I honestly haven’t found any good reading material other then the arch wiki which indeed vaguely outlines pros and cons, and I was wondering if the only significant advantage Is that you dont have go type your password in… Which ita a big advantage if you dont mind cold boot attacks … Also automatic login Is handy if you dont mind privacy at all … What do you think?
I wouldn’t say using TPM compromises your privacy or security. It can act as an additional layer of protection where your PC boots only when your basic settings are unaltered. You can still have FDE with password and TPM if TPM sniffing is your concern.
Still, I don’t use it because I like my stuff accessible and not locked when I dual boot.
I don’t care about TPM at all on my personal systems.
Especially if you’re like me and want to be able to boot the SSD on any conputer in case of failure.
TPM is not only used by the system encryption. But no i do not use it for it. Not because of privacy, cause of security reasons.
Together with secure boot and your own signing keys, it could be a good way to en/decrypt the a dm-verity secured read-only rootfs. But for the home partition I would probably still want to enter my own decryption key, maybe via systemd-homed. From there you can update the kernel/initramfs and read-only rootfs image and sign them for the next boot.
This is complicated to set up. Otherwise maybe use TPM as a 2FA, so you still have to enter a pin?
Anti-libre hardware
Would like to, but never figured out how to get the TPM 1.2 chip in my X230 to work with cryptsetup. Everything seems to be written for TPM 2.0 only.
