So much whining about some new Windows on my TL and the one thing that sounds really good about it, #tpm that is, people seem to go bonkers about. Said it before: TPM is there for the user. Even on #Linux. Use it! It is not some magic DRM machine.
Today I learned about IMA, EVM and TPM on Linux and I feel like Alice tumbling down the rabbit hole.
[ 0.784022] ima: No TPM chip found, activating TPM-bypass!dmesg | grep TPM
Last time I read about this is ~15 years ago and I simply disabled TPM so far since I only remember the concerns from back then about privacy and the impact it may have on free software related to DRM. TrueCrypt also fuelled this believe.
Turns out that TPM is completely passive and can do a lot for me, especially in combination with UEFI and IMA (Integrity Measurement Architecture) or, in fact, with securing personal credentials and even TOTP.
Yes, I read about the ROCA vulnerability, too!