The same progress is with disk encryption using #TrustedPlatformModule.
Now it's just systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+2+7 /dev/nvme0n1p2
6 years ago I needed to deploy disk keyfile, then manually seal it to TPM, and setp up initramfs to work with the sealed key.
Windows 11 23H2 bug causes “end of service”, “get the newer version of Windows” alerts
https://www.windowslatest.com/2024/11/13/windows-11-23h2-bug-causes-reached-the-end-of-service-get-the-newer-version-alerts/
"Get the newer version of Windows to stay up to date. Your version of Windows has reached the end of service."
Have you been getting that message and wondering what it's about? Have you seen the update notification dot but then there's nothing new on the "Windows Update" screen? Yeah, you and possibly millions of other people.
I think this happens if you're running Windows 11 on a PC without TPM. Some computers are more than 4-5 years old and don't have this option, and some people choose not to switch on TPM because they don't want it used against them for DRM or other malfeatures at a BIOS/UEFI level.
#Microsoft #Windows #MicrosoftWindows #Windows11 #Windows1123H2 #TPM #TrustedPlatformModule
Öfter mal was neues. Ist wohl doch nicht so "#trusted" das #TrustedPlatformModule.
Besonders #tückisch, wenn Geräte schon vor dem #Verkauf #kompromittiert sind.
#uefischadcode #bootmalware #intel #tpm
PCs mit Intel-Prozessoren: UEFI-Sicherheitslücke lässt Schadcode passieren | heise online
https://www.heise.de/news/PCs-mit-Intel-Prozessoren-UEFI-Sicherheitsluecke-laesst-Schadcode-passieren-9773023.html
A Trusted Platform Module (TPM) chip is a crucial hardware-based security component that safeguards sensitive data and cryptographic keys in computer systems. It operates in conjunction with the system's firmware and operating system, providing enhanced security even in compromised scenarios.
| heise online https://www.heise.de/news/FOSDEM-24-TPM-2-Chip-als-Datentresor-unter-Linux-9618042.html #FOSDEM24 #FOSDEM2024 #TrustedPlatformModuleAs far as this #TrustedPlatformModule was concerned, you're the enemy. The "trust" in trusted computing is about *other people* being able to trust your *computer*, even if they don''t trust *you*.
So that TPM does all kinds of tricks. It can observe and produce a cryptographically signed manifest of your computer's entire boot-chain, meant to be an unforgeable certificate attesting to which kind of computer you were running and what software you were running on it.
8/
The second CPU would be a #TrustedPlatformModule, a brute-simple system-on-a-chip designed to be off-limits to modification, even by its owner (that is, you).
The #TPM would ship with a limited suite of simple programs it could run, each thoroughly audited for bugs, as well as secret cryptographic signing keys that you were not permitted to extract.
26/
Štěpán Škorpil
OSTechNix
Misinformation-Superhighwayman
skotperez
aproitz
GTech Booster
Marcel SIneM(S)US
Cory Doctorow
Uppsala Linux User Group