True, but now I’m curious what kind of cryptographic operation you’re doing that would need to be protected from local root. Because that should be the only case a TPM is helpful (compared to the Pi secure boot option) and in that case the device is compromised anyway and can show anything on the screen and have all local processes taken over.
Agreed on the web stuff. But I’d say the web sucks, not the Pi. :-)
We consider anything that you can extract from the drive by removing it security theater. Root or not doesn’t matter.
You’re right that physical access is game over for content in general. This is more about extracting sensitive data (like credentials/tokens to 3rd party sites).
All backend communication is done using mTLS, where the private key never leaves the TPM (on x86).
Moreover, we’re encrypting all sensitive data we send to the device using the corresponding public key. Thus even if you rip the drive out of the device, you won’t have much luck.
Sounds reasonable, but the secure boot mechanism of the Pi not only allows verifying the boot chain but also enables you to implement disk encryption with keys stored in the the hardware itself that you can then only access from the running OS. Stealing the Pi or just taking out the SD card will not allow access to the non-OS parts. I'm not sure if the secure boot stuff of the Pi has ever been thoroughly verified or exposed to serious attacks, but in theory that's all possible.
Agreed on the web stuff. But I’d say the web sucks, not the Pi. :-)