1. Forum
  2. Usenet
  3. ALT.COMP.OS.WINDOWS-10

  • TPM and VBS

    From Ed Cryer@21:1/5 to All on Thu Jun 26 11:46:27 2025
    SWYgTVNvZnQgY2FuIGdldCBpbnRvIHRoZSBUUE0gdG8gZG8gdGhlaXIgc3R1ZmYsIGhvdyBj b25maWRlbnQgYXJlIHdlIA0KdGhhdCB3aGl6ei1raWQgaGFja2VycyB3b24ndCBzb29uIGJl IGluIHRoZW0gdG9vPw0KDQpXaGF0IGFyZSB0aGUgb2RkcyBvZiB1cGdyYWRpbmcgeW91ciBo YXJkd2FyZSBmb3IgV2luZG93cyAxMSByYXRoZXIgdGhhbiANCnRocm93aW5nIGF3YXkgwqMx MDBzIG9mIHJlY2VudCBwdXJjaGFzZT8NCk5ldyBtb2JvIHdpdGggYWNjZXB0YWJsZSBDUFUg YW5kIFRQTSAyLjA/DQpXb3VsZCB0aGVyZSBiZSBvdGhlciByZXF1aXJlbWVudHM/DQoNCkVk
    DQo=

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Paul@21:1/5 to Ed Cryer on Thu Jun 26 11:48:09 2025
    On Thu, 6/26/2025 6:46 AM, Ed Cryer wrote:
    If MSoft can get into the TPM to do their stuff, how confident are we that whizz-kid hackers won't soon be in them too?

    What are the odds of upgrading your hardware for Windows 11 rather than throwing away £100s of recent purchase?
    New mobo with acceptable CPU and TPM 2.0?
    Would there be other requirements?

    Ed

    Using the rufus.ie USB stick installer, I have installed
    Windows 11 on a 4th gen machine with no TPM.

    I feel about as safe as any other computer in the room.

    Any nation-state quality software bestowed upon us, gets
    into the room whether we like it or not. Only your backups
    stand between them and anarchy.

    The history of security processors is not good. Intel has
    pinned one such device off, via microcode patch. And that
    was because I think there is a persistent threat for it
    (gets into it, can't get it out).

    TPM are either available as an Infineon chip, or as fTPM,
    where a CPU security processor plus some firmware, may
    operate as a proxy solution. For example, on one AMD processor,
    the security processor might have been a single core ARM.

    The physical TPM is relatively good. It's "flash-able" and
    can be flashed from TPM 2.0 to TPM 1.4 for example. Don't do that.
    The exploit for it, involves standing in the room and having
    a bus analyzer handy. Not a tall ask, and that's the general
    rule, that if anyone is standing in the room, your computer
    is then not secure.

    I've flashed my Daily Driver motherboard a couple of times,
    for "security issues". It's patched as well as I think is
    possible. My Asus motherboard across the way, is missing
    a patch, and there will be no new BIOS files for it.

    Paul

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Ed Cryer@21:1/5 to All on Thu Jun 26 17:57:26 2025
    UGF1bCB3cm90ZToNCj4gT24gVGh1LCA2LzI2LzIwMjUgNjo0NiBBTSwgRWQgQ3J5ZXIgd3Jv dGU6DQo+PiBJZiBNU29mdCBjYW4gZ2V0IGludG8gdGhlIFRQTSB0byBkbyB0aGVpciBzdHVm ZiwgaG93IGNvbmZpZGVudCBhcmUgd2UgdGhhdCB3aGl6ei1raWQgaGFja2VycyB3b24ndCBz b29uIGJlIGluIHRoZW0gdG9vPw0KPj4NCj4+IFdoYXQgYXJlIHRoZSBvZGRzIG9mIHVwZ3Jh ZGluZyB5b3VyIGhhcmR3YXJlIGZvciBXaW5kb3dzIDExIHJhdGhlciB0aGFuIHRocm93aW5n IGF3YXkgwqMxMDBzIG9mIHJlY2VudCBwdXJjaGFzZT8NCj4+IE5ldyBtb2JvIHdpdGggYWNj ZXB0YWJsZSBDUFUgYW5kIFRQTSAyLjA/DQo+PiBXb3VsZCB0aGVyZSBiZSBvdGhlciByZXF1 aXJlbWVudHM/DQo+Pg0KPj4gRWQNCj4gDQo+IFVzaW5nIHRoZSBydWZ1cy5pZSBVU0Igc3Rp Y2sgaW5zdGFsbGVyLCBJIGhhdmUgaW5zdGFsbGVkDQo+IFdpbmRvd3MgMTEgb24gYSA0dGgg Z2VuIG1hY2hpbmUgd2l0aCBubyBUUE0uDQo+IA0KPiBJIGZlZWwgYWJvdXQgYXMgc2FmZSBh cyBhbnkgb3RoZXIgY29tcHV0ZXIgaW4gdGhlIHJvb20uDQo+IA0KPiBBbnkgbmF0aW9uLXN0 YXRlIHF1YWxpdHkgc29mdHdhcmUgYmVzdG93ZWQgdXBvbiB1cywgZ2V0cw0KPiBpbnRvIHRo ZSByb29tIHdoZXRoZXIgd2UgbGlrZSBpdCBvciBub3QuIE9ubHkgeW91ciBiYWNrdXBzDQo+ IHN0YW5kIGJldHdlZW4gdGhlbSBhbmQgYW5hcmNoeS4NCj4gDQo+IFRoZSBoaXN0b3J5IG9m IHNlY3VyaXR5IHByb2Nlc3NvcnMgaXMgbm90IGdvb2QuIEludGVsIGhhcw0KPiBwaW5uZWQg b25lIHN1Y2ggZGV2aWNlIG9mZiwgdmlhIG1pY3JvY29kZSBwYXRjaC4gQW5kIHRoYXQNCj4g d2FzIGJlY2F1c2UgSSB0aGluayB0aGVyZSBpcyBhIHBlcnNpc3RlbnQgdGhyZWF0IGZvciBp dA0KPiAoZ2V0cyBpbnRvIGl0LCBjYW4ndCBnZXQgaXQgb3V0KS4NCj4gDQo+IFRQTSBhcmUg ZWl0aGVyIGF2YWlsYWJsZSBhcyBhbiBJbmZpbmVvbiBjaGlwLCBvciBhcyBmVFBNLA0KPiB3 aGVyZSBhIENQVSBzZWN1cml0eSBwcm9jZXNzb3IgcGx1cyBzb21lIGZpcm13YXJlLCBtYXkN Cj4gb3BlcmF0ZSBhcyBhIHByb3h5IHNvbHV0aW9uLiBGb3IgZXhhbXBsZSwgb24gb25lIEFN RCBwcm9jZXNzb3IsDQo+IHRoZSBzZWN1cml0eSBwcm9jZXNzb3IgbWlnaHQgaGF2ZSBiZWVu IGEgc2luZ2xlIGNvcmUgQVJNLg0KPiANCj4gVGhlIHBoeXNpY2FsIFRQTSBpcyByZWxhdGl2 ZWx5IGdvb2QuIEl0J3MgImZsYXNoLWFibGUiIGFuZA0KPiBjYW4gYmUgZmxhc2hlZCBmcm9t IFRQTSAyLjAgdG8gVFBNIDEuNCBmb3IgZXhhbXBsZS4gRG9uJ3QgZG8gdGhhdC4NCj4gVGhl IGV4cGxvaXQgZm9yIGl0LCBpbnZvbHZlcyBzdGFuZGluZyBpbiB0aGUgcm9vbSBhbmQgaGF2 aW5nDQo+IGEgYnVzIGFuYWx5emVyIGhhbmR5LiBOb3QgYSB0YWxsIGFzaywgYW5kIHRoYXQn cyB0aGUgZ2VuZXJhbA0KPiBydWxlLCB0aGF0IGlmIGFueW9uZSBpcyBzdGFuZGluZyBpbiB0 aGUgcm9vbSwgeW91ciBjb21wdXRlcg0KPiBpcyB0aGVuIG5vdCBzZWN1cmUuDQo+IA0KPiBJ J3ZlIGZsYXNoZWQgbXkgRGFpbHkgRHJpdmVyIG1vdGhlcmJvYXJkIGEgY291cGxlIG9mIHRp bWVzLA0KPiBmb3IgInNlY3VyaXR5IGlzc3VlcyIuIEl0J3MgcGF0Y2hlZCBhcyB3ZWxsIGFz IEkgdGhpbmsgaXMNCj4gcG9zc2libGUuIE15IEFzdXMgbW90aGVyYm9hcmQgYWNyb3NzIHRo ZSB3YXksIGlzIG1pc3NpbmcNCj4gYSBwYXRjaCwgYW5kIHRoZXJlIHdpbGwgYmUgbm8gbmV3 IEJJT1MgZmlsZXMgZm9yIGl0Lg0KPiANCj4gICAgIFBhdWwNCg0KSSd2ZSBydW4gV2luMTEg dGhyb3VnaCBSdWZ1cyBvbiB0aGUgbWFjaGluZSBpbiBxdWVzdGlvbi4gTm8gcHJvYmxlbXMg YXQgDQphbGwuIEJ1dCBub3cgUnVmdXMgaGFzIGJlZW4gZGVzcG9pbGVkIG9mIGl0cyBieXBh c3NpbmcgZmVhdHVyZTsgZXZlbiANCm9sZGVyIHZlcnNpb25zIGhhbmdpbmcgYXJvdW5kIHRo ZSBOZXQgaGF2ZSBiZWVuIGRvY3RvcmVkLg0KDQpJIGtub3cgdGhhdCBNUyBhcmUgY2xhaW1p bmcgNjAlIHJlZHVjdGlvbiBpbiBtYWx3YXJlIHN1Y2Nlc3Mgd2l0aCB0aGUgDQpDUFUncyB0 aGV5J3ZlIGF1dGhvcmlzZWQsIGJ1dCBJIGFsc28ga25vdyBqdXN0IGhvdyBkZWRpY2F0ZWQg c29tZSANCmhhY2tlcnMgY2FuIGJlOyBhbmQgSSBkb24ndCBiZWxpZXZlIGl0IHdpbGwgYmUg dmVyeSBsb25nIGJlZm9yZSB0aGV5IA0KaW5maWx0cmF0ZS4NCkFuZCB3aGF0IHRoZW4/IFdp bGwgd2UgYWxsIGhhdmUgdG8gdGhyb3cgYXdheSB0aGUgbmV3IGhhcmR3YXJlIHdlJ3ZlIA0K cHVyY2hhc2VkIGp1c3QgdG8gcnVuIFdpbjExPyBBbmQgZGlnIGludG8gb3VyIHBvY2tldHMg YWdhaW4/DQoNCkknbSBub3QgYWNjdXNpbmcgTVMgb2YgYmVpbmcgcHVwcGV0cyBvZiBPRU1z LiBJIHRoaW5rIEknZCByYXRoZXIgYWNjdXNlIA0KdGhlbSBvZiBiZWluZyBmLi4uaW5nIHN0 dXBpZC4NCg0KRWQNCg0KDQoNCg0K

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)