
  • Supporters: can help detect tampering, secure keys, and enable safer banking or messaging.
  • Critics: fear “Play Integrity / Web Environment Integrity” style systems that let sites and apps refuse service on non‑approved software (e.g., ad blockers, rooted devices), leading to loss of user control and “computing serfdom.”

Legal and Ethical Positions

  • Multiple calls to repeal DMCA 1201, make DRM illegal, or at least void copyright on DRM‑protected works.
  • Strong framing of DRM as government‑backed interference with owners’ rights over their own hardware and media.