Buchanan walks through his process of experimenting with low-cost fault-injection attacks as an alternative when typical software bugs aren’t available to exploit.
Buchanan walks through his process of experimenting with low-cost fault-injection attacks as an alternative when typical software bugs aren’t available to exploit.
I’d guess it’s because encryption adds overhead and slows things down. It’s also overkill for most people’s needs, since the chance to get their PC stolen isn’t worth the performance impact
Should definitely be default on Laptops though
The overhead is negligible since modern desktop CPUs have included AES hardware acceleration for a long time by now
For Apple computers with a T2 chip encryption actually is on by default and is always enabled at the hardware level. However, enabling filevault adds additional security around the master encryption key.
Perhaps a future TPM standard will support dedicated encryption throughput in the future instead of just RNG and key generation, but until that happens I can’t see computer manufacturers turning encryption on by default (especially because the bitlocker user experience for non-power users is still pretty awful)
On that note, being able to use TPM / UEFI features is getting more difficult for open source users, so actually taking advantage of the security hardware on your machine requires more work: https://github.com/Foxboron/sbctl/issues/85