If I remember correctly it's up to the client program to set up the session, not something to do with the vendor's implementation. It's conceptually similar to how an HTTPS client performs a TLS handshake after opening a socket before it can work with plain HTTP content.
It doesn't help that the TPM spec is so full of optional features (and the N spec versions), so it's often annoying to find out what the vendor even supports without signing an NDA + some.
TPMs work great when you have a mountain of supporting libraries to abstract them from you. Unfortunately, that's often not the case in the embedded world.
Even on desktop it's terrible, I wanted to protect some private keys of a Java application but there is no way to talk to a TPM using Java so handsandshouldersup gesture.
The TPM needs a way to authenticate your Java application, since the TPM otherwise does not know whether it's actually talking to your application or something pretending to be it.
This means you generally need an authenticated boot chain (via PCR measurements) and then have your Java app "seal" the key material to that.
It's not a problem with the TPM per-se, it's no different if you were using an external smartcard or HSM - the HSM still needs to ensure it's talking to the right app and not an impersonator (and if you use keypair authentication for that, then your app must store the keypair somewhere - you've just moved the authentication problem elsewhere).
Correct, unless you're using a self-encrypting drive the FVEK sits in RAM once it's been released by the TPM during boot. The TPM is only a root of trust; for fast crypto operations without keeping the key in kernel memory you would need something like Intel SGX or ARM TrustZone.
BitLocker no longer leverages SED by default due to vulnerabilities in drive manufactures firmware as of Sept 2019.
> Changes the default setting for BitLocker when encrypting a self-encrypting hard drive. Now, the default is to use software encryption for newly encrypted drives. For existing drives, the type of encryption will not change.
Take a look at Fretboard Theory by Desi Serna - it spends a lot of time on how different scales are constructed and relating different patterns and chord forms back to the underlying concepts.
If a static analyzer is sound, which is something that can be mathematically proven (formal method), will find ALL existing issues plus some false positives if it's not complete (which is almost always the case).
You can find incredibly cheap (nearly free) used servers for pickup if you’re patient. If you have cheap electricity (or better yet, provided with your lease), a 2013-era dual Xeon server is pretty compelling at $50.
Apple didn’t make that many, so they would be tough to find. And they were a really pain to actually use. I didn’t find them very friendly at all to work with physically. Very polished, but had a feel of being over engineered.
Greater Appalachia definitely extends through PA in a T shape across the center of the state and the northern border (sometimes called Pennsyltucky) and covers at least the Southern Tier in New York.
Like most states, Pennsylvania's rural areas tend to be more conservative and support Republicans. The resulting political map of Pennsylvania is therefore a red "T" in the center of the state with the Pittsburgh and Philadelphia areas a strong blue.
