[theandrewbailey]

> TSME isn't a critical security feature for most consumer desktops, as it protects against attacks where the attacker needs physical access to the device.

If you think it's hard to gain physical access to a consumer desktop, you're out of touch. Most desktops aren't locked inside a datacenter. Memory encryption is a valuable desktop (and laptop) security feature.

[WillPostForFood]

So my PC runs 5% slower because someone could break into my house to get physical access to decrypt memory? OK sure, but not my top concern, and a bad tradeoff for the lost performance. And not only fair, but completely accurate to describe TSME as non-critical for *most* consumer desktops. I'd go as far as to say useless and counter-productive for most, but not all, consumer desktops.

[futuraperdita]

So you turn it off by default in BIOS and allow those that feel it's useful to them to enable it, and you solve for both sides of the problem.

[eYrKEC2]

Does it run slower? I'd expect dedicated hardware to do that encryption/decryption, in which case there should be no difference.

[cwillu]

If the bad guys have physical access to my consumer desktop, I'm already well and truly fucked.

[rr808]

The last few companies have all had desktops in datacenters with the local PC just a virtual terminal.

[CivBase]

You'd need physical access while it is running as the target is using it.

[hnuser123456]

When the threat model is physical security, henchmen are also a consideration.