Try to find if there are any TPM module on Sophos hardware, and quite frankly could not find one.

Normally it is easy to find if there's a Trusted Platform Module.

You first find clue in the BIOS/UEFI's setup.

None.

I would have believe this be a MANDATORY feature.

Paul Jr

  • Hi  

    It would be great if you could provide us more details regarding the reported thread, it would help us to answer you better.

  • In reply to Keyur:

    Hello

    I’m not sure I catch what you write here ... Have I click somewhere I should have not ?  Or is this related to this post, meaning I can’t find Trusted Platform Modules in Sophos hardware ( At least in small appliances  ?

  • Ok.  Just checked on an XG210 rev 3 (the latest as of 2019)  BIOS/UEFI.

    Well.  Boot is not even UEFI.  No.  It's BIOS/LEGACY

    "Trusted Computing Menu" is there, but everything is deactivated.

    And it also says "NO TPM devices"

    Ladies and gentlemen, files on a Sophos appliance is not a challenge to hack ...  Legacy BIOS, Legacy OS, on Legacy storage, With no encryption or Trusted Computing whatsoever ...

    Paul Jr

  • In reply to Big_Buck:

    But what are you trying to prove? that if you have physical access to a device you are able to pull the disk and look at things? if your physical security allows for people to achieve that then i think there are far more pressing issues that someone reading data off the device

  • In reply to JimtheITguy:

    My understanding is TPMs are useful for far more than protecting against direct access attack.  (Like booting via a USB key).

    TPM are used everywhere.  For example: to certify the identity of devices remote services are communicating with.

    Could be used by Sophos OS to encrypt and lock users identity at the Bios level.  And by the way, it should be UEFI by now.  Being BIOS-only is unexplainable to me.

    TPM could also lock the firewall hardware much like the way HPE does.

    In case of breach via network, or whatever vulnerability found, if OS and other important files are locked and encrypted, it's another welcome level of protection.

    I've been installing it for more than a decade now without too much technical hassles.  (On all my Windows 10 laptops and desktops.  Bitlocker)

    To me, it is far more than just a nice to have.  And I normally should not have to explain that to a security community.  Particularly when many are far more knowledgeable than I on this TPM matter.

    No TPM on a firewall is a non sens.

    Paul Jr