On Sun, Mar 29, 2015 at 03:30:07PM -0400, Rich Freeman wrote > With TPM, full-disk encryption, and a verified boot path, you could > actually protect against that scenario (they'd have to tear apart the > TPM chip and try to access the non-volatile storage directly, and the > chips are specifically designed to defeat this). Secure boot would > not hurt either (with your own keys). Of course, they could still try > to hack in via USB/PCI/etc, or plant keyloggers and such. I'm not > suggesting physical security isn't important. It just isn't a good > reason to completely neglect console security.
Be careful what you wish for. I have my doubts that TPM chips would boot linux with Microsoft offering "volume discounts" to OEMS. Call me cynical. -- Walter Dnes <waltd...@waltdnes.org> I don't run "desktop environments"; I run useful applications
