I’ve been looking to purchase a new laptop and I need to have security in mind. I’ve specifically been looking for laptops with discrete or integrated TPM because it’s been my understanding that TPM would improve disk encryption security, but after doing some more research I’ve heard a lot of sources saying that it doesn’t really make a difference and some go so far as to suggest TPM has unpatched vulnerabilities and may even be backdoored by intelligence agencies such as the NSA.
For someone such as myself who is becoming more active in activism and investigative journalism, should I bother with TPM? And how safe is dm-crypt/LUKS? I currently use Linux Mint which I believe uses LUKS by default for disk encryption and I’m wondering how vulnerable it is to attackers with physical access to my laptop.
(P.S I’ve heard of Qubes but at the moment I’m unable to use it. In my case I’ll be using Linux Mint + AppArmor and sometimes Whonix when appropriate.)