• asudox@lemmy.worldOP
    link
    fedilink
    arrow-up
    1
    ·
    2 years ago

    I also want to add that the TPM will request the recovery key if the BIOS goes back to factory defaults. I also think changing the secure boot setting might trigger it. If that’s the case then a BIOS password is pretty useless.

    • Para_lyzed@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      2 years ago

      I believe that the TPM will refuse to provide keys after secure boot is disabled, but I didn’t intend to imply that it could be used to bypass TPM decryption or anything. Just as an aside that BIOS passwords are effectively useless at preventing access to the BIOS.

      • asudox@lemmy.worldOP
        link
        fedilink
        arrow-up
        1
        ·
        2 years ago

        It does seem like most of the TPMs indeed do not provide the keys if secure boot is disabled. Sorry for the misunderstanding.