Hacker News new | ask | show | jobs
by naikrovek 1505 days ago
not without requiring PIN entry upon boot.

TPMs are external to the CPU and traffic to and from them can be intercepted and used to decrypt the disk.

there was an article on that exact situation a few weeks ago, right here on HN.

https://news.ycombinator.com/item?id=29258879
1 comments
josephcsible 1504 days ago
I meant ordinary full-disk encryption with a regular passphrase and no TPM in the picture at all.
link