Citiraj:
Autor mamutarka
hmm sad sam enejblao TPM da bude FIRMWARE u biosu, i sad prolazi onaj check za win 11
zanima me što se još desilo sa stavljanjem TPM-a na firmware? nesam školovala
|
https://www.intel.com/content/www/us...intel-nuc.html
Trusted Platform Module (TPM 2.0) - TPM 2.0 is a microcontroller that stores keys, passwords, and digital certificates. A discrete TPM 2.0 also supports Intel® vPro™ Technology and Intel® Trusted Execution Technology (Intel® TXT).
Intel® Platform Trust Technology (Intel® PTT) - Intel® Platform Trust Technology (Intel® PTT) offers the capabilities of discrete TPM 2.0. Intel PTT is a platform functionality for credential storage and key management used by Windows 8* and Windows® 10. Intel PTT supports BitLocker* for hard drive encryption and supports all Microsoft requirements for firmware Trusted Platform Module (fTPM) 2.0.
Ja bi rekao nekakva izmišljotina jer kao sigurnost no1.
Ja sam probao onaj test da li mi je komp kompatibilan i veli da nije, ali nigdje ne piše zašto...
EDIT: Evo još bolje objašnjenje:
"fTPM" is a type of TPM that's implemented in system firmware instead of using a dedicated chip.
The TPM is a tamper-resistant "secure element" used to hold cryptographic keys (including smartcard certificates and BitLocker credentials). BitLocker mainly uses it for the system disk, since the TPM can provide passwordless unlocking while still resisting external attacks (i.e. it seals the encryption key with the current system state). Without a TPM, you would have to unlock the system disk using a password, a recovery key, or a USB stick on every reboot.
This doesn't apply so much to data disks, since Windows is already fully running once they're accessed, it can provide automatic unlocking without a TPM by simply storing the data disk's password in your Windows account. (And obviously it doesn't affect unlocking with a password.)
The most likely reasons you need to disable the (f)TPM before upgrading firmware are:
System firmware is part of the aforementioned "current system state". If you upgrade it, anything that was previously sealed against it would be unusable; e.g. if you used BitLocker with a TPM, you would need to use the recovery key. Some manufacturers insist that the TPM be manually disabled to serve as a reminder to the user that they'll need other means of unlocking the system disk.
It's relatively common practice to force all secrets to be erased before a firmware upgrade can happen, also called "insider attack resistance". Because the fTPM is part of system firmware, upgrading it can become a security risk – if the new firmware is buggy or backdoored, it may bypass the protections that were supposed to be provided; e.g. it might conveniently "forget" to check system state before releasing the keys. I don't know if "disabling" fTPM erases its contents, but if it does, it would be a very likely explanation.
Znači li ovo da je BL uvijek uključen u W11 ili i dalje kriptiramo disk po želji?