On Sun, 2021-07-04 at 10:33 -0700, Samuel Sieb wrote: > On 2021-07-04 9:08 a.m., Patrick O'Callaghan wrote: > > On Sat, 2021-07-03 at 23:09 -0700, Samuel Sieb wrote: > > My mobo is about 8 years old, so I don't have the hardware, however > > QEMU/KVM apparently emulates it well enough to fool Windows. > > > > Which as I said earlier, makes the whole thing ridiculous. > > the hardware, if you use a VM, you can fool the OS.
Indeed, however as I understand it one supposed purpose of a TPM (among others) is to be able to guarantee that the operating system running on the machine has a solid trust base. Quoting from https://en.wikipedia.org/wiki/Trusted_Platform_Module#TPM_implementations: Software TPMs are software emulators of TPMs that run with no more protection than a regular program gets within an operating system. They depend entirely on the environment that they run in, so they provide no more security than what can be provided by the normal execution environment, and they are vulnerable to their own software bugs and attacks that are penetrating the normal execution environment. In the case of Windows 11 under a VM, as you say the software TPM can do what it likes. In effect, there is no more guarantee than with a system without a TPM and the message that Windows 11 can only be used where a TPM provides a trust base might give a false sense of security. poc _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
