Unlike many Linux users, I really liked the idea of the TPM. So long as I fully control the keys, integration with a security chip to authenticate my system would be a nice bonus and represents a natural extension to secure boot. We already take this approach in principle with smartphones.
On the other hand, it’s becoming a lot harder to actually own your devices and run code of your own choosing on smartphones. It’s a tool that so far has generally been used to serve the interests of the vendor over the user.
Unlike many Linux users, I really liked the idea of the TPM. So long as I fully control the keys, integration with a security chip to authenticate my system would be a nice bonus and represents a natural extension to secure boot. We already take this approach in principle with smartphones.
On the other hand, it’s becoming a lot harder to actually own your devices and run code of your own choosing on smartphones. It’s a tool that so far has generally been used to serve the interests of the vendor over the user.
It would be a fine system if the keys were stored on the encrypted volume that the TPM decrypts