So I got Fairphone 4, with /e/ os, a couple of days ago. When I connected it to my NextDNS I saw that it was trying to connect to some weird addresses, like every 5-10 minutes. I searched Internet a bit and found out that it was something with snapdragon cpu and location services. I travel a lot and use Organic Maps for navigation, so location was enabled almost all day on the phone. I turned off location services and connections stopped, and everything was fine for a couple of days.
Today I came home, checked logs in NextDNS and saw that phone started doing the same connections almost constantly even with location turned off.
Can I do something about this, other than allowing these connections? These connections are probably so numerous because they are getting blocked. If I allowed them, phone would maybe call home once in a couple of hours. I would rather not allow them, but I don’t want 20% of battery to be eaten by this.
For what it’s worth, I did specifically say ecosystem because the TPM is just one component, which is required to authenticate the remote wipe. Also the drivers are installed automatically with most modern operating systems, it’s not like you install your own south bridge driver, for example. Linux of course notwithstanding.
I’ve seen it used successfully numerous times. Someone steals one of our laptops, rips the drive out, installs vanilla windows, and boom it reboots and performs a wipe.
Regardless, system-on-a-chip are just that, systems; they can absolutely make remote calls without user interaction, just as intimated by the comment you originally replied to.
Ah, in that case I suspect this has less to do with the TPM or firmware and more with a weird feature Microsoft provides (that I permanently turned off on my laptop).
Windows provides the option for the BIOS to place or replace files on the file system. A bunch of anti-theft tools replace chkdsk.exe, which gets executed on every boot, with a daemon or installer for their service. You can clean install Windows all you want, the moment Windows boots, injection takes place and the payload gets executed. You don’t need TPMs or even encryption or Intel ME/AMD PSP for this.
I believe MS added this API because they noticed motherboard manufacturers messing with the kernel’s memory, and decided to expose a less batshit insane API rather than risk customers blaming Windows for their laptops crashing on boot because the memory layout changed.