this post was submitted on 06 Jan 2024
297 points (90.7% liked)

Technology

58303 readers
10 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

RIP Microsoft WordPad. You Will Be Missed::It's truly the end of an era as we say farewell to a real one.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 6 points 10 months ago (2 children)

Well I have good news for you, the TPM can't do those things. The TPM is just a hardware module that stores cryptographic keys in a tamper-resistant chip, and can perform basic crypto functions.

In of itself, it can't be addressed remotely, but it is usually used as a component of a greater security scheme. For example, in full disk encryption, it can be used to ensure that disk can't be decrypted on a different device.

There's been a lot of FUD surrounding TPMs, and it doesn't help that the actual explanation of their function isn't something easily described in a couple of sentences.

There's no reason to be afraid of a TPM, and for the privacy-minded and security-conscious, it can even be used as part of a greater security scheme for your device and its data.

Of course at the same time, it's not a feature most home users would make full use of, and as for not liking Windows, carry on. There's plenty of reasons to avoid it if those things are important to you

[–] [email protected] 2 points 10 months ago (1 children)

May I ask a question out of curiosity? If my system dies on a hardware level, and I have to save my hard drive, how can I access it then if I can't put it in another system?

[–] [email protected] 2 points 10 months ago

Generally commercial drive encryption solutions, like Bitlocker, usually has a backup recovery key that can be used to access the encryption key if your TPM is reset, or if your device dies.

So I guess the short answer is most of these solutions don't fully protect it from being moved to another device, they just add another layer of security and hassle that makes it harder to do. And without the TPM as part of these solutions, you would be entering a 48-character passphrase every time you boot your device, which has several security flaws of its own.