A physical TPM with their overall high-quality software support would be awesome.

I've spent far too much time messing around trying to get TPMs working over SPI or I2C to meet security requirements with 4Bs and 5s over the years.

▲

hedora 2 hours ago | parent [-]

You do know those are trivially bypassed with a signal processor, right? If physical access is outside your threat model, that's OK, but it makes (for example) the forced Win11 upgrade for DRM^H^H^H boot integrity enforcement seem ridiculous.

https://pulsesecurity.co.nz/articles/TPM-sniffing

	▲	bradfa an hour ago \| parent [-]
		The article you link to explains how to defeat the sniffing with TPM 2.0. But also, there’s no reason a physical TPM has to be a separate IC package.