Can anyone explain to me why TPM and especially TPM 2.0 are so important? What do i have to gain from it as a retarded pc user?
TL;DR from my sperging below: You get mild to okay anti-theft (if you put a pin on it), but (insert schizo enemy here) gets your full disk encryption key, and can identify your device even after a full wipe and disk replacement.
For example the Linux kernel had a random number generator that was genuinely extremely good and secure, but when TPMs were introduced this was discarded in favour of their random numbers
Gonna need a citation on that, urandom is still based on gathered entropy last I checked the kernel source.
/dev/hwrng
may be available, and that's TPM random.
You shouldn’t encrypt anything with a key you don’t actually know to begin with, it’s a sure path to data loss.
Current software that uses the TPM to encrypt (which is pretty much only full disk encryption) doesn't actually encrypt your disk with the TPM key. That would make key backup/recovery impossible, and the TPM is way too slow.
Instead, the TPM is used to encrypt one of the copies of the volume key (the symmetric key actually used to encrypt your data), and other copies of that key can be encrypted using other means, LUKS will encrypt it using a passphrase, Filevault encrypts it using the user's password, while BitLocker uses a recovery code.
You can easily export LUKS's master keys, but Filevault and Bitlocker don't let you do so easily, so a corrupt header means total data loss.
Full-disk encryption systems do that to let you have however many keys you want, like
multiple passwords,
use a PKCS11-compliant token as a key holder,
perform a handshake with a remote device (to assert you have access to a specific network), Multiple valid TPM configurations (so you can unlock a disk on different OSes, even though the PCRs are different), or
any amount, including all, of these at once.
The security aspect is basically pointless anyway because the weakest factor is always the human.
TPMs are built for specific security aspects in mind, which, funnily enough, mostly act
against the human.
There's 3 of them:
- Unsealed Key
- PCR-Sealed Key
- PCR + Pin Sealed Key
The first one can be used to cryptographically prove that a machine is indeed the one communicating to the server. This is used for device identity attestation.
The second one is used to protect against low-end cold boot attacks. Sealed keys can only be used to sign/encrypt/decrypt when specific PCRs are in a specific state defined at key creation.
If you change these PCRs in any way, shape, or form, the key is sealed again (or never unsealed in the first place), and cannot be accessed, thus, preventing disk unlock.
A thief trying to boot into linux to steal data/rake passwords/perform the old accessibility->cmd.exe trick wouldn't be able to access shit, neither would most bootkits.
The last one is to protect against high-end cold boot attacks, such as BIOS replacement, SMBus injection, etc...
If you see them as a Tracking device (you don't own it, so even after a full system wipe, Microsoft can still know who you are), and as an Anti-Theft device, they're
functioning as intended.
For enterprise purposes, they're pretty much a godsend. Device stolen, but it has FDE + TPM + Pin? Write it off and forget about it.
...but for the average person? they're honestly just a full disk encryption
deterrent.
Why? Microsoft has a copy of your volume key. It does it automatically after the OOBE asking you to log in.
If a retard thinks they're safe because of it, the police just asks Daddy Microsoft for your VMK, and they don't even need to ask for your password to fist you inside out.
