>My web searches around that are eerily silent, and the best technical explanations I could glean tend to show that measured boot and discrete TPMs are fundamentally incompatible.
Indeed. It is actually remarkable how the TPM implementation on PCs has been blatantly insecure for most of the lifetime of the TPM ecosystem (with fTPMs only being relatively new), and remarkably few people pointing out this obvious fact.
Honestly there are so many issues with the PC TPM ecosystem I have a draft blogpost going through them all, but it might be a while before I can finish it.
> Honestly there are so many issues with the PC TPM ecosystem I have a draft blogpost going through them all, but it might be a while before I can finish it.
I'm interested if that can encourages you. (Also, I liked your linked article, interesting and well argued.)
Indeed. It is actually remarkable how the TPM implementation on PCs has been blatantly insecure for most of the lifetime of the TPM ecosystem (with fTPMs only being relatively new), and remarkably few people pointing out this obvious fact.
Honestly there are so many issues with the PC TPM ecosystem I have a draft blogpost going through them all, but it might be a while before I can finish it.