|
|
|
|
|
|
by michaelt
1799 days ago
|
|
|
Just keying in the password at boot is indeed more secure than using a TPM, when it comes to the threat of someone snatching your powered-off laptop. But if you want full disk encryption for a server without the need to attend it in person to enter the password every time it restarts, you might feel the middling security a TPM provides is an improvement over not encrypting the disk at all. Or if you issue a big fleet of laptops to forgetful users, and remote password reset is a must-have feature, the TPM is more secure than the user writing the password on a post-it note stuck to the laptop. Or if you're making something like a TiVo where you want it to work without a password - while also locking down the device, even against the owner. So TPMs are great if you're a big corporation! |
|
|
Also great for personal NAS for example. But its bloody hard to implement on Linux/BSD at the moment