More worthless than it already was? Impossible.

TPM and BitLocker already was pointless. I've said before if you want full disk encryption use good 3rs party software, not MS

After all, this is a very niche feature...

Ursprünglich geschrieben von Bad 💀 Motha:

TPM and BitLocker already was pointless. I've said before if you want full disk encryption use good 3rs party software, not MS

Do you have any technical explanation? Ubuntu now supports TPM based LUKS disk encryption.

The point behind the video is that the Secure Boot database on many manufacturers appears to have been compromised with keys intended only for testing. This will require a firmware update to fix.

Ursprünglich geschrieben von Crashed:

Ursprünglich geschrieben von Bad 💀 Motha:

TPM and BitLocker already was pointless. I've said before if you want full disk encryption use good 3rs party software, not MS

Do you have any technical explanation? Ubuntu now supports TPM based LUKS disk encryption.

The point behind the video is that the Secure Boot database on many manufacturers appears to have been compromised with keys intended only for testing. This will require a firmware update to fix.

Ok but that's not MS crap.

Like I said, use 3rd party.

If a Linux Distro offers it as a built-in option, that's great.

What I mostly meant about useless and/or dumb is this "NEED" or requirement to have TPM + SecureBoot. While I agree every Desktop and Laptop Motherboard should have it as part of built in features. It should be optional and never enabled by default. The higher ups in this industry do not need to attempt to dictate that we ALL need to have it, just because they want to push something; agenda or otherwise.

Ursprünglich geschrieben von BlackBloodRum:

Things like this make me glad I clear the default keys, roll my own keys and self sign. Avoiding this whole issue. (Along with enabling a uefi password, so you can't just bypass secure boot by disabling it in the uefi)

Pretty sure that does not help in the way you are thinking though. TPM + SecureBoot is rather meaningless unless disk encryption is actually used. And if it was used, let's say by you, then I can't get around that if I stole your PC simply by entering the BIOS and disable TPM + SecureBoot because your OS Drive was already encrypted.

Ursprünglich geschrieben von Bad 💀 Motha:

Ursprünglich geschrieben von Crashed:

Do you have any technical explanation? Ubuntu now supports TPM based LUKS disk encryption.

The point behind the video is that the Secure Boot database on many manufacturers appears to have been compromised with keys intended only for testing. This will require a firmware update to fix.

Ok but that's not MS crap.

Like I said, use 3rd party.

If a Linux Distro offers it as a built-in option, that's great.

What I mostly meant about useless and/or dumb is this "NEED" or requirement to have TPM + SecureBoot. While I agree every Desktop and Laptop Motherboard should have it as part of built in features. It should be optional and never enabled by default. The higher ups in this industry do not need to attempt to dictate that we ALL need to have it, just because they want to push something; agenda or otherwise.

Ubuntu is also Secure Boot signed for the default keys. Only thing I use regularly that doesn't support Secure Boot is MemTest86+. And it's only recently that even supports UEFI.

Hmm ok... never use a default key. Make it generate a new one for you.

Yes if needed you can always go and disable SecureBoot so you have access to Bootable USB Tech Tools stuff. Then reboot and re-enable so you can boot off your OS Drive properly.

I mean who uses these default keys
It would be like letting MS or Google set a universal 4 digit code for all email password logins

Since this is a security issue with Motherboards could brands and OEMs just offer up BIOS firmware updates so there is no default key? So a new one must one generated upon using any actual Disk Encryption?

Ursprünglich geschrieben von Bad 💀 Motha:

I mean who uses these default keys
It would be like letting MS or Google set a universal 4 digit code for all email password logins

All your HTTPS websites run off a set of "default" keys. But then, there is an organization dedicated to managing the validity of those keys.