Talk:Trusted Platform Module

From Gentoo Wiki
Jump to:navigation Jump to:search

Firmware TPMs (fTPMs)

Talk status
This discussion is done.

Maybe you want explain also: Firmware TPMs (fTPMs) are firmware-based solutions that run in a CPU's trusted execution environment. Intel, AMD and Qualcomm have implemented firmware TPMs [1]

Intel call it Platform Trust Technology (PTT) and it is also a firmware-based Trusted Platform Module (TPM).

So maybe some user dont need a hardware modul and can try your solution also.

(I could be wrong as always; then delete this please)

pietinger 00:40, 7 April 2022 (UTC)

I was not aware of this, I will look into it before I move this article to main section, and add a section to mention this. Thanks for the info MrRoy3 (talk) 22:47, 6 April 2022 (UTC)
Turns out I was actually using fTPM myself on my system. I worked the page description to make it more generic, so it applies to all TPMs. MrRoy3 (talk) 02:25, 7 April 2022 (UTC)
Great Work ! ... but maybe you are interested in these articles: https://twitter.com/SecurityJon/status/1445020890555691012 and https://arstechnica.com/gadgets/2021/08/how-to-go-from-stolen-pc-to-network-intrusion-in-30-minutes/ (I am paranoid for security and IMHO the only working solution for a (real) FDE is working with a bootable USB-stick (containing kernel + key) I have described here: https://forums.gentoo.org/viewtopic-t-1110764-highlight-.html This solution doesnt even need SecureBoot and you have really ALL files encrypted). pietinger 13:40, 7 April 2022 (UTC)
Thank you ! I realize TPM isn't perfect, although I believe these exploits were fixed in version 2.0. I think they may be impossible to do on firmware TPMs? Anyway, if your threat model calls for thinking about the TPM itself being exploited, then I agree that this may not be appropriate, in my case though it's fine :) I like your solution, though, with a USB stick as some kind of "2-factor" for logging it. MrRoy3 (talk) 12:20, 7 April 2022 (UTC)