|
|
|
|
|
|
by cryptonector
962 days ago
|
|
|
What do you mean specifically? You can: - set passwords on the key hierarchies
- roll the seeds for the key hierarchies,
thus invalidating *all* keys on the TPM
Now, Windows might stop working if you do that, and naturally, if you wanted to use a TPM for locking your filesystems then you'll need to do this _before_ you install your OS.Also, once you change the seed for the Endorsement Key hierarchy you'll lose the ability to prove that the TPM is a legit TPM made by whatever legit TPM vendor. So sure, this is only something you do if you know what you're doing, especially if the TPM is soldered onto the motherboard. |
|
|