Make use of TPM when available

[bastik-1001]

It seems like TPM will stick around, as Windows 11 basically requires it. Whenever or not this is a good thing, having it available, means that it can be used for something good, like:

• Provide a source of randomness for cryptographic functions
• Sign states of configuration, make it validate that the hash of a configuration was not updated without it having been signed (MP does not need to fail, it can inform the user.)
• Protect the keys that MP uses

Since it is a hardware feature (or at least firmware) there is no software that can be bypassed, hacked. So far, messing with a TPM required hardware access, making it unlikely that some software can defy it.

 

[DavidXanatos]

I'm not sure how much access to the TPM windows allows