"From a security perspective, is one solution (discrete, integrated, other) clearly better or worse than the other? Is there specific functionality one should look for in the BIOS or the TPM module when a daughtercard TPM is used?"
With TPM 2.0 the separate daughter-card is the highest security level. It is tested in a harness by experts to withstand attack, it can then be plugged into a motherboard where an attack is more difficult; assuming that the operator is not present.
The separate daughter-card used in SuperMicro systems is certified to Evaluation Assurance Level (EAL) 4:
"EAL4 permits a developer to gain maximum assurance from positive security engineering based on good commercial development practices which, though rigorous, do not require substantial specialist knowledge, skills, and other resources. EAL4 is the highest level at which it is likely to be economically feasible to retrofit to an existing product line. EAL4 is therefore applicable in those circumstances where developers or users require a moderate to high level of independently assured security in conventional commodity TOEs and are prepared to incur additional security-specific engineering costs."
Higher security levels involve writing and testing the operating system in addition to providing physical security from sophisticated attacks.
With the level 4 daughter-card theft of the system (or just the drive) still would involve decrypting the data. Even with security, and an encrypted drive, if someone can look over your shoulder or coerce the password from you the information is not secure.
Sources:
"
- DISCRETE TPM provides the highest level of security, as might be needed for a TPM used to secure the brake controller in a car. The intent of this level is to ensure that the device it’s protecting does not get hacked via even sophisticated methods. To accomplish this, a discrete chip is designed, built and evaluated for the highest level of security that can resist tampering with the chip, including
probing it and freezing it with all sorts of sophisticated attacks.
- INTEGRATED TPM is the next level down in terms of security. This level still has a hardware TPM but it is integrated into a chip that provides functions other than security. The hardware implementation
makes it resistant to software bugs, however, this level is not designed to be tamper-resistant.
- FIRMWARE TPM is implemented in protected software. The code runs on the main CPU, so a separate chip is not required. While running like any other program, the code is in a protected execution environment called a trusted execution environment (TEE) that is separated from the rest of the programs that are running on the CPU. By doing this, secrets like private keys that might be needed by the TPM but should not be accessed by others can be kept in the TEE creating a more difficult path for hackers.
In addition to the lack of tamper resistance, the downside to the TEE or firmware TPM is that now the TPM is dependent on many additional aspects to keep it secure, including the TEE operating
system, bugs in the application code running in the TEE, etc.
- SOFTWARE TPM can be implemented as a software emulator of the TPM. However, a software TPM is open to many vulnerabilities, not only tampering but also the bugs in any operating system running it. It does have key applications: it is very good for testing or building a system prototype with a TPM in it. For testing purposes, a software TPM could provide the right solution/approach.
"
