Microsoft's Response
In response to questions about whether Windows 8 use in conjunction with TPM 2.0 leads to a lack of control and potential sabotage, as described by BSI, a Microsoft spokesperson sent the following comments:
Since the adoption of the Trustworthy Computing Initiative over 10 years ago, Microsoft has focused relentlessly on the security and privacy of IT users. Indeed, we are committed to building products that are SD3 (Secure by Design, Secure by Default, and Secure in Deployment) and PD3 (Privacy by Design, Privacy by Default, and Privacy in Deployment). It is also important to remember that one cannot have privacy without good security.
In support of these efforts, Windows has made a fundamental bet on trustworthy hardware and TPM 2.0 is a key component. Based in no small part on lessons learned in the TPM 1.2 timeframe, TPM 2.0 is designed to be on by default with no user interaction required. Since most users accept defaults, requiring the user to enable the TPM will lead to IT users being less secure by default and increase the risk that their privacy will be violated. We believe that government policies promoting this result are ill-advised.
It is also important to note that any user concerns about TPM 2.0 are addressable. The first concern, generally expressed as "lack of user control," is not correct as OEMs have the ability to turn off the TPM in x86 machines; thus, purchasers can purchase machines with TPMs disabled (of course, they will also be unable to utilize the security features enabled by the technology). The second concern, generally expressed as "lack of user control over choice of operating system," is also incorrect. In fact, Windows has been designed so that users can clear/reset the TPM for ownership by another OS of they wish. Many TPM functions can also be used by multiple OSes (including Linux) concurrently.
Trusted Computing Group Response
A Trusted Computing Group spokesperson replied as follows:
The specifications, including those for the TPM, have been developed over a long period of time with input from companies and governments worldwide. Some implementations of the TPM have been certified by third parties that have closely evaluated the specification and some companies' implementations of it as well. Info here.
The TPM specifications do not limit any applications nor dictate which or what kinds of applications can be used with it. The TPM has long been supported by various open source implementations. For example, the Google Chromebook uses the TPM with an open source operating system as do many other implementations.
Opt in and opt out have always been included in the TPM specifications.
