TPM is basically never for your benefit. It’s becoming a requirement because Microsoft is going to one day say “you can only run apps installed from the Windows Store, because everything else is insecure” and lock down the software market. Valve knows this which is why they’re going so hard on the Steam Deck and Linux.
[This comment has been deleted by an automated system]
This is why I keep my initrd tattooed as a barcode on my testicles.
“Please teabag the web cam to boot.”
There’s two types of users, those who write a detailed precise technical answer to the subject, and then there’s you
deleted by creator
Kernel upgrades are very… Painful.
You know, I’ve been thinking about what I want my first tattoo to be for months, you’ve just given me a great idea
I don’t know why I keep hearing of security measures to stop someone sleuthing into bootloaders.
Am I the only person using Linux who isn’t James Bond?
[This comment has been deleted by an automated system]
so you never caught a team of government officials in your living room brute forcing your bootloader at 4am as you got up to use the bathroom, huh. Lucky guy.
I mean, i do have some stuff that i encrypt, but encrypting the folder or packing it on a small partitiin and encrypting only this fs after booting makes more sense to me.
I’m an engineer with trade secrets on his laptop. I’ve heard of dozens of people getting laptops stolen from their cars that they left for like ten or fifteen minutes.
The chances are slims, but if it happens I’m in deep trouble whether those secrets leak of not. I’m not taking the risk. I’m encrypting my disk.
It’s not like there’s a difference in performance nowadays.
I’m still on the hunt for a desktop Linux distro that has no security features or passwords. My usage for this may not be common but it can’t be rare enough that there are zero options
Ubuntu, no encryption, select boot to desktop by default when the system installs.
Like, really?
Still smashing in passwords left and right
TPM bad, put your secrets on a proper encryption peripheral, like a smartcard running javacardOS
TPM will turn into cpu-bound DRM, the more you use it, the more this cancer will grow
[This comment has been deleted by an automated system]
You are only seeing what TPM is now. Not what TPM will become when it become an entire encrypted computing processor capable of executing any code while inspection is impossible.
Imagine denuvo running at ring level -1
[This comment has been deleted by an automated system]
Yes, it’s right in the name “trusted platform module”. There is no secret that their ambition is to become a space to run code outside the user’s reach and scrutiny.
They start with the most legitimate and innocuous purpose. Once it is adopted and ubiquitous it will not suffer the fate of the other attempts and rotting on the vine.
Then surprise TPM 5.0 become full scale full speed trusted execution environment and it’s too late to do anything about it. Eventually , non trusted processing capability will be phased out and only Intel and signed code will run.
deleted by creator
Today I learned that I actually set up secure boot properly. Neat!
Trusting some obscure hardware might be a bad idea then.
Why do you need full disk encryption in your day to day life? Are you a secret agent? I feel like that would give you our though.
It’s not a matter that I would have nothing to hide, this defense is stupid. It’s a matter that you should use a security adapted to your need, because the cost doesn’t offset the benefit otherwise. And with disk encryption you will far more often be sorry than happy if you’re a normal person.
Full disk encryption is something you really want to have when your computer is lost or stolen.
We use the TPM pretty extensively with no Windows in the environment.
But with a reason, I’m sure. There’s no reason for the everyday consumer to need one, other than Microsoft wanting more control.
Data encryption and decryption without entering a password is a pretty darn good reason.
Sure, but does a grandmother’s Solitaire & Facebook PC really need quick encrypting and decrypting? Anyone not dealing with sensitive info doesn’t need one.
Yes, because they are the least likely to know they are a part of a botnet
There’s no downside to having it. There’s many downsides to not having it. This seems pretty cut and dry to me.
TPM actually provides some useful components to isolate encryption outside of Ring 0, which is a trust win. But any technology must be weighted against its power to oppress.
yes, the reason is to securely store cryptographic keys. even your own. It comes preloaded with microsoft ones usually, but you’re free to delete them and install your own
It’s the way everything is moving. Hardware protected keys can be very useful but it’s a double edged sword. It’s more secure but also allows companies to lock consumers out.
We need rules that say when this tech is used the consumer still gets full control over it. Like what Google does with their Pixel phones and the Titan chip. Not what Apple does.
the average citizen has nothing to hide therefore deserves no privacy
I think you forgot a /s
I’m sure you’ll be ok sending me your social security number, home address, bank login details, credit card number, a copy of all the files on your hard drive…
I mean, you deserve no privacy right?
You do realize that he is talking about a RNG gen and not the TPM?
It is talking about the RNG built into the fTPM.
TPM is pretty important in any modern OS.
Sure you don’t need it. But it’s not 2013. It should be standard along with FDE
Whoops. Thanks. I corrected the URL in the post.
The wonders of modern technology!
I love how Torvalds always calls it like he sees it.
insert nvidia middle finger gif here
Inserted
I always just kill my TPM chip. It’s so obvious tpm will be used in the future for application offline DRM. They will executed encrypted operations under the TPM veil and decompilers will become unusable.
Just disabled it in BIOS/UEFI. Should I disable security device support too, or doesn’t it matter when fTPM is disabled?
Or depends what they mean by security service support. Presumably some kind of external (usb ?) device ?
Would love this. I’m still getting the ftpm stutters and there’s no way to disable it in my motherboards bios.
Wow I’m surprised you can’t disable it. I can disable it on my desktop BIOS (Gigabyte X570S Pro AX) and my work laptop BIOS (Dell G15).
You use a Dell G15 for work?
I do, yeah.
What is it that you do?
Website developer, pretty standard job.
I didn’t know this was a thing, it explains so much.
Based linus. Kill it, it’s pointless
I’ve had a weird system-wide stutter for months and the usual googling and troubleshooting didn’t help… omg. This might be it. Thank you Linus and thank you op.
I had it on my Windows 11 PC for a long time. I use this PC for music production and it was infuriating - the sound would just cut out intermittently like the computer couldn’t keep up. I tried lots of things, including an expensive CPU upgrade. In the end Asus released a new BIOS for the motherboard to address this AMD stutter, and that fixed it.
Which AGESA version?
Which AGESA version?
I don’t really know anything about that. Currently HWiNFO64 shows Microcode Update Revision A201025 and SMU Firmware Revision 56.74.0. I don’t know whether those are the numbers you’re asking for, or what they were while it was still having problems.
Thanks for the info! I’ll have to check that against what I’m using.
The issue is worked around in newer kernel versions. But it’s better to just update your BIOS to fix the issue.
Relevant:
😂😂😂
good thing my Ryzen 1000 series motherboard doesn’t even have TPM…I need to upgrade lool
What is that needle with a ball stuck onto it? In the photograph. Someone please help.
Microphone from a headset.
I agree. If it doesn’t work, disable it until it’s fixed
deleted by creator
Oh I disabled that a while ago because their hardware random number generator always returned 0xfffff…
Honesty, hardware random number generation seems sketchy. Something you’d expect government backdoors to be in.
