Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I thought that specific implementations had issues in the past but that the concept of a TPM in general was fine?

The Intel ME and AMD PSP, on the other hand, are proper nightmares. For that matter, so is any other "security co-processor" that operates as an unauditable black box below ring 0 (presumably this applies to both Apple's and Google's solutions).



Problem of a TPM is that it’s not an integrated chip, you can easily intercept messages going to and coming from the TPM


Discrete TPMs have been going out of fashion, fTPM (firmware tpm, i.e. soft TPM located in ME/PSP) has been standard for a few years now.


Yeah I've read the fTPM paper that made use of SGX, but it sounded like it had some limitation (needed fuses to prevent rollbacks, etc.)

From the article it also looks like Pluton will implement the TPM API, but I guess that's just to remain compatible.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: