Today I learned about IMA, EVM and TPM on Linux and I feel like Alice tumbling down the rabbit hole.
[ 0.784022] ima: No TPM chip found, activating TPM-bypass!dmesg | grep TPM
Last time I read about this is ~15 years ago and I simply disabled TPM so far since I only remember the concerns from back then about privacy and the impact it may have on free software related to DRM. TrueCrypt also fuelled this believe.
Turns out that TPM is completely passive and can do a lot for me, especially in combination with UEFI and IMA (Integrity Measurement Architecture) or, in fact, with securing personal credentials and even TOTP.
Yes, I read about the ROCA vulnerability, too!