It seems that the TCG looked at the absymaly low adoption rates for TPM 1.2 and thought "maybe more people will use TPM v2.0 if we make the tools even worse?"
@cynicalsecurity I'm reasonably experienced with security things, yet figuring out how to configure UEFI SecureBoot to use my own signing keys (stored in a Yubikey) and to seal the LUKS decryption key in a TPM v2.0 has taken me the better part of a week.
@th well, considering I have been asked to set up 2FA for macOS using Yubikey and have had to answer “no can do” after weeks of effort… I understand.
There needs to be a concerted effort to improve security by improving design.
Byzantine artwork is beautiful but it is to be observed and enjoyed, not used… so far TPM is Byzantine artwork, a marvellously complicated admirable concoction of no practical use whatsoever.
@th perhaps it would be more useful if they actually explained why TPM might be good for you, finally?
The common perception of TPM oscillates between “what is it for?” and “they are trying to control me”…
The concept of booting something you trust is lost upon the vast majority of people because of this (and the initial, brilliant, association with DRM).