alt Hacker NewsTL;DR: Significant u-turn by tailscale.
Previously with Tailscale 1.90.2 or later node state storage encrypted by default on all supported platforms.
As of yesterday, per changelog, state file encryption and hardware attestation keys are no longer enabled by default.
This effectively rolls back history to pre 1.90.2 and you will now have to enable it manually like you did during the public beta period (>= 1.86) of this short-lived new feature.
Replies
TPM is really badly implemented. When you upgrade your firmware, OS, everything can go south.
Just upgrading your firmware with bitlocker enabled can brick your PC.
From what I can deduce from the release notes and the linked documentation, it can still be enabled?
And it relates to Windows and Linux only, and using the TPM.
My guess is that unreliable TPMs made it risky to have this enabled by default.
Not sure if its a "significant" u-turn, when its a relatively new feature. Its only been out for a few months, and seems to be getting rolled back because it was breaking things.
Its annoying that a security benefit is being turned off, but it can be turned back on if you are confident it will not break your setup.