zlacker

[parent] [thread] 2 comments
1. kevinc+(OP)[view] [source] 2023-07-19 17:47:17
You are the one being naive. This will be a cryptographically signed stack from the TPM, to the bootloader to the OS to the browser. If you flip a single bit away from the "approved" that signature will fail.
replies(1): >>chii+aAd
2. chii+aAd[view] [source] 2023-07-24 02:51:51
>>kevinc+(OP)
This is why TPM should never have been allowed. It's a way for control to be removed from the user, even tho they wholly own the physical machine!
replies(1): >>kevinc+1me
◧◩
3. kevinc+1me[view] [source] [discussion] 2023-07-24 10:27:17
>>chii+aAd
I'm not sure about this. TPMs can provide valuable features such as non-bruteforcable disk encryption and other secret management and secure boot can be valuable protection for your devices. The real problem here is that this is allowing a third-party to verify what software you are running. Doing these things on my device by my choice is one thing. Having another party require that I am using a specific unmodified software stack is another.
[go to top]