|
|
|
|
|
|
by transpute
742 days ago
|
|
|
> discrete TPMs don't really have a future in systems that need robust system state attestation (both local and remote) against attackers with physical access. TPMs should be integrated into the CPU/SoC What are your thoughts on Microsoft Pluton and Google OpenTitan as TPM alternatives/emulators? Should system attestation roots of trust be based on open-source firmware? Recent AI/Copilot PCs based on Qualcomm SDXE/Oryon/Nuvia, AMD Zen5 and Intel Lunar Lake include Microsoft Pluton. |
|
|
I am not familiar enough of the technical details of Pluton or OpenTitan to make a meaningful statement on their security.
> Should system attestation roots of trust be based on open-source firmware?
Yes, and not only root of trusts, I am strong believer in open source firmware in general. I have been developing coreboot as a hobby for a long time. I wish their was more industry support for such things, especially at the lowest levels of modern systems.