Can TPM (trusted platform module) be used to verify if a used laptop's bios, the bootloader and related components have not been tampered with in the past, i. e. whether those components are still in their factory setting state? Or can a TPM only detect whether there has been a change with those components after it has been activated (by me)?
Asked
Active
Viewed 253 times
1 Answers
0
A TPM can only tell if the BIOS and related components have been changed since the TPM was activated. If something has been changed, it can't tell what was changed or when it was changed, nor can it tell if the BIOS was tampered with before the TPM was first activated.
forest
- 66,706
- 20
- 212
- 270
-
Is there any other way I can be sure a used laptop is safe as far as it's bios, bootloader etc goes? Or do I simply have to buy a new one? – Manuel Dec 06 '18 at 02:31
-
@Manuel You can use an SPI programmer to flash a known-good copy of the BIOS to the flash chip. – forest Dec 06 '18 at 02:40
-
Thanks! Such an SPI programmer tool seems to cost almost as much as the difference between a new and a used laptop (~ 250 USD). And I would have to invest time to learn it. – Manuel Dec 06 '18 at 05:23
-
@Manuel There are cheap SPI programmers out there, but you're right, you'd have to learn how to work it. – forest Dec 06 '18 at 06:45