Originally Posted by
Konrad
Airbozo - "you can never remove [an activated TPM module] or the motherboard will not work" ?
Does this mean the entire motherboard gets locked out and is rendered useless for normal unsecured operation, or just that the special security (and secured data) is impossible to recover without a replacement TPM?
From my testing and information from others, if you setup a motherboard using TPM, you cannot at a later date disable the TPM and expect the motherboard to work. There are ways around this, but I think it involves removing a chip on the board and replacing it with a new one. This was a couple of years ago, so there may be another method. Still, the keys are lost, but the motherboard itself will be useable again. This was originally done so that if some one using a TPM had their system stolen, physically removing the TPM and disabling it in the BIOS would not allow access to the system and hence the data.
And yeah, my primary interest is to put a heftier hardware padlock onto my BitLocker (or whatever crypto), for litecoin vault and such stuff, keep it secret keep it safe lol. So long as I still have a way to recover encrypted offsite backups in the event my main unit is stolen/broken/etc (even if that means I must go purchase another - identical? - TPM and mobo combo). Keeping my trusty certs and secure https sessions and sundry password lists under lock seems to be a common add-on feature, not an unwelcome one, but I can as easily continue to do without the frilly bells & whistles.
Seeing those professional PCIe crypto cards, server-grade crypto blades, and complete $15,000+ dedicated crypto racks really helps put the power and value of my $20 little TPM part into better perspective. I think I sense a bit of dismissive disdain from experts about the merits of these tiny TPMs in the big bad scary world of real data security, lol, and I think that says a lot as well.
LOL! I agree. That Luna PCIe card is NOT cheap and in order to become a vendor, certain folks in the company had to have a pretty thorough back ground check. Nothing like I went through in the Navy, but still invasive just to sell the card to a customer. We almost just asked them to buy it themselves and we would integrate it into their systems.
Still, it's cheap and can't really hurt, yes? I might as well just keep pestering Asus until they cough a TPM part up from their inventory pits. I do actually like how the black PCB would match my mobo, lol, and it seems that TPM parts in this category are more or less interchangeable in how much (or how little) added security value they might provide.
It cannot hurt and IMO is worth more than the $20 spent, just in peace of mind. I am looking into the same thing for my home server setup, but since I am running that server in a VM, I am out off luck right now unless I move the data to another, smaller server. We are an ASUS partner and if you like I can "nudge" them to see if we can get one for you.
Encryption software obviously has a real-time performance hit, if you run crypto then there's just no way around it. Would adding a dedicated hardware TPM component have any significant impact, positive or negative, on crypto speed/load performance in practice? I gots some games which would run pretty sweet on my miner, too, lol.