I honestly haven’t found any good reading material other then the arch wiki which indeed vaguely outlines pros and cons, and I was wondering if the only significant advantage Is that you dont have go type your password in… Which ita a big advantage if you dont mind cold boot attacks … Also automatic login Is handy if you dont mind privacy at all … What do you think?

  • ShortN0te
    link
    fedilink
    arrow-up
    3
    arrow-down
    1
    ·
    22 days ago

    Extracting the key from a TPM is actually trivial but immense time consuming.

    Basically this with probably more modern chips and therefore even smaller cells. https://youtu.be/lhbSD1Jba0Q

    Also sniffing is a thing since the communication between CPU und TPM is not encrypted.

    • Tobias Hunger@programming.dev
      link
      fedilink
      arrow-up
      1
      ·
      21 days ago

      Yes, I should not have said “impossible”: nothing is ever impossible to breach. All you can donis to make a breach more expensive to accomplish.

      Those separate tpm chips are getting rare… most of the time they are build into the CPU (or firmware) nowadays. That makes sniffing harder, but probably opens other attack vectors.

      Anyway: Using a TPM chip makes it more expensive to extract your keys than not using such a chip. So yoj win by using one.