|
|
|
|
|
|
by pgeorgi
2936 days ago
|
|
|
I think it's worth noting that the TPM plans of 2003 differ a bit from TPM-as-of-2018. What was called Trusted Computing, Palladium, TCPA, etc. in 2003 and became known in geek circles as "TPM" is now implemented as TPM + Intel Boot Guard + Intel SGX + Authenticated Code Modules + various other things (and other vendors' equivalents). The TPM is the most benign part of it all: a slow, passive crypto chip with a small storage that it can hide away from the CPU unless the right system state and keys are presented (although the presented system state might be 100% fake). |
|
|
It turns the USB-C ports into always-on NSA-keyed backdoors (anyone in possession of the private RSA key, can reflash all three flash ROMs in the machine with whatever he likes, via the external ports, which cannot even be cemented shut, as the machine charges exclusively from USB-C.)