|
|
|
|
|
|
by zimmerfrei
1034 days ago
|
|
|
>> The discrete TPM's threat model was never designed to cover you from attackers using oscilloscope to probe your laptop's SPI bus during the boot process for unencrypted data. This is not really true. All TPMs (or at least since v2.0, but no matter if discrete or not) support encrypted session against passive eavesdroppers. There is also the possibility to protect against MiTM attacks, but that is more complex (since you then need to setup credentials). See here [0]: "Encryption sessions are useful for when the path to a TPM is not trused, such as when a TPM is a remote TPM, or when otherwise the path to the TPM is not trusted." The issue is that the OS / Bootloader does not implement such mechanism. [0] https://github.com/tpm2dev/tpm.dev.tutorials/blob/master/Int... |
|
|