Besides holding an easily dumped crypto-key hash for unencrypting your EFI when the feds catch you at the airport, and weakly locking down your hardware when tyrone tries to install a fresh copy of windows 11, is TPM good for anything?
The feds can still just evil maid your EFI by dumping the backdoored secure-boot keys. Tyrone could unplug your cmos battery and reset your TPM with a clip. The feds would probably open Intel ME's capabilities anyway, so why wouldn't you buy a new machine and create a new boot directory if you lost sight of your hardware?
Or is TPM only used for validating your secure boot partition with a separate luks key from your root partition?
So let me get this straight. Ideally it's full disk encryption except your EFI file on a separate partition with a separate LUKS key from your root partition. Every kernel update runs a hook that would replace your bootloaderless EFI, auto sign it with with your custom secure-boot keys, and resign TPM with your secure-boot-keys/EFI hash? So when you boot, the TPM auto validates your secure-boot keys, which auto unencrypts your /boot partition holding your EFI, which must be also validated by your secureboot keys, which would finally boot your /root OS while still prompting you for a LUKS password?
It's useless get a Yubikey or roll your own with an ESP32 or some shit.
Gabriel Reed
>$0.48 chip goes bad >Loose all of your data and accounts >Have to rebuy windows You'd have far better data integrity and the same level of security by using a floppy with a magnet stuck to it.
What is EFI good for on linux and does it really make a difference? If you use it, could you explain how your boot process works and why you think it's more secure?
Grayson Miller
Secure boot works without TPM and it's only more secure if you enroll your own keys.
Christopher Gutierrez
The goal is to lock down computers to such an extent that you won't be able to install "unapproved" software. Or at least the OS will know what software is "unapproved" so it can prevent it you from using your hardware in "unapproved" ways. UEFI and TPM are just the current step. With each step the noose gets tighter.
Examples of "unapproved" uses of hardware : plotting to overthrow the gov't, watching a movie you haven't paid for, buying drugs, listening to music you haven't paid for, engaging in pedo activity, reading a book you haven't paid for.
Matthew Harris
So then what is TPM good for? You enroll your own secure boot keys, resign your EFI. Then what? You can flash your TPM with a hash or luks key, so your boot partition can be automatically unencrypted while your EFI is still being subjected to your secure boot keys?
The idea being if you remove your cmos battery to remove your secure-boot keys and clear UEFI, the TPM chip still won't let you boot into anything? It seems more like a theft prevention mechanism than digital security.
Blake Walker
>"engaging in pedo activity" I hope they catch you.
Jaxson Powell
wetware
John Ramirez
>Examples of "unapproved" uses of hardware terrorism, normal activity, drugs, normal activity, pedophilia, normal activity.
It's like you designed an emotional rollercoaster of activities on purpose and slipped your mental disease right in at the end like it is on par with pirating music.
burn in hell
Lincoln Evans
TPM and EFI don't really apply to you. It might be useful for others who must know if their computer has been tampered with.
Adam Hernandez
my actual fear is being prosecuted for thought crime while traveling in authoritarian countries.
>while traveling in authoritarian countries. That's easy to avoid.
Xavier Peterson
Doesn't it prevent the annoying stealth upgrades that microsoft loves to start pushing on previous OS holdouts?
Jaxson Brooks
>easy to avoid at the moment
Owen Clark
Consider this: When using Google or DDG I cannot find any article or blogpost that is critical of TPM from a freedom or privacy point of view. There is no way no one is saying anything, so that means that Google and Bing are both burying negative opinions. It may seem paranoid now, but every single thing I have feared since the late 90s has come to pass already.
William Ortiz
You don't use TPM at all because it's backdoored shit. You enter the password at boot. If it boots without password what't tde point?
Connor Hughes
>I cannot find any article or blogpost that is critical of TPM from a freedom or privacy point of view. Have you considered that that's only because there are no actual criticisms along those lines? In your own words, can you describe how you think a TPM can be used to infringe upon your freedom or your privacy?
