• ArcticAmphibian@lemmus.org
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      7
      ·
      1 year ago

      But with a reason, I’m sure. There’s no reason for the everyday consumer to need one, other than Microsoft wanting more control.

      • Solar Bear@slrpnk.net
        link
        fedilink
        English
        arrow-up
        12
        arrow-down
        1
        ·
        1 year ago

        Data encryption and decryption without entering a password is a pretty darn good reason.

        • ArcticAmphibian@lemmus.org
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          8
          ·
          1 year ago

          Sure, but does a grandmother’s Solitaire & Facebook PC really need quick encrypting and decrypting? Anyone not dealing with sensitive info doesn’t need one.

            • JuxtaposedJaguar
              link
              fedilink
              arrow-up
              4
              arrow-down
              2
              ·
              1 year ago

              How would at-rest encryption make it less likely that your computer joins a botnet, or more likely that you’d notice if it did?

          • Solar Bear@slrpnk.net
            link
            fedilink
            English
            arrow-up
            9
            arrow-down
            1
            ·
            1 year ago

            There’s no downside to having it. There’s many downsides to not having it. This seems pretty cut and dry to me.

            • argv_minus_one@beehaw.org
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              2
              ·
              edit-2
              1 year ago

              There’s no downside to having it.

              Sure there are. If it gets compromised with malicious code, I have no way of removing it.

              I can protect ring 0. I can keep crap out of ring 0. If all else fails, I can nuke everything in ring 0 and boot a fresh OS installation. But I can’t do a single bleeping thing except throw out the whole machine if malware takes over ring -1.

              • Solar Bear@slrpnk.net
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                This is already the case with your motherboard firmware, which fTPM is a part of. You are correct in that you have no real way to handle malware in it except throw it away. This doesn’t change in any way if you get rid of TPM.

      • kingthrillgore@kbin.social
        link
        fedilink
        arrow-up
        10
        ·
        1 year ago

        TPM actually provides some useful components to isolate encryption outside of Ring 0, which is a trust win. But any technology must be weighted against its power to oppress.

        • argv_minus_one@beehaw.org
          link
          fedilink
          arrow-up
          1
          arrow-down
          2
          ·
          edit-2
          1 year ago

          And its power to make the system less secure. Isolating things outside ring 0 means malware can isolate itself outside ring 0 as well, and then it’s impossible to detect or remove without throwing out the entire machine.

          Which is much, much scarier than anything an ordinary rootkit might do.

      • vrighter@discuss.tchncs.de
        link
        fedilink
        arrow-up
        6
        ·
        1 year ago

        yes, the reason is to securely store cryptographic keys. even your own. It comes preloaded with microsoft ones usually, but you’re free to delete them and install your own

      • knight@lemmy.zip
        link
        fedilink
        arrow-up
        4
        arrow-down
        2
        ·
        1 year ago

        It’s the way everything is moving. Hardware protected keys can be very useful but it’s a double edged sword. It’s more secure but also allows companies to lock consumers out.

        We need rules that say when this tech is used the consumer still gets full control over it. Like what Google does with their Pixel phones and the Titan chip. Not what Apple does.

        • ReversalHatchery@beehaw.org
          link
          fedilink
          arrow-up
          7
          arrow-down
          2
          ·
          1 year ago

          Like what google does? You mean disallowing people who use a privacy respecting android rom from using their banking apps and such? Soon very possibly banking websites included?

        • argv_minus_one@beehaw.org
          link
          fedilink
          arrow-up
          2
          arrow-down
          2
          ·
          edit-2
          1 year ago

          It’s only more secure until someone discovers yet another RCE bug in the firmware, and then you’ve got malware in your machine that’s impossible to detect or remove.

          Because it’s secure.

          Against you.

        • Hexarei@programming.dev
          link
          fedilink
          arrow-up
          3
          ·
          1 year ago

          I’m sure you’ll be ok sending me your social security number, home address, bank login details, credit card number, a copy of all the files on your hard drive…

          I mean, you deserve no privacy right?