[p_ing]

> TPM provides no added security value for the vast majority of users[1]

Yes it does. The vast majority of users aren't going to have their laptop stolen by the CIA/NSA and have their DIMMs popped and cryofreezed.

The vast majority of users aren't going to have the case opened and a special-purpose PCIe device installed to steal keys over DMA.

The vast majority of users aren't going to have a dTPM vulnerable to SPI sniffing as modern and not-so-modern processors have fTPM.

This is to provide some baseline level of protection of the user's data against theft and loss.

Are there attacks against TPM? Yep. In as much as there are attacks against SMS 2FA, but for the vast majority of people, SMS 2FA is an acceptable level of security.

If you're a CEO, well sure, you're going to want to do something better (TPM + PIN). I acknowledge that Windows 11 Home users don't have this specific option.

Everyone needs to level set on the type of attacks that are practical vs. involved and who the targets of those attacks are.

FDE (w/ TPM) is part of defense-in-depth. Even if imperfect, it's another layer of protection.

[AnthonyMouse]

> The vast majority of users aren't going to have their laptop stolen by the CIA/NSA and have their DIMMs popped and cryofreezed.

That's kind of the point. The vast majority of users aren't going to have their laptop stolen at all, if they do it will 99% of the time be by someone who only wants to wipe it and fence it, and attempts to access data are most likely to be by unsophisticated family members who would be defeated by a simple password without any TPM.

Meanwhile there have been plenty of TPM vulnerabilities that don't require anything so esoteric and can often be attacked purely from software, so if a normal user was facing even so much as someone willing to watch some security conference talks, they're going to lose regardless. If the TPM doesn't make them more vulnerable to that, because it contains the secrets and is susceptible to attack, vs. FDE with a boot key stored in some cloud service secured with the user's password instead of a TPM, which can then rate limit attempts without being susceptible to physical access attacks and be revoked if the device is stolen.

Moreover, the more common threat to normal users is data loss, in which case you only want your laptop to be secure against your unsophisticated nephew and not the tech you want to recover your data after you forget your password.

> In as much as there are attacks against SMS 2FA, but for the vast majority of people, SMS 2FA is an acceptable level of security.

The current recommendation seems to be against SMS 2FA because the security of SMS really is that bad, so if you need 2FA, use an authenticator app or similar.

> FDE (w/ TPM) is part of defense-in-depth.

Any snake oil can be painted as defense-in-depth.

[wkat4242]

> That's kind of the point. The vast majority of users aren't going to have their laptop stolen at all, if they do it will 99% of the time be by someone who only wants to wipe it and fence it, and attempts to access data are most likely to be by unsophisticated family members who would be defeated by a simple password without any TPM.

True, any preboot password method (even fully software) will be sufficient to prevent data exposure when a laptop is stolen.

The whole TPM + secure boot thing is more to prevent evil maid attacks where a laptop is messed with (eg installing a bootloader that intercepts the password) and then placing it back in the user's possession so they can be tricked into entering the password.

That whole scenario is extremely far-fetched for home users. Laptops get stolen but then they're gone.

[sidewndr46]

But it doesn't even do that. If I want to perform the "evil maid" attack why would I screw around with the bootloader? I'm just going to replace the entire device with something that captures the password & sends it to me remotely.

[wkat4242]

You could but the user might notice. Most business laptops don't exactly look like new.

I would very likely notice.

[p_ing]

I'm not groking what you're saying. Replace what "entire device"?

[sidewndr46]

You're at an industry conference. I want the data on your laptop's hard drive. You leave your laptop in the hotel room. Which one is easier:

1. Go into your room and screw around with the boot loader to somehow give me unencrypted access to your laptop after you login next time.

2. Go into your room. Take your laptop. Put an identical looking laptop in place that runs software that boots and looks identical. Have it send me all of your password attempts over WiFi to my van in the parking lot.

I'm going with option 2 every time. I have your original device. I have your password. TPM, SecureBoot, or whatever is irrelevant at this point.

[buran77]

The attacker must be able to fake any pre-boot drive unlock screen and OS login screen to look exactly as the user's real screens but accept any password.

Legend goes that security oriented people will visually customize their machines with stickers (and their associated aging patina) and all kinds of digital cues on the different screens just to recognize if anything was changed.

MS chose to impose TPM because it allows encryption without interactive password typing (BitLocker without PIN or password which is what most machines are running). That's it. The users get all the convenience of not having to type extra passwords when the machine starts, and some (not all) of the security offered by encryption. Some curious thief can't just pop your drive into their machine and check for nudes. The TPM is not there to protect against NSA, or proverbial $5 wrench attacks but as a thick layer of convenience over the thinner layer of security.

[mjg59]

Joanna Rutkowska described a way to avoid this back in 2011 (https://theinvisiblethings.blogspot.com/2011/09/anti-evil-ma...), I extended it to be more usable in 2015 (https://mjg59.dreamwidth.org/35742.html). Both solutions make use of a TPM.

[happymellon]

Passwords are generally defeated by a hammer to the fingers.

Repeat until password is extracted.

[hiatus]

Have you been to an industry conference? So many laptops are covered in stickers, good luck recreating that.

[XorNot]

No one wants a preboot password though.

TPM means the system can boot and then do face login or whatever using the user's password in exactly one place.

This is as much as most users will tolerate. And it also means Microsoft account recovery can work to unlock a forgotten password.

The whole point is Microsoft don't want user devices to ever be trivially bypassed, regardless of how unlikely that is (probably more likely then you think though).

These things are everywhere: they're used by small businesses, unsophisticated users etc. but the story which will be written if anything happens because the disk was imaged sometime will be "how this small business lost everything because of a stolen Windows laptop" and include a quote about how it wouldn't have happened on a MacBook.

[mjw_byrne]

"No one wants a preboot password though" - really? Doesn't strike me as particularly inconvenient, especially given the relative rarity of actual bootups these days.

I've been using bog-standard FDE for as long as I can remember. One extra password entry per bootup for almost-perfect security seems like great value to me.

[zinekeller]

It seems that you're looking at the wrong bubble here. Most people actually detests passwords and would rather use a different method if possible (this is why ordinary users turn on biometric authentication despite some here questioning its security). Adding another password will certainly make users - especially enterprises - complain.

Also for technical reasons, Windows can't do the fancy one login/password screen (which assumes a file-level encryption, which is how it is implemented nowadays to support multiple users [1] [2]). This is due to Windows software that are expecting that everything is an ordinary file (unlike Apple which don't care on that aspect and Android which has compartmentalized storage). Even if we have an EFS-style encryption here, it will be incompatible with enterprise authentication solutions.

1: https://support.apple.com/guide/security/encryption-and-data...

2: https://source.android.com/docs/security/features/encryption

[hansvm]

> this is why ordinary users turn on biometric authentication despite some here questioning its security

That's part of the reason. Another part is BigCo spamming the users asking for biometrics or whatever the current promotion-driver is, making opting out hard to find, and using their position of authority to assert that it's "more secure" (for your personal threat model no less, nice to be able to offload thought to a corporation).

[devops99]

The more inexpensive option of the newer Trezor wallets and "login PIN" as an optional alternative to a password that also works, seems to be the best option (that I have seen so far).

The more recently released Trezor wallets are still new, and Yubikey 5C will probably be used in many places anyway just because of the keyring and no need for the usb-c cable.

[whatevaa]

Absolutely. You are an exception. Get your head outside and look around you instead of assuming.

[wkat4242]

Every phone has it these days. Doesn't seem to be a big deterrent? Laptops also need a password to log in.

In fact in many cases a preboot password is safer. Because the comms between the TPM and the OS can often be sniffed. And if the TPM doesn't need validation because it hands off its keys, it can be bypassed that way.

Again not really something that consumers have to worry about, but it's not quite difficult anymore to pull this off.

[andrewaylett]

The phones are using their TPM equivalent to do it securely, though -- there's not nearly enough entropy in a lock screen to provide robust security, but the boot-time unlock depends on both the screen lock and the hardware, and the hardware will rate limit attempts to use it to turn lock screen inputs into usable encryption keys.

[HeatrayEnjoyer]

TPM 2.0 uses encrypted bus. TPMs are also often built into the CPU

[alerighi]

The vast majority of users neither have a password on their computer, or if they have it it's a stupid one (like their name, their birthday, etc) or they have it written on a post-it that is attached on the monitor itself. Why do they need a TPM? Most of the time I setup a computer for a friend or family member they ask me to remove the password since they don't want to remember it.

Vast majority of users neither have that much important data to steal on their computer at all, just some family photos, some movies downloaded from the internet, there is the case of credentials saved in the browser, but the most important stuff (such as banking sites) nowadays requires a multiple factor authentication (such as password + OTP on your phone) to do any operation.

[p_ing]

Why do they need a firewall? Why do they need ACLs?

Let's just go back to single-user operating systems with exFAT drives.

If an individual expressly defeats the point of any particular security mechanism, that's on them. But to paint this broad brush of "I know someone who does X which makes Y pointless, so Y must be meaningless for everyone else" is silly.

[p_ing]

> The vast majority of users aren't going to have their laptop stolen at all

The vast majority of homeowners aren't going to have a house fire. The vast majority of drivers aren't going to have an accident. Etc. etc. etc.

It's insurance.

> The current recommendation seems to be against SMS 2FA because the security of SMS really is that bad, so if you need 2FA, use an authenticator app or similar.

This is correct. But SMS 2FA is better than no 2FA. The attacks you speak of are targeted attacks, where the victim and phone number are known.

> Any snake oil can be painted as defense-in-depth.

It's not snake oil, however.

[hansvm]

> SMS 2FA is better than no 2FA

Depending on the implementation it's occasionally more secure. For me it's never "better."

A significant fraction of banks, retirement accounts, financial web services, ..., can fully reset your password using just the SMS "2FA," sometimes most also requiring an e-mail verification. That turns the device into a single factor much weaker than a password (making physical attacks -- ex-lovers, nosy houseguests, ... much easier). There are a variety of easy methods for taking over a phone number temporarily or permanently for <$15, so for the ones without e-mails it's literally just a cost/benefit analysis for a crook.

Knowing how often SMS 2FA gets screwed up, I'd strongly prefer to avoid services offering it (especially those requiring it) even if there were no other downsides. Toss in the inconvenience of having to drive into town (many rural places I've lived), find a point of higher ground (many taller cities I've visited), or whatever just to get cell service, and the whole concept is a nightmare.

And so on. It's painful to use, usually much less secure, and rarely meaningfully more secure.

[AnthonyMouse]

> It's insurance.

It's rubbish. The circumstances that would make it even theoretically useful are rare and in practice it doesn't even work then. There is no reason to pay good money so you can be insured against alien abductions under a policy whose terms won't pay out even if you somehow actually get abducted by aliens.

> This is correct. But SMS 2FA is better than no 2FA.

The alternatives to SMS 2FA don't just include no 2FA, they also include any of the better 2FA alternatives to SMS.

Choosing SMS is like saying we should all bottle our urine in case we need something to drink later. There's juice and soda in the fridge and a tap full of water right over there, don't be crazy.

> The attacks you speak of are targeted attacks, where the victim and phone number are known.

How do you mean? Anyone who can snoop SMS gets a list of usernames and passwords from a data breach, tries them all against a hundred services, when that user exists on that service the service says "we sent SMS to your phone number at xxx-xxx-4578" so the attacker looks for any SMS code to any phone number ending in 4578 in the last ten seconds. Even if they don't have the phone number from the data breach, most commonly there is only one matching message, if there are two or three they just try all of them, and now they've compromised thousands of accounts on a hundred services because SMS is such rubbish.

On top of that, the targeted attacks also work against SMS. If you know the target's phone number you don't need to be able to capture every SMS to compromise them using SIM swapping or any of the other numerous vulnerabilities SMS 2FA is susceptible to.

> It's not snake oil, however.

It's a proposed solution with negligible or negative benefits over known alternatives. That's snake oil.

[cma]

> The vast majority of users aren't going to have their laptop stolen at all, if they do it will 99% of the time be by someone who only wants to wipe it and fence it, and attempts to access data are most likely to be by unsophisticated family members who would be defeated by a simple password without any TPM.

I've only met one person who's phone was stolen. They grabbed it while it was unlocked and within minutes after began scamming all the person's Instagram and other contacts asking for quick money for an emergency.

[mike_hearn]

That's how it works now exactly because hardware security ("DRM") on phones is so good that grabbing phones whilst unlocked is the only way to beat it. For most of the history of phones, they would be pickpocketed or taken from bags, luggage, hotel rooms etc without you ever seeing the thief.

This is a huge upgrade, and nothing to sniff at. I also had someone try to grab my phone out of my hand and run off whilst walking on the streets in France. Unfortunately for him I can run extremely fast. Once he saw I was catching up and about to beat the crap out of him, he gently placed the phone on the road whilst running and gave it back to me. Before phone security got really good a guy like that would have been using the sneaky approach and then visiting a back room in a phone shop to reflash all the hardware IDs, but secure boots and the mobile security chips have got good enough that this is no longer feasible.

[cma]

Depends which is more valuable, the phone or the potential scams. With no hardware security you'd just have a standard USB stick to root it and get the same access to the logins and contacts, or you'd take it right to an underground shop that did. And you could sell the hardware on top of that, making theft that much better.

[razakel]

At least they weren't logged into their banking apps.

[adgjlsfhk1]

imo sms 2fa is great since it is sufficient to stop automatic mass account stealing.

[AnthonyMouse]

So is an authenticator app.

Also, SMS isn't, because attackers often get access to the SMS network itself (see e.g. Salt Typhoon) in which case they can do automatic mass account stealing because they can see all the totally unencrypted SMS codes.

The security of SMS really is that bad.

[oyashirochama]

Not to mention LTT showed the ability to spoof and steal SMS directly, on specific targets using the international phone system trust, something that is effectively impossible to block due to the inherient trust built into cell companies at the moment.

[dataflow]

> attackers often get access to the SMS network itself (see e.g. Salt Typhoon)

"Often"?

[andy81]

Bit of an understatement, should be "always have access" if state attackers are included in the threat model.

[AnthonyMouse]

To be fair, there are also non-state attackers that can mass intercept SMS.

[devops99]

> vs. FDE with a boot key stored in some cloud service secured with the user's password instead of a TPM

Without secure boot (backed by TPM), I can boot a small USB device that has LEDs on it to indicate to me that the target system has been infected to send me a copy of the target's password, after I already imaged the disk (or when I have another team member steal it or take it by force later).

If there's a UEFI password to access UEFI settings, I can reset it in under 20 minutes with physical access. Some tamper-evident tape on the laptop casing may stop me if I haven't already had a resource intrude into the target's home/office to have some replacement tamper-evident sticker material ready. Very very few places, even some really smart ones, make use tamper-evident material. Glitter+glue tamper-evident seals are something I can't spoof though.

It's not that hard to get into a hotel room. Often enough if a business books a hotel for you it's because they want access to your laptop while you're at lunch with another employee who so kindly suggests to leave your backpack in the hotel room.

disclaimer: all above is fictional and for educational and entertainment purposes only

[AnthonyMouse]

> Without secure boot (backed by TPM), I can boot a small USB device that has LEDs on it to indicate to me that the target system has been infected to send me a copy of the target's password, after I already imaged the disk (or when I have another team member steal it or take it by force later).

Which is the same thing that happens with secure boot, because they just steal the whole device and leave you one that looks the same to enter your password into so it will send it to them.

Meanwhile if you're using tamper-evident materials then you don't need secure boot, because then they can't undetectably remove the cover to get physical access to remove your UEFI password or image the machine.

[devops99]

Thank you for prompting attention to the switcheroo.

This angle of attack is generally unheard of, but should be considered. I can think of some mitigations that can work.

Tamper-evident materials are well-known by the crowds that will target users. There are many criminals among us, so many that those who don't have criminal psychology have a hard time wrapping their mind around it. Given this, I am cynical, and every defense within reasonable cost should be leveraged.

[coppsilgold]

> The vast majority of users aren't going to have their laptop stolen by the CIA/NSA and have their DIMMs popped and cryofreezed.

If you happen to have a Pro variant of Ryzen (there may be some Intel variants as well) then you can enable RAM encryption. The RAM will be encrypted with an ephemeral AES key on boot.

[nfriedly]

In my experience, FDE (Full Disk Encryption) is more of a hindrance than help to average users.

It just means that when something goes wrong, such as a forgotten password or a botched update, their data that would have otherwise been recoverable is now lost forever.

I'm not sure I know anyone who's had a computer stolen, but I know lots of people who have lost data.

Edit: I do know one person who had a computer stolen. It was a work laptop while they were in SF, and I'll concede that FDE probably does make more sense on a work-related computer. I was only arguing that it's more of a hindrance on personal devices that mostly stay in the owners home.

[xyzzy_plugh]

I know of at least 10 instances of a company laptop being stolen. From the back of a car, from a coffee shop, from a hotel room, etc. It happens.

Knowing any data on it cannot be recovered by malicious actors can be very reassuring.

[kd913]

Surely this is an issue for there not being an easy mechanism for backing up?

The proper solution should be secure by design and user friendly. We shouldn’t compromise the former for the latter.

[p_ing]

> It just means that when something goes wrong, such as a forgotten password or a botched update, their data that would have otherwise been recoverable is now lost forever.

Not at all. You can get your recovery key back via a few different means (for 11 Home, OneDrive/printed/PDF, for enterprises, various ways) and boot into the Windows Recovery Mode environment to perform the same repair options one would have without BitLocker in place.

[n144q]

> I'm not sure I know anyone who's had a computer stolen, but I know lots of people who have lost data.

That's exactly where you got your priorities wrong.

Yes there is a tradeoff. But backing up your data is easy (especially in a corporate environment), while security is hard.

And computers do get stolen a lot all the time, just not in your circle.

[sidewndr46]

What is the argument here about the CIA / NSA or any other US Federal 3 letter agency? If your device is secured via TPM or some other scheme that relies on an industry to secure your device they aren't going to be doing "DIMM popping". They are just going to get the master keys from whomever issued them and use that bypass whatever they need to on the device.

[p_ing]

You're missing the forest.

The point being is that Microsoft's implementation on Win 11 Home ("device encryption", aka unconfigurable BitLocker) is sufficient for nearly all of their user base. If you're a target of a 3-letter agency, additional security measures are required.

[a1o]

https://xkcd.com/538/

[devops99]

I agree. TPM defends against the most likely threat that typical users are facing. And, where users that are individually targeted, the theft/robbery will more often than not be designed to appear "random".

Because TPM sniffers are now at a material cost of about $15 and can be acquired for a price at under $200, more than a TPM is needed for data encryption, especially for users like a CEO. This is why a firm I used to work for encrypted the key that could unlock user data with both TPM plus Yubikey.