Comment by einpoklum
3 months ago
> The point of TPM is supposed to be that it makes "yoink the laptop" attacks unviable even for state-level actors
On the contrary. TPM _is_ an attack in itself. Its result is that control lies not with you as the user but with whoever provided you with the TPM - relative to all software which uses the TPM. And if you can't avoid that kind of software, then the HW providers and the software providers have conspired against you to control your own hardware.
I'm specifically referring to TPM and/or SEP as a key escrow. No other commonly available hardware provides equivalent functionality. No point in going off topic on a philosophical/sociopolitical angle.