|
|
|
|
|
|
by happymellon
1505 days ago
|
|
|
Examples were given about how those things are accomplished today. The arguments for Pluton given by Microsoft were not these scenarios. They literally says that this is off the back of the XBox where running your own code is a bad thing. |
|
|
yes, but if the TPM is external to the CPU, as all are, the traffic to and from the TPM can be intercepted and the security provided is gone. even firmware TPMs store their data in flash, external to the CPU, and are therefore completely insecure to someone with physical access.
see: https://news.ycombinator.com/item?id=29258879
the only way to secure a device with a TPM today is to require a PIN on boot, and not rely on the TPM entirely. that is a huge pain in the ass and a more secure solution is needed. Pluton addresses this.
Corporate IT administrators DO NOT want attackers with a stolen laptop installing anything, or using the device in any way. This is the situation Pluton is for. it is not designed to prevent a rightful owner from anything at all, ever.
why do people who are concerned about their own privacy and security never seem to understand things like this? I do not understand.
I'll spell it out: entities who are NOT individuals own computers too, and the data on these devices is of extreme importance to those non-human entities. correctly administering these machines is of extreme importance to these non-human entities, as well.
those entities are why Pluton and the Intel Management Engine, respectively, exist.