- https://news.ycombinator.com/item?id=37435450
- https://learn.omacom.io/2/the-omarchy-manual/50/getting-started?search=tpm#getting-started (see advice on tpm)
- NSA encourages we use it https://media.defense.gov/2024/Nov/06/2003579882/-1/-1/0/CSI-TPM-USE-CASES.PDF
But, TPMs have real use cases: - It theoretically prevents kernel level exploits extracting secrets.
- Projects like Qubes suggest using it to prevent evil maid attacks: https://doc.qubes-os.org/en/latest/user/hardware/system-requirements.html#recommended
BUT...
- It provides a weak level of device attestation from the manufacturer: https://blog.cloudflare.com/anchoring-trust-a-hardware-secure-boot-story/#uefi-attacks
- That cloudflare article suggests using AMD PSP which is equivalent to Intel ME that the NSA is know to request the disabling of https://stateofsurveillance.org/articles/technical/intel-management-engine-deep-dive/
So it seems like to really trust your hardware, you must depend on the vendor. For the vendor to send you the hardware, the hardware could be tampered with, so making it tamper resistant and using a burned in read-only cryptographic signature from the manufacturer. The fips 140 level 4 ibm processor is the closest equivalent I can find:
- https://www.ibm.com/docs/en/cryptocards?topic=4770-overview#ibm_4770_overview__title__7
- Then to trust the vendor, using an open source design with minimal attack surface is really the only option. Something like https://lowrisc.github.io/sonata-system/ based on https://opentitan.org/ and https://github.com/lowRISC/ibex seems to be the closest I can find.
Any thoughts on how to trust your hardware? I'm out of ideas...