[German] government experts warn, Windows 8 is an unacceptable security risk for governmental offices and companies. The so-called Trusted Computing might be a backdoor for NSA.
According to their [expert's] opinion the operating system contains a backdoor which cannot be closed. This backdoor is called Trusted Computing and might have the consequence that Microsoft could control every computer remotely. And therefore NSA could do it as well.
Three points are decisive: First the [new] TPM, in contrary to the existing standard, is active from the time when you switch on the computer. As soon as you start the computer you cannot decide anymore if you want Trusted-Computing (Opt-in). Secondly it is not possible to deactivate in future the TPM (Opt-out). Third the OS takes over the control over the TPM, in the case of Windows OS it means that the computer is controlled by Microsoft.
In the light of the current situation on spying, I have to say that I am happy that it goes in this direction.
I'm not remotely qualified to comment on the contents of that talk, but it's a very concerning read–they claim that the SMC stores your FileVault key (though they don't seem to prove this?) and that the SMC has a backdoor. I'm all ears if anyone else has any additional info/knowledge about this...
The operating system kernel always has full control over the system, how are they suggesting the TPM adds control here? The TPM is a small chip that handles certain crypto operations more securely (especially key management), how does this provide any additional backdoor scenarios?
If Microsoft wanted a backdoor it could easily be added to the OS without a TPM.
Without a TPM, it is possible to detect and remove (or more likely mitigate) a backdoor. With the TPM, even if you know about a backdoor and have a patch you can not apply it without Microsofts blessing. At least, thats my understanding.
One is spying (NSA), another is restrictions on what to install (Microsoft) and some parts discuss the threat from China, manufactures of the TPM chips.