Sure it is. A rootkit is a mechanism for hooking access to highly privileged execution levels of a device, masking its own presence, and persisting itself against removal. TPM + SecureBoot runs in firmware, more privileged than kernel mode. It analyzes the bootloader and other key boot parameters to verify they have not been tampered with. They can’t be disabled from within the OS. And sometimes they can’t be removed or disabled at all without someone finding a vulnerability, as in the case with phone rooting.
Although often associated with it, a rootkit does not inherently need to be malware. In the case of phones, and likely future PCs, they are used to prevent users and owners from modifying their device.
That’s still not a rootkit. What do people think rootkits are?
Sure it is. A rootkit is a mechanism for hooking access to highly privileged execution levels of a device, masking its own presence, and persisting itself against removal. TPM + SecureBoot runs in firmware, more privileged than kernel mode. It analyzes the bootloader and other key boot parameters to verify they have not been tampered with. They can’t be disabled from within the OS. And sometimes they can’t be removed or disabled at all without someone finding a vulnerability, as in the case with phone rooting.
Great, but using the TPM as intended is not a rootkit or anything like a rootkit. It’s using a security device as intended.
Although often associated with it, a rootkit does not inherently need to be malware. In the case of phones, and likely future PCs, they are used to prevent users and owners from modifying their device.