While i am personally also not a huge fan of TPM for FDE it is still a valid use. Why? In order to access data on the disk you would still need to bypass the login screen which is non trivial.
Also another use case is encrypting the drive so when you sell it or dispose of it you do not need to worry about wiping it at least once to get rid of all data.
TPM has its weaknesses but pls don’t talk down to someone who wants to use it when you do not understand his use case.
It should stop issues with full device theft as well, if done correctly, because if secure boot isn’t on and working, it will refuse to give the key. Which means, if it was setup correctly, the computer cannot be accessed without know the users name and password. This is the general accepted stack for Microsoft’s BitLocker. It becomes completely transparent to the user, but puts a decent blocker to access in cases of theft. There are ways around it like freezing RAM or packet sniffing an external TPM, but those are high level attacks.
If the TPM is not integrated in the CPU and rather a separate Chip on the MB, the communication can be easily sniffed since it’s not encrypted. See here https://youtu.be/wTl4vEednkQ?si=26A0NK-cVtP3uKgk
Shown how cheap it is i would not say it is high level.
While i am personally also not a huge fan of TPM for FDE it is still a valid use. Why? In order to access data on the disk you would still need to bypass the login screen which is non trivial. Also another use case is encrypting the drive so when you sell it or dispose of it you do not need to worry about wiping it at least once to get rid of all data.
TPM has its weaknesses but pls don’t talk down to someone who wants to use it when you do not understand his use case.
It should stop issues with full device theft as well, if done correctly, because if secure boot isn’t on and working, it will refuse to give the key. Which means, if it was setup correctly, the computer cannot be accessed without know the users name and password. This is the general accepted stack for Microsoft’s BitLocker. It becomes completely transparent to the user, but puts a decent blocker to access in cases of theft. There are ways around it like freezing RAM or packet sniffing an external TPM, but those are high level attacks.
If the TPM is not integrated in the CPU and rather a separate Chip on the MB, the communication can be easily sniffed since it’s not encrypted. See here https://youtu.be/wTl4vEednkQ?si=26A0NK-cVtP3uKgk
Shown how cheap it is i would not say it is high level.
Removed by mod
Thx for your answer tho. I liked reading it.