Firmware TPM vs Hardware TPM
2 minutes ago, FreZZ7 said:my question is which hadwear component i can/cant exchange not which features i can use.
Do i understand it correctly you mean i can exchange storage but only if i disable bitlocker priore to storage exchange?
It depends on what you are using TPM for, and which type of chip it is (dedicated TPM or fTPM/Pluton)
Dedicated removable chip:
-
A software using TPM for encryption such as Windows BitLocker:
-
You can change anything beside:
- Drive that is being encrypted, assuming you care about the data (you can put the drive back, if you wonder to decrypt it back)
- TPM chip (obviously, as it has the key to decrypt)
-
You can change anything beside:
Dedicated soldered on chip:
-
A software using TPM for encryption such as Windows BitLocker:
-
You can change anything beside:
- Drive that is being encrypted, assuming you care about the data (you can put the drive back, if you wonder to decrypt it back)
- Motherboard (as it has the TPM chip soldered to it)
-
You can change anything beside:
fTPM/Pluton chip:
-
A software using TPM for encryption such as Windows BitLocker:
-
You can change anything beside:
- Drive that is being encrypted, assuming you care about the data (you can put the drive back, if you wonder to decrypt it back)
- Changing the CPU
-
You can change anything beside:
Keep in mind that for OEMs, things are more complicated, as they may use TPM / fTPM / Pluton to lock the UEFI/BIOS as a type of digital signature. (it can be upgraded but has a process that needs to be followed. This is to avoid malware take advantage of a possible security leak and embedded malware to teh UEFI/BIOS chip), and again, things changes, all based on the OEM implementation. That said, typically, we are talking about OEM workstations and servers, so usually you'll be dealing with through the OEM warranty. I mean, you would be in a company as IT, dealing with this, and considering that some servers can easily cost 20k, probably you, as a buyer, would pony up the 5+ year warranty for a few bucks (in comparison) more. Companies tend to get the max and extended support afterwards. So IT tend to not directly have anything directly to really worry about.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now