Do you believe that using an external hardware key is actually more secure than using an internal TPM whose short-period unlock is triggered by direct hardware signals (from e.g. a fingerprint reader) that software can't simulate, for your use-case?
Personally, I could only see the security benefit if the hardware key and the laptop are stored separately — if e.g. a three-letter agency robbed my house, they'd get both anyway. But that's entirely impractical if the HSK is used for every PAM auth, rather than just to do "special" actions (in the way that e.g. hardware crypto wallets are used.)
In reality they're probably good enough for most of users - but in theory any SW based solution can theoretically get exploited, so external key that requires user action is certainly more secure (and not significantly more inconvenient to use - you need to press something in both cases).
Put another way, if someone has broken into my house and has physical access to my desktop, the hardware token is moot -- they can just take the box. And the token.
But someone can, in theory, break that software from multiple timezones away
But I wasn't talking about a software solution. I was talking about something that works like the touchID on Macbooks, where there are dedicated traces running between the fingerprint reader and the TPM's SoC pins such that "software" can't tell the TPM to unlock. (You'd instead need a malicious signed firmware update for the fingerprint reader.)
(Also FYI, this is why Apple cryptographically "pairs" device fingerprint readers to their TPMs, such that you can't just replace them without having Apple "activate" the new one. It's so that bad actors who acquire your laptop can't just quickly swap out the fingerprint reader for one that always puts "good fingerprint, please unlock" on the signal line.)
No, they cryptographically pair the hardware because it makes repair impossible. If they only cared about security you would be able to use a new fingerprint sensor or camera in an old device after wiping/factory resetting it. They have even started pairing screens and batteries, which are not security devices.
Apple doesn’t care about repairability one way or another. They thing they care about, that makes it seem like they hate phone repair, is that there are gangs of pickpockets who steal phones and send them in bulk lots to China, where they’re scrapped for parts to use to repair other phones, or to build phones or other devices that use phone parts. (Search “my stolen iPhone ended up in Shenzhen” if you don’t believe me. This is a whole thing.)
Apple borrowed the cryptographic pairing system they created for security in the fingerprint reader, and reused it for the display et al, to make stealing iPhones to scrap them for parts pointless. This has massively decreased the value of these phones on the black market (all you can really extract now are the low-value bits like the speaker or charging assembly); which has in turn made iPhones the least desirable target for thieves.
Every hurdle you have to jump to take part in Apple’s self-serve repair program — the “phone Apple to activate the pairing of these parts” step, the only being able to order parts once you have a specific broken device to order them for, etc. — is the way it is precisely so that the people who scrap the stolen phones can’t participate.
Personally, I could only see the security benefit if the hardware key and the laptop are stored separately — if e.g. a three-letter agency robbed my house, they'd get both anyway. But that's entirely impractical if the HSK is used for every PAM auth, rather than just to do "special" actions (in the way that e.g. hardware crypto wallets are used.)