undefined | Better HN

0 pointstranspute1y ago0 comments

> discrete TPMs don't really have a future in systems that need robust system state attestation (both local and remote) against attackers with physical access. TPMs should be integrated into the CPU/SoC

What are your thoughts on Microsoft Pluton and Google OpenTitan as TPM alternatives/emulators?

Should system attestation roots of trust be based on open-source firmware?

Recent AI/Copilot PCs based on Qualcomm SDXE/Oryon/Nuvia, AMD Zen5 and Intel Lunar Lake include Microsoft Pluton.

0 comments

kukrimate1y ago

> What are your thoughts on Microsoft Pluton and Google OpenTitan as TPM alternatives/emulators?

I am not familiar enough of the technical details of Pluton or OpenTitan to make a meaningful statement on their security.

> Should system attestation roots of trust be based on open-source firmware?

Yes, and not only root of trusts, I am strong believer in open source firmware in general. I have been developing coreboot as a hobby for a long time. I wish their was more industry support for such things, especially at the lowest levels of modern systems.

transputeOP1y ago

Microsoft has supported open firmware for OCP Caliptra RoT, https://news.ycombinator.com/context?id=40131126

Hopefully we will see open firmware (Rust TockOS) on some version of Pluton, https://news.ycombinator.com/context?id=40557081

j / k navigate · click thread line to collapse