Notices by cesarb (cesarb@mastodon.social)

@tthbaltazar @mjg59 One common use of a TPM is to have a full-disk-encrypted partition which is automatically decrypted as long as the full both path (firmware, bootloader, kernel, initrd, kernel command line, etc) is unchanged. Try to access it any other way (single user mode, booting from a USB stick, etc) and it won't automatically decrypt (you'd have to use alternate means, like a recovery passphrase).

@tthbaltazar @mjg59 It's not trivial to sniff if you use a fTPM or similar, since then it's buried deep inside the CPU itself. But yes, physical access can still be a risk, since the attacker could for instance sniff the memory bus; but that's a more complex attack than "plug a USB stick and boot from it" or even "sniff the low speed LPC bus".

(Some computers have "intrusion switches" to sense when the case is opened, but I don't think they set any flag the TPM can use as a sign to stop.)

@dalias @BleepingComputer IIRC, that limit is older than exfat; AFAIK the whole point of the limit was forcing people to use NTFS on internal hard disks, which was more space efficient (less internal fragmentation due to smaller cluster size) and safer (since it has journalling).

@Gargron The question would be "which one?", since most planes have something like three hydraulic systems, and all important control surfaces can be moved by more than one of them. The answer is probably hidden in that "now being towed", because it likely means that they lost the one which controls the on-ground steering; someone who knows the details of that plane model can tell by that which hydraulic system broke.