Originally posted by sandy8925
View Post
Announcement
Collapse
No announcement yet.
Intel Open-Sources New TPM2 Software Stack
Collapse
X
-
Last edited by starshipeleven; 03 September 2018, 03:43 AM.
-
Originally posted by sandy8925 View Post
The problem is that the TPM hardware chip contains closed-source firmware, and is essentially a mini-computer. We don't know what it can access and what it's doing. All we know is that we can securely store and retrieve keys - but no way of knowing if it's actually secure, and whether or not there are backdoors.
It stores numbers securely, and either the BIOS or the OS (face/thumb print recognition etc..) can query these numbers given certain conditions. Secure key storage is a pretty old problem, If Atmel's TPM is insecure or has a backdoor, you can switch to others (giving Atmel enough reason to not do those things). These are basically the same guarantees you have with any peripheral connected to any I/O port on your computer. It's up to you if you want to store certain keys or not in a TPM, but I would say in most circumstances, it can make for an additional layer of security, that's just as importantly practical enough to use for the average user. I think they should be more widespread because of this.
Leave a comment:
-
Originally posted by Slithery View PostDoes anyone know if there are any other hardware providers?
Leave a comment:
-
Originally posted by sandy8925 View PostThe problem is that the TPM hardware chip contains closed-source firmware, and is essentially a mini-computer. We don't know what it can access and what it's doing. All we know is that we can securely store and retrieve keys - but no way of knowing if it's actually secure, and whether or not there are backdoors.
Leave a comment:
-
Originally posted by dwagner View Post"Used for full disk encryption" only by people who earnestly believe that their few-cents-TPM chip could encrypt/decrypt data at the I/O rate of modern NVMe storage. Less misguided people know that the CPU will need to know the symmetric encryption key basically all the time while the system is running, so it isn't any safer when it is also stored in the TPM
- Likes 1
Leave a comment:
-
Originally posted by tildearrow View PostI feel like asking. When they say "trusted", do they mean "trusted by Intel", or " trusted by the user"? Because if it's the former, then it is a misnomer...
Leave a comment:
-
Originally posted by nh2_ View PostI think the idea is that the TPM stores they keys for full-disk encryption, and hands them to the CPU only if trusted software is running.
Leave a comment:
Leave a comment: