Jump to content
RESET Forums (homeservershow.com)

Trusted Platform Module (TPM) questions...


E3000
 Share

Recommended Posts

Hey guys,

 

Just curious to know, how many of you actually purchased/use one of these and is it recommended? It doesn't seem to get mentioned much on these forums and I have read that you can use bit locker without it these days...

 

Also, what if one decides to sell the MicroServer? I understand it stays in forever once installed.

 

If I have a bit locked HDD that goes tits-up, will I still be able to recover it as easy as any other (non-bitlocker) drive?

 

If I decide to move away from Windows and to a Linux-based OS would having a TPM make the process any different?

 

Sorry in advance if those questions seem silly, I'm a bit of a noob once you scratch the surface :D

Edited by E3000
Link to comment
Share on other sites

The TPM modules usually use a 19 pin header. You can absolutely remove it when you sell the system.  But if you do remove it, you may not be able to access the system (if it was encrypted), because the encryption key is stored on the TPM module.  

 

In fact, if you move it to a new system, you'll need to take ownership of it on the new system. (run "tpm.msc" to do so). 

 

As for data recover? No. The data is encrypted and looks like garbage. That's the point, actually. So if somebody gets ahold of your system, they won't get shit from it. 

 

You'd need a good backup (and ideally, that should be encrypted too, and that adds additional complexity). 

 

 

As for moving away from Linux, I couldn't comment.  I'm not sure if linux solutions support the TPM module. 

 

 

And these are good questions. TPM is a bit of an advanced thing, 

 

The thing about is, is that with a TPM module, you don't need a password, USB key or anything else. Just the TPM module.  Also, IIRC, if somebody resets the BIOS/firmware, they reset the TPM module as well. Making the device inaccessible.  So password protect the BIOS/firmware as well, for added security. 

  • Like 1
Link to comment
Share on other sites

The TPM modules usually use a 19 pin header. You can absolutely remove it when you sell the system.  But if you do remove it, you may not be able to access the system (if it was encrypted), because the encryption key is stored on the TPM module.  

 

In fact, if you move it to a new system, you'll need to take ownership of it on the new system. (run "tpm.msc" to do so). 

 

As for data recover? No. The data is encrypted and looks like garbage. That's the point, actually. So if somebody gets ahold of your system, they won't get shit from it. 

 

You'd need a good backup (and ideally, that should be encrypted too, and that adds additional complexity). 

 

 

As for moving away from Linux, I couldn't comment.  I'm not sure if linux solutions support the TPM module. 

 

 

And these are good questions. TPM is a bit of an advanced thing, 

 

The thing about is, is that with a TPM module, you don't need a password, USB key or anything else. Just the TPM module.  Also, IIRC, if somebody resets the BIOS/firmware, they reset the TPM module as well. Making the device inaccessible.  So password protect the BIOS/firmware as well, for added security.

 

Thanks for the answers. I'm surprised there isn't more information about it on here as there are a lot of advanced users.

So once I use TPM/Bitlocker is there no way of undoing it before resetting it or taking it out?

Link to comment
Share on other sites

Because it's main purpose is BitLocker.  There aren't a whole lot outside of that.  

https://en.wikipedia.org/wiki/Trusted_Platform_Module#Uses

Also, (despite what the wiki article says), it's not standard on most boards.  Though the header itself is very common. 

 

So if you're not using it for BitLocker.... It doesn't have much use. 

 

 

As for BitLocker, the normal "methods" apply.  You would need to decrypt the disk first (the system disk), or you'd need access to the recovery key (generated during the encryption setup). 

  • Like 1
Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...