On Tue, Dec 21, Martin Wilck wrote:
Call me naïve: IMHO the likelihood of a device being stolen or lost, and private content leaking to a 3rd party more or less accidentally that way, are higher than of a device being actively tampered with, which assumes a concrete malicious intent against the owner of the device.
If you look at this from an end user use case traveling with his notebook: I would use a fido2 usb stick to encrypt the harddisk, not TPM2. If you look at this from a company view of point having many Edge devices out there, the chance that someboy is actively tampering with your Edge devices to e.g. steal your data is much, much higher. The work on this started because there are many requests to protect systems much better against attacts on Edge devices, but are in general usefull. Maybe not for everybody using a TPM device, but a fido2 stick instead, but in the end most of the stack is in both cases identical. If I would travel with my notebook and want to protect my personal data in the case my notebook get lost or stolen, I would not use the TPM solution but the fido2 stick. Thorsten -- Thorsten Kukuk, Distinguished Engineer, Senior Architect SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany Managing Director: Ivo Totev (HRB 36809, AG Nürnberg)