• argv_minus_one@beehaw.org
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    2
    ·
    1 year ago

    There’s no downside to having it.

    Sure there are. If it gets compromised with malicious code, I have no way of removing it.

    I can protect ring 0. I can keep crap out of ring 0. If all else fails, I can nuke everything in ring 0 and start over. But I can’t do a single bleeping thing except throw out the whole machine if malware takes over ring -1.

    • Solar Bear@slrpnk.net
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      This is already the case with your motherboard firmware, which fTPM is a part of. You are correct in that you have no real way to handle malware in it except throw it away. This doesn’t change in any way if you get rid of TPM.