avatar/pfp: Alixesque
banner: Mermaid Elizabeth
• high school dropout (proud)
• professional computer toucher (remorseful)
• my organic brain was replaced with a NEC V810 when i was 8
• love and kindness 'til we die, baby
gif: @westfailia
a genuinely ignorant question: if TPM 2.0 is used to store decryption keys for e.g. BitLocker, what good does this do against malefactors if my machine is powered on and running and I am logged in and authenticated?
I can see it being useful for a powered-down laptop, but isn't it far more likely that your running computer gets hit by malware?
i.e. isn't it far more likely your bank gets hacked instead of some scofflaw rifling through your trash to find un-shredded financial documents?
depends on how the crypto works exactly but I trust Microsoft to get this right at least: keys inside the TPM can't be leaked directly, only used for specific crypto operations.
Now, one of those operations may well be "decrypt a certain file from the hard drive", but that's what the OS is for! To make sure only authorized users can access certain files. But as you point out, if you ever run untrusted software under your authorization, this is a moot point. At the level BitLocker operates at, there is no way to distinguish between you dragging files in Windows Explorer and DefinitelyNotAVirus.EXE doing a similar operation.
So yes, BitLocker's threat model of "someone steals your hard drive" doesn't quite apply in your case. This is traditionally what antivirus programs like Windows Defender are for instead: to stop you from ever running potentially malicious programs, or to detect malicious behavior and kill that process immediately. That has a higher false negative chance, however, so general software hygiene is important. Hope this answers your question!
It kind of does, but in the disappointing way where I suspect TPM is useless for the large majority of threat models that actually impact regular users. I'm trying to find justifications for Windows 11 requiring TPM 2.0 and coming up short for any kind of realistic value proposition outside of the enterprise/gov model
Enterprise/govt is where the money is, unfortunately. What, did you think Microsoft was in the business of making good products that please ordinary users? :P
No, but I do like getting my facts straight before I run my mouth!
It's meant to protect a powered down machine, yes, including a machine, or individual disk, that ends up as e-waste.
It both protects you from data (and metadata) theft, and from attackers installing malware by direct modification of the disk. A TPM is not required for the former (there are plenty other solutions, both software and hardware based) but it's necessary for the latter: if any part of the boot process has been altered, the TPM won't provide the disk decryption keys; and Windows, for example, will ask for a BitLocker recovery key.
