Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 28 subscribers
  • Views 1952 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Try to find if there are any TPM module on Sophos hardware, and quite frankly could not find one.

Big_Buck

Normally it is easy to find if there's a Trusted Platform Module.

You first find clue in the BIOS/UEFI's setup.

None.

I would have believe this be a MANDATORY feature.

Paul Jr



This thread was automatically locked due to age.
Parents
  • 0

    Ok.  Just checked on an XG210 rev 3 (the latest as of 2019)  BIOS/UEFI.

    Well.  Boot is not even UEFI.  No.  It's BIOS/LEGACY

    "Trusted Computing Menu" is there, but everything is deactivated.

    And it also says "NO TPM devices"

    Ladies and gentlemen, files on a Sophos appliance is not a challenge to hack ...  Legacy BIOS, Legacy OS, on Legacy storage, With no encryption or Trusted Computing whatsoever ...

    Paul Jr

  • 0 in reply to Big_Buck

    But what are you trying to prove? that if you have physical access to a device you are able to pull the disk and look at things? if your physical security allows for people to achieve that then i think there are far more pressing issues that someone reading data off the device

Reply
  • 0 in reply to Big_Buck

    But what are you trying to prove? that if you have physical access to a device you are able to pull the disk and look at things? if your physical security allows for people to achieve that then i think there are far more pressing issues that someone reading data off the device

Children
  • 0 in reply to JimtheITguy

    My understanding is TPMs are useful for far more than protecting against direct access attack.  (Like booting via a USB key).

    TPM are used everywhere.  For example: to certify the identity of devices remote services are communicating with.

    Could be used by Sophos OS to encrypt and lock users identity at the Bios level.  And by the way, it should be UEFI by now.  Being BIOS-only is unexplainable to me.

    TPM could also lock the firewall hardware much like the way HPE does.

    In case of breach via network, or whatever vulnerability found, if OS and other important files are locked and encrypted, it's another welcome level of protection.

    I've been installing it for more than a decade now without too much technical hassles.  (On all my Windows 10 laptops and desktops.  Bitlocker)

    To me, it is far more than just a nice to have.  And I normally should not have to explain that to a security community.  Particularly when many are far more knowledgeable than I on this TPM matter.

    No TPM on a firewall is a non sens.

    Paul Jr