| Rich Freeman via plug on 22 Jan 2022 08:07:59 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] chip |
On Sat, Jan 22, 2022 at 10:07 AM Ronaldo Nascimento via plug <plug@lists.phillylinux.org> wrote: > > > What about the https://frame.work/laptop > > > They just released the firmware as open source. > > https://github.com/FrameworkComputer/EmbeddedController Interesting. While it isn't clearly advertised it does contain TPM 2.0, and you can find the associated code in the firmware. I'm not sure whose TPM chip they use (I'm sure it is buried in the source code somewhere). You could probably modify the firmware if even needed to support a secure platform. That said, the simplest way to do a secure platform is to use full disk encryption and tie the encryption keys to the boot path in the TPM, which basically works on any system that supports TPM from the last decade or so. That won't prevent the CPU from booting a different firmware or OS, but it will prevent such an OS from reading the contents of the hard drive. Basically to tamper with the device they'd have to wipe the hard drive and install their own OS, and I'd assume you'd probably notice when none of your files or configuration are present. I've heard lots of nice things about the laptop in general - not sure how it compares cost/performance wise to alternatives, but it is repairable. If somebody is looking to escape from TPM though I doubt that there are many options for that out there. -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug