It should stop issues with full device theft as well, if done correctly, because if secure boot isn’t on and working, it will refuse to give the key. Which means, if it was setup correctly, the computer cannot be accessed without know the users name and password. This is the general accepted stack for Microsoft’s BitLocker. It becomes completely transparent to the user, but puts a decent blocker to access in cases of theft. There are ways around it like freezing RAM or packet sniffing an external TPM, but those are high level attacks.
If the TPM is not integrated in the CPU and rather a separate Chip on the MB, the communication can be easily sniffed since it’s not encrypted. See here https://youtu.be/wTl4vEednkQ?si=26A0NK-cVtP3uKgk
Shown how cheap it is i would not say it is high level.
It should stop issues with full device theft as well, if done correctly, because if secure boot isn’t on and working, it will refuse to give the key. Which means, if it was setup correctly, the computer cannot be accessed without know the users name and password. This is the general accepted stack for Microsoft’s BitLocker. It becomes completely transparent to the user, but puts a decent blocker to access in cases of theft. There are ways around it like freezing RAM or packet sniffing an external TPM, but those are high level attacks.
If the TPM is not integrated in the CPU and rather a separate Chip on the MB, the communication can be easily sniffed since it’s not encrypted. See here https://youtu.be/wTl4vEednkQ?si=26A0NK-cVtP3uKgk
Shown how cheap it is i would not say it is high level.
Here is an alternative Piped link(s):
https://piped.video/wTl4vEednkQ?si=26A0NK-cVtP3uKgk
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.