See my comment further down. Not all trusted computing is user-hostile. Don't confuse the technology with its (primary early) applications.

Trusted computing is such an ambiguous term.

Intel alone controls the certificate chain for the CPU I own? I don't trust it, and it's user-hostile. Users won't know that it's because of Intel that, for instance, their legacy apps don't run any more. Or their Mac's NVMe drive cannot be recovered (though, yes, this is Apple's Trusted Computing chip, not Intel's).

I take it as the tech community's responsibility to clearly point out who violated their trust on this one.

Trusted computing could be "not user-hostile," or perhaps that's what "user-friendly" means? But to not be user-hostile the certificate chain must be surrendered at point of sale.

It's ironic that sysadmins for large corporations _are_ enabled by Intel's management tools, and _are_ aware of the purpose of these trusted computing tools. But end users _are_ _not_ enabled, _are_ _not_ aware, and are thus treated hostilely by Intel and cannot do the things they absolutely need to do with their own PC.

The original term, "trusted", is a military intelligence term.

It does not mean the ordinary sense of trust, which indicates complete confidence in the integrity and accuracy of the referent.

It means that you have no choice but to rely on it.

"Trusted" may be military intelligence jargon, but term "trusted computing" originated at Microsoft in the early 2000s. After several particularly nasty internet worms gave the company a (justified) reputation of terrible network security, the they launched the "Trustworthy Computing"[1] initiative to rebuild trust in their platform with several security improvements.

"Trustworty Computing" eventually became the "Palladium"[2] project with more ambitious goals including DRM. Palladium evolved into NGSCB ("Next-Generation Secure Computing Base") when Microsoft joined with other companies to form the TCPA ("Trusted Computing Platform Alliance") that later became the ("Trusted Computing Group").

The term has always been used by Microsoft (and later the TCPA/TCG) mean a trustworthy platform, from the developer perspective[3].

[1] https://en.wikipedia.org/wiki/Trustworthy_computing

[2] https://en.wikipedia.org/wiki/Next-Generation_Secure_Computi...

[3] https://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

Microsoft redefines terms to suit them, what a shocker.

5200.28-STD - DoD Trusted Computer System Evaluation Criteria - August 15, 1983 - The Orange Book.

And well the whole Trusted Platform Architecture is simply about having some kind of root of trust implemented by external chip that maintains set of hashes of what the hell runs on the platform and has physical GPIO ports to ascertain user intent. Then somebody had the bright idea to implement that as a process inside the Intel ME architecture...

Kind of weird coming here after the Crypto AG read if you ask me.

By that standard, all hardware is "trusted" regardless of what Intel does. You have to rely on it, and if it misbehaves or stops working you're SOL.

User-friendly secure authentication mechanisms (like Windows Hello or fingerprint readers) was just broken. The TPM keeps the user's own data secure, too, after all.

How is that not absolutely disastrous for users?

This is a valid concern. If you disagree, at least comment when you downvote.