How does TPM on Win10 react to PXE'ing Ubuntu LiveCD?
-
Hey folks! Your answers to one another have been amazingly helpful to me in setting up FOG (I am a Linux novice) so I want to thank you for that first. You even helped me get it working with UFW.
The one answer I didn’t find (anywhere) was - will PXE’ing a Ubuntu LiveCD and/or installation over FOG cause the target laptop’s TPM chip to react, as in prompt for unlocks - or to do anything at all differently?
I’m not trying to image anything (or do anything wrong,) I just want an outcome where I can use Network Display Interface at home and not change its actual configuration in any way. If not, FOG will still be an awesome experiment.
TL,DR: Will the IT guy find out I am using it to stream?
-
@smellyonionman said in How does TPM on Win10 react to PXE'ing Ubuntu LiveCD?:
will PXE’ing a Ubuntu LiveCD and/or installation over FOG cause the target laptop’s TPM chip to react, as in prompt for unlocks
No because the OS works in conjunction with the values stored in the TPM chip. This is a separate issue from secure boot.
To live boot a system that has secure boot enabled you need to use the linux shim boot drivers to get things moving. By default secure boot is a Microsoft thing, to boot other operating systems the other operating systems needs to have the boot loaders signed by Microsoft. To work withing this secure boot environment linux developed signed shims (small applications that call for the boot of linux) that then call the linux OS to boot.
Will the IT guy find out I am using it to stream?
As a head “IT Guy” this give me the impression you are doing something that I might get mad about. But streaming involves a bit more than booting the OS. Once booted you need to access the internet either directly or via a proxy server. If you IT department is sharp they will have tools in place to monitor this traffic. So one way or another they will know if you are streaming stuff. If they are not monitoring internet traffic then they don’t care. Its hard to say about your organization.
-
Thank you @george1421 for giving me such a complete answer. My greatest concern was looking as if I had attempted something like a cold boot attack, but if something onboard such as IME is going to show logs then I really wouldn’t bother. It’s not worth finding out if they care to distinguish, so thanks for your advice.
In regards to potentially angering people like yourself, I’m grateful you were still fair to me! I didn’t take any steps that were contrary to IT’s mandate, we are after all a team. Maybe they will approve the request.
FOG was a means to satisfy a curiosity (NDI) but will prove to be much more useful and fun with my own half-broken Desktops. Have a good one!
