The discussion was whether students could force the machine ( a laptop they could take home with them ) into a state where they could use it to cheat during tests.
TPM chips generally provide the following:
1. An encrypted store that can only be accessed by an authorized portion of code ( such as booting an encrypted drive ). Checks are done to ensure the code being run is signed.
2. Secure RNG ( random number generation )
3. Various other public/private key stuff
Typically you can enable/disable TPM from the BIOS. ( whether it is a physically removeable TPM chip or not )
Obviously removing/destroying the TPM chip will cause a loss of data, but that is irrelevant if you don't care about that data and are willing to reinstall the OS.
It isn't hard to install a clean OS on a wiped drive. Even supposing somehow you couldn't reset the BIOS to shut off the TPM and force a normal clean drive boot process, I was speculating if removing/destroying the TPM would revert to booting normally.
Note there was a lot of anger when TPMs were initially introduced, because they could effectively be used to force a system to only ever boot a signed OS. ( removing the ability to run Linux ) This is my curiosity; if on normal systems this can be forced or not.
TPM chips generally provide the following: 1. An encrypted store that can only be accessed by an authorized portion of code ( such as booting an encrypted drive ). Checks are done to ensure the code being run is signed. 2. Secure RNG ( random number generation ) 3. Various other public/private key stuff
Typically you can enable/disable TPM from the BIOS. ( whether it is a physically removeable TPM chip or not )
Obviously removing/destroying the TPM chip will cause a loss of data, but that is irrelevant if you don't care about that data and are willing to reinstall the OS.
It isn't hard to install a clean OS on a wiped drive. Even supposing somehow you couldn't reset the BIOS to shut off the TPM and force a normal clean drive boot process, I was speculating if removing/destroying the TPM would revert to booting normally.
Note there was a lot of anger when TPMs were initially introduced, because they could effectively be used to force a system to only ever boot a signed OS. ( removing the ability to run Linux ) This is my curiosity; if on normal systems this can be forced or not.