[sally1620]

The physical attack Microsoft worried about is hacker extracting information from a stolen laptop. It only takes a single laptop (out of thousands) to infiltrate the company network and steal source code or whatever.

For enterprise users, this attack vector is a real threat. Microsoft definitely wants to dog food this technology to their own employees to avoid getting hacked.

[elisharobinson]

But today I guess it's best practice to just use cloud SAAS for your enterprise . The pc is basically a thin client and does not store anything. You can't exfiltrate without the company knowing about it . This is more barriers for people to switch to Linux . Till date I don't know how secure boot stopped people from doing anything. What threat vector does tpm address and what is the % of that vector in overall threat landscape.

[josephcsible]

Ordinary full-disk encryption protects against that just fine, though.

[naikrovek]

not without requiring PIN entry upon boot.

TPMs are external to the CPU and traffic to and from them can be intercepted and used to decrypt the disk.

there was an article on that exact situation a few weeks ago, right here on HN.

https://news.ycombinator.com/item?id=29258879

[josephcsible]

I meant ordinary full-disk encryption with a regular passphrase and no TPM in the picture at all.

[astrange]

Typical AES-XTS full disk encryption is not safe enough for the laptop case; it’s not authenticated and someone can edit encrypted files.

File-based encryption (like the one T2 and later Macs use) is safest.

[welterde]

While that is true, I cannot think of a real world scenario where it is relevant, since I don't think you can actually produce a specific plain text, but only corrupt certain sectors.

And in case it is a real issue one can use ZFS or btrfs as the file system to ensure data integrity.

[elisharobinson]

They are making a case for treating your pc like a embedded device or consumer electronics device. Where changing the OS is considered to be a crime cause you "hacked" the firmware and installed a new one.

[happymellon]

Examples were given about how those things are accomplished today.

The arguments for Pluton given by Microsoft were not these scenarios. They literally says that this is off the back of the XBox where running your own code is a bad thing.

[naikrovek]

> Examples were given about how those things are accomplished today.

yes, but if the TPM is external to the CPU, as all are, the traffic to and from the TPM can be intercepted and the security provided is gone. even firmware TPMs store their data in flash, external to the CPU, and are therefore completely insecure to someone with physical access.

see: https://news.ycombinator.com/item?id=29258879

the only way to secure a device with a TPM today is to require a PIN on boot, and not rely on the TPM entirely. that is a huge pain in the ass and a more secure solution is needed. Pluton addresses this.

Corporate IT administrators DO NOT want attackers with a stolen laptop installing anything, or using the device in any way. This is the situation Pluton is for. it is not designed to prevent a rightful owner from anything at all, ever.

why do people who are concerned about their own privacy and security never seem to understand things like this? I do not understand.

I'll spell it out: entities who are NOT individuals own computers too, and the data on these devices is of extreme importance to those non-human entities. correctly administering these machines is of extreme importance to these non-human entities, as well.

those entities are why Pluton and the Intel Management Engine, respectively, exist.

[nobodyandproud]

> why do people who are concerned about their own privacy and security never seem to understand things like this? I do not understand.

Because it’s forced on everyone as a default.

UEFI and TPM is great to detect firmware and OS tampering. It’s a real concern for anyone working on Windows.

The problems are intent and unexpected consequences, which are the problems created by requiring TPM.

For example, either the trusted third party must be infallible or what happens on tampering detection must be reasonable.

If something goes wrong with the remote attestation, what am I prevented from doing?

It also adds pressure to increase DRM, which the average paying-user would find extremely punishing (think Blu-ray discs).