> On July 6, 2021 at 1:34 AM "Stephen J. Turnbull" <stephen@xxxxxxxxxx> wrote: > > > Tim writes: > > > I reckon the default thought of most people who're suddenly faced with > > a computer failing a security test is not going to be that something > > has changed on them without authority, but that something has gone > > wrong. They're going to try and reset something, rather than work out > > if they've been compromised. > > Indeed. Pragmatically speaking, I don't think they're wrong, do you? > > Patrick writes: > > > I think much depends on what the TPM is used for. Certainly if the > > user takes care not to subvert the intention, it can reasonably be > > used to ensure that only trusted software is run. > > "Pragmatically speaking ..." ;-) Seriously, I think TPM mostly makes > sense with VMs. People who write programs are generally going to be > very unhappy with the amount of kissing up to the TPM they have to do. > Like, on Mac every time LLVM releases a new version of the debugger I > have to go through the self-signing dance. So far I have been > satisfied with the results every time (there really are new features > or performance improvements), but it's infrequent enough that I have > no memory of the procedure, let alone muscle memory. > > > OTOH, I think one application of TPM (at least when originally > > proposed) was to prevent the user from bypassing DRM, in which case > > the trust goes in the other direction and the situation is > > different. > > Yeah, there was a *lot* of angst about potential DRM applications at > the time. I'm willing to bet it's possible to distinguish a hardware > TPM from a software TPM for that application, though. I didn't look > hard enough to see if the Xen folk had proposed a protocol to get a > token from the hardware TPM to vouch for a VM in that case. > > Steve >From the mail, it appears that a software TPM should solve the problem on older computers, but it occurs to me that you might not be permitted to install the software unless a TPM is found. So, for those who have already tried version 11, has any one of you tried installing on an older laptop, and then adding a software TPM, or is this impossible? --doug _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure