On Sat, Nov 29, 2014 at 2:53 PM, Mick <michaelkintz...@gmail.com> wrote: > I'm looking to buy a new PC and while looking at FM2+ MoBos I saw ASUS offers > one with a TPM feature. It also sells it as a separate component it seems:
I can't get that page to load, but I can't imagine that you could find a motherboard that DIDN'T have a TPM that has been made anytime in the last decade. It doesn't tend to get a lot of use in the Linux world, though the Chromebook would be a BIG exception there. In the corporate windows world it gets very heavy use for full-disk encryption, and I think Win7 supports this out of the box (though big companies tend to use 3rd party software). Main uses for TPM include remote attestation, full-disk encryption (without the need to type a boot password), and secure credential storage only accessible via a trusted code path. The Linux kernel has support for TPM, but if you want to use many of the trusted boot features you need a bootloader that supports TPM. The main downside with TPM with something like Gentoo is that if you aren't careful you can make your keys inaccessible. I'd keep a copy of the keys somewhere safe if you plan to use it for something like full-disk encryption (and/or do regular backups). Otherwise if you incorrectly update grub you might find your drive completely inaccessible (if you're using a trusted boot path then you need to update the TPM when you update your boot path or the chip will no longer trust your grub/kernel/etc). The upside is that if you do it right you retain full control over the encryption and your system will be VERY hard to break into (without inside access - it is quite possible folks like the NSA have a backdoor, but you'll be very safe from more ordinary threats). -- Rich
