Been considering the MSI TPM chip for the studio. The TPM would allow the desktop to have some of the capability of the Lenovo laptops. It does not matter that the TPM is not soldered. the device can figure it out when it’s removed and lock down.
- INFINEON 9670 TPM 2.0
- 12-pin keyed header
The AM4 platform has intrinsic support for TPM. By default it is not active. In the BIOS -> Security tab it can be activated. This can then allow secure boot to allow the operating system to load a malware tool safely. The idea is to block rootkits and ransomware etc. AMD has integrated the TPM into the CPU die.
The socket AM3 platforms have a header for a TPM device. The MSI MS-4462 is available for AM3 platforms that need more security.
The FBI, CIA, NSA, and others all consider bitlocker with 256-bit keys to be rated to same as AES-256 as top secret. By agreement, AES is royalty free and open source allowed widespread use. Windows supports the hardware TPM even with the Lenovo T400 and T500 machines. The TPM with Windows and bitlocker manage the entire machine.
A recovered bitlocker mobile machine is secure. Lenovo have finger readers and if used without the finger the machine will not work. Same for the PIN and password. Somebody can still possible remove the storage but access will require the recovery key. The machine can possibly boot a recovery USB, DVD or even a hard disk partition and any such act would overwrite the secure disk making recovery dramatically harder as a fresh install of Windows resets the TPM immediately when the machine is in UEFI mode.
Back in 2018 there was an issue that AMD published. They updated the BIOS for the machines which has by now been buried in a raft of other updates. Updates to the BIOS have common suggesting some modicum of concern.
Few keyboards are available that have integrated finger readers that are as well made as gaming keyboards. A long time the shop had a Microsoft Optical Desktop with Fingerprint Reader. Drivers were a major problem with newer versions of Windows which led to its abandonment.
Intel was marketing some mobile chipsets to support facial recognition as part of the Windows 10 Hello feature but no webcams were immediately available.
The TPM does provide the use of Bitlocker which would protect the storage of the machine. The stark lack of biometric hardware is a problem.
The Microsoft EKZ-00002 is a bluetooth 4.0 LE keyboard that sells for about C$169 but few were made so there it has been hard to find in the marketplace. The keyboard is not well suited for gaming.
The Lenovo Preferred Pro USB Fingerprint Keyboard offers excellent performance concerning the biometric solution at its best for Lenovo users. The keyboard works with Windows 10 fine.
There are a few USB devices with a fingerprint reader and many support Windows 10 Hello properly.
The Tobii Eye Tracker 4C is an interesting eye tracking device that works with Windows 10. It features simultaneous eye and head tracking, deepening your immersion into your favorite games. It sells for $149. The low cost of the eye tracking will allow the disabled to be better able to use Windows. Head tracking would be helpful as well. Things are lot better now since Star Trek – The Menagerie for the disabled.
The Logitech 4k Pro Webcam sells for C$249 and it supports Windows 10 Hello with hardware facial recognition. USB 3.2 can handle 8K video cameras as it crushes the throat of IEEE 1394.
The Razor keyboard and the LG panel do not have any auxiliary USB ports so this necessitates a USB hub to handle the biometric hardware. USB hubs are low cost and widely available.
BIOS UPDATE RISK
Be aware that AMD BIOS updates reset the settings and that disables the AMD TPM and secure boot. Before updating the BIOS decrypt the disks and then encrypt them after the BIOS flash is complete and the BIOS settings are restored for security.