Does opnsense/freebsd support TPM? Just curious as I'm using an Intel PC to run opnsense currently which has both Intel PTT and a TPM 2.0 Header. Wondering if there is any benefit of enabling. Thanks!
It 'supports' it as in, it is functional and has a driver but it doesn't "do" anything for your network.
Do you know what a TPM is and what it is for? Because it seems like you might just like it because it has a cool name :P
I know what it is and wouldn't expect it to improve network security other than if the firewall itself was compromised by something that altered the bootloader.
Quote from: fields987 on July 01, 2021, 10:33:51 PM
I know what it is and wouldn't expect it to improve network security other than if the firewall itself was compromised by something that altered the bootloader.
Ah, so it's not the TPM that is the main thing here, but Secure Boot or Verified Boot then? That can indeed use something like the PCR feature in TPMs.
The problem is that secure boot needs to be built into FreeBSD and it is currently not really present.
https://github.com/opnsense/src/issues/81