On Thu, 6/26/2025 6:46 AM, Ed Cryer wrote:
If MSoft can get into the TPM to do their stuff, how confident are we that whizz-kid hackers won't soon be in them too?
What are the odds of upgrading your hardware for Windows 11 rather than throwing away œ100s of recent purchase?
New mobo with acceptable CPU and TPM 2.0?
Would there be other requirements?
Ed
Using the rufus.ie USB stick installer, I have installed
Windows 11 on a 4th gen machine with no TPM.
I feel about as safe as any other computer in the room.
Any nation-state quality software bestowed upon us, gets
into the room whether we like it or not. Only your backups
stand between them and anarchy.
The history of security processors is not good. Intel has
pinned one such device off, via microcode patch. And that
was because I think there is a persistent threat for it
(gets into it, can't get it out).
TPM are either available as an Infineon chip, or as fTPM,
where a CPU security processor plus some firmware, may
operate as a proxy solution. For example, on one AMD processor,
the security processor might have been a single core ARM.
The physical TPM is relatively good. It's "flash-able" and
can be flashed from TPM 2.0 to TPM 1.4 for example. Don't do that.
The exploit for it, involves standing in the room and having
a bus analyzer handy. Not a tall ask, and that's the general
rule, that if anyone is standing in the room, your computer
is then not secure.
I've flashed my Daily Driver motherboard a couple of times,
for "security issues". It's patched as well as I think is
possible. My Asus motherboard across the way, is missing
a patch, and there will be no new BIOS files for it.
Paul
--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: A noiseless patient Spider (3:633/280.2@fidonet)