Buchanan walks through his process of experimenting with low-cost fault-injection attacks as an alternative when typical software bugs aren’t available to exploit.

  • kautau@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 month ago

    For Apple computers with a T2 chip encryption actually is on by default and is always enabled at the hardware level. However, enabling filevault adds additional security around the master encryption key.

    Perhaps a future TPM standard will support dedicated encryption throughput in the future instead of just RNG and key generation, but until that happens I can’t see computer manufacturers turning encryption on by default (especially because the bitlocker user experience for non-power users is still pretty awful)

    On that note, being able to use TPM / UEFI features is getting more difficult for open source users, so actually taking advantage of the security hardware on your machine requires more work: https://github.com/Foxboron/sbctl/issues/85