Andy Ful

Level 63
Verified
Trusted
Content Creator
...
@Andy Ful Do you think Silicon of Trust is valid these days? I have disabled mine Intel TPM. I'd rather use discrete XTS security chip or none at all!
The well known TPM-FAIL vulnerability was patched by Intel, so it should be OK now.
I do not think that it is bulletproof, but it is improbable to encounter the malware in the wild which could exploit TPM (except rare targetted attacks).
 

plat1098

Level 21
Verified
For some, the Trusted Platform Module is sold separately from the mainboard. It's pretty cheap for me: 13 USD or so but it's inconvenient to order, wait and then try to install and provision it. So it was a toss-up whether to bother with it. If/when any exploit of it becomes more visible in the wild, I'll spring for one.

I'd posted questions about the TPM on another forum but got very little info on it from other users. This info is more like it, Andy Ful! Should have posted here instead. :rolleyes::whistle::coffee:🍇
 

Vasudev

Level 30
Verified
The well known TPM-FAIL vulnerability was patched by Intel, so it should be OK now.
I do not think that it is bulletproof, but it is improbable to encounter the malware in the wild which could exploit TPM (except rare targetted attacks).
On Linux TPM was causing longer boot times 3-10 minutes on NVMe/SATA SSDs and black screens. Tried updating MEI FW and BIOS to latest available. Earlier, TPM always needed re-keying after rebooting. Disabling it brought me a sense of relief that I won't be stuck at grub2-efi with blank screen w/o backlight.
 
  • Like
Reactions: Andy Ful
Top