AMD fTPM ( or V2.0 ) cant protect secrets

this less secure than a crypto on disk ,

I wouldn’t worry about this too much…

First, you need physical access to the device to exploit it.
Then, you would have to keep your keys for unlocking the drive in TPM… I’m not aware of users unlocking their drive like this here, at least not that I’m aware of.

1 Like


Our results show that when an fTPM's internal state is compromised, a TPM and PIN strategy for FDE is less secure than TPM-less protection with a reasonable passphrase. 

It all boils down to password strength i would suggest.

1 Like