> Its kind of like if a bank had a big vault door and then a glass window to the vault. The bank robber will break the window and get all the cash. Who cares that the door wasn't breached?
A TPM without a PIN is kind of like if a bank had a big vault door and then an employee leaving the key on the office desk, the bank robber will get the key and open the door. Everyone would care whether the door itself is breached, or it was something else.
The bottomline is, if it doesn't even have a PIN code, no security is offered against an attacker with physical possession of both the motherboard and the harddrive (aka the computer), by design, and not even a considered 0day.
A TPM without a PIN is kind of like if a bank had a big vault door and then an employee leaving the key on the office desk, the bank robber will get the key and open the door. Everyone would care whether the door itself is breached, or it was something else.
The bottomline is, if it doesn't even have a PIN code, no security is offered against an attacker with physical possession of both the motherboard and the harddrive (aka the computer), by design, and not even a considered 0day.