alt Hacker NewsA physical TPM with their overall high-quality software support would be awesome.
I've spent far too much time messing around trying to get TPMs working over SPI or I2C to meet security requirements with 4Bs and 5s over the years.
A physical TPM with their overall high-quality software support would be awesome.
I've spent far too much time messing around trying to get TPMs working over SPI or I2C to meet security requirements with 4Bs and 5s over the years.
You do know those are trivially bypassed with a signal processor, right? If physical access is outside your threat model, that's OK, but it makes (for example) the forced Win11 upgrade for DRM^H^H^H boot integrity enforcement seem ridiculous.
https://pulsesecurity.co.nz/articles/TPM-sniffing