cm0002@lemmy.zip to Linux@programming.dev · 8 days agoLinux Now Disabling TPM Bus Encryption By Default For Performance Reasonswww.phoronix.comexternal-linkmessage-square22fedilinkarrow-up199arrow-down10
arrow-up199arrow-down1external-linkLinux Now Disabling TPM Bus Encryption By Default For Performance Reasonswww.phoronix.comcm0002@lemmy.zip to Linux@programming.dev · 8 days agomessage-square22fedilink
minus-squareTruscape@lemmy.blahaj.zonelinkfedilinkarrow-up48arrow-down1·edit-28 days agoThe TPM 2.0 implementation (mandated by Microsoft) is flawed. That much is certain. If you’d like to know more details about the “benefits” and vulnerabilities of the standard, feel free to read the relevant wikipedia article: https://en.wikipedia.org/wiki/Trusted_Platform_Module In my personal opinion, the TPM as a whole seems like a “solution in search of a problem”, and developments that were able to foil its protection as early as 2010 from state and non-state actors should be a massive red flag.
minus-squarePossibly linux@lemmy.ziplinkfedilinkEnglisharrow-up4·edit-26 days agoPhysical security is very hard TPM is a useful to help ensure physical security. TPM isn’t perfect but it is decent for what it is.
minus-squareeleitl@lemmy.ziplinkfedilinkarrow-up5·6 days agoThat assumes you can trust the unauditable. I can only accept open hardware, with verification of random samples.
The TPM 2.0 implementation (mandated by Microsoft) is flawed. That much is certain.
If you’d like to know more details about the “benefits” and vulnerabilities of the standard, feel free to read the relevant wikipedia article: https://en.wikipedia.org/wiki/Trusted_Platform_Module
In my personal opinion, the TPM as a whole seems like a “solution in search of a problem”, and developments that were able to foil its protection as early as 2010 from state and non-state actors should be a massive red flag.
Physical security is very hard
TPM is a useful to help ensure physical security. TPM isn’t perfect but it is decent for what it is.
That assumes you can trust the unauditable. I can only accept open hardware, with verification of random samples.