AMD's fTPM is a gratis bonus as far as I'm concerned. Bitlocker's disk encryption can be used without TPM. It's less convenient - Windows needs to read the cryptographic key from a USB flash drive at boot - but I'm willing to bet it's much easier to get used to than 3 years of glitching and stuttering.
It's not a "gratis bonus" when I specifically buy a device because I require that feature.
Besides Windows 11 requiring a TPM, which was known to be on the cards for a while now, storing the key on a USB drive is not functionally the same as the TPM. It means either the key material is stored in plaintext on the USB, which is pointless, or I still need to use a PIN. I need my computer to be able to boot without intervention, so that isn't an option.
> It's not a "gratis bonus" when I specifically buy a device because I require that feature.
I don't understand, since fTPM specifically isn't a requirement. Any TPM will work. If you had bought Intel you would have paid more for just the CPU alone, regardless of the cost of a discrete TPM.
> Besides Windows 11 requiring a TPM, which was known to be on the cards for a while now, storing the key on a USB drive is not functionally the same as the TPM. It means either the key material is stored in plaintext on the USB, which is pointless, or I still need to use a PIN. I need my computer to be able to boot without intervention, so that isn't an option.
With f/TPM and no PIN you're storing the keys in plain-text right next to the encrypted content. It's like hanging the keys to your door on the knob. This effectively cancels the point of full-disk encryption for your implied personal use. I cannot believe what I'm reading.
Why is this hard to understand? The CPU and platform is marketed as having an fTPM, but everyone's experience over the last 3 years is that it's faulty. It doesn't matter if there's an alternative solution involving buying a separate device, and it doesn't matter if you think the fTPM isn't necessary. The point is that the features they claimed to support were faulty, untested, and unfixed for many years. That's not acceptable.
Also, your description of how an fTPM works is wrong. The fTPM on AMD is provided by the AMD PSP TEE, which measures your execution environment then seals the drive encryption key. The platform garauntees that it will not unseal the drive encryption key other than to the same combination of trusted hardware and cryptographically verified software that previously sealed the key. The hardware is tamper resistent and has a relatively good track record. dTPM vs fTPM is an active debate, but so far the most practical sniff attack on the TPM only works on dTPMs, though that's partially Microsoft's fault.
If a hard drive is stolen, it is useless without the CPU. If a whole computer is stolen, the data will only be accessible to a very advanced adversary. The list of people on earth who can tamper or trace a CPU to successfully exfiltrate an fTPM key is probably a short list, and nearly all of them will be security researchers, state-level adversaries or APTs. In fact, many government and other highly secure organisations rely on the security of the TPM for disk encryption.
Analogy wise, it's more like having a bouncer guarding your door who only lets you in once he's carefully checked all your biometrics. And if you try to push past him, he blows up the house so you can't get in.
However, would I trust a TPM in isolation if I was likely to be physically raided by the CIA? Probably not.
> With f/TPM and no PIN you're storing the keys in plain-text right next to the encrypted content.
Not true. If you change the boot parameters it won't release the key. If you were to try and boot a live OS to try and extract the data without respecting ACLs or something, you wouldn't be able to access the key. You also can't actively read the key from the TPM once the system has booted.
Sure, there might be some attackers who may be able to mess with the OS post-boot to have it give up its info, but even the above-average thief off the street isn't going to be able to access my data.
