• rastilin@kbin.social
    link
    fedilink
    arrow-up
    289
    arrow-down
    17
    ·
    1 year ago

    TPM is basically never for your benefit. It’s becoming a requirement because Microsoft is going to one day say “you can only run apps installed from the Windows Store, because everything else is insecure” and lock down the software market. Valve knows this which is why they’re going so hard on the Steam Deck and Linux.

      • Ghast@lemmy.ml
        link
        fedilink
        arrow-up
        48
        arrow-down
        4
        ·
        1 year ago

        I don’t know why I keep hearing of security measures to stop someone sleuthing into bootloaders.

        Am I the only person using Linux who isn’t James Bond?

        • Eager Eagle@lemmy.world
          link
          fedilink
          English
          arrow-up
          9
          ·
          1 year ago

          so you never caught a team of government officials in your living room brute forcing your bootloader at 4am as you got up to use the bathroom, huh. Lucky guy.

        • MonkderZweite@feddit.ch
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          I mean, i do have some stuff that i encrypt, but encrypting the folder or packing it on a small partitiin and encrypting only this fs after booting makes more sense to me.

        • The_Mixer_Dude@lemmus.org
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          1 year ago

          I’m still on the hunt for a desktop Linux distro that has no security features or passwords. My usage for this may not be common but it can’t be rare enough that there are zero options

        • hansl@lemmy.ml
          link
          fedilink
          arrow-up
          0
          ·
          1 year ago

          I’m an engineer with trade secrets on his laptop. I’ve heard of dozens of people getting laptops stolen from their cars that they left for like ten or fifteen minutes.

          The chances are slims, but if it happens I’m in deep trouble whether those secrets leak of not. I’m not taking the risk. I’m encrypting my disk.

          It’s not like there’s a difference in performance nowadays.

      • interdimensionalmeme@lemmy.ml
        link
        fedilink
        arrow-up
        24
        arrow-down
        8
        ·
        1 year ago

        TPM bad, put your secrets on a proper encryption peripheral, like a smartcard running javacardOS

        TPM will turn into cpu-bound DRM, the more you use it, the more this cancer will grow

          • interdimensionalmeme@lemmy.ml
            link
            fedilink
            arrow-up
            8
            arrow-down
            10
            ·
            1 year ago

            You are only seeing what TPM is now. Not what TPM will become when it become an entire encrypted computing processor capable of executing any code while inspection is impossible.

            Imagine denuvo running at ring level -1

              • interdimensionalmeme@lemmy.ml
                link
                fedilink
                arrow-up
                4
                arrow-down
                3
                ·
                1 year ago

                Yes, it’s right in the name “trusted platform module”. There is no secret that their ambition is to become a space to run code outside the user’s reach and scrutiny.

                They start with the most legitimate and innocuous purpose. Once it is adopted and ubiquitous it will not suffer the fate of the other attempts and rotting on the vine.

                Then surprise TPM 5.0 become full scale full speed trusted execution environment and it’s too late to do anything about it. Eventually , non trusted processing capability will be phased out and only Intel and signed code will run.

      • bouh@lemmy.world
        link
        fedilink
        arrow-up
        1
        arrow-down
        12
        ·
        1 year ago

        Why do you need full disk encryption in your day to day life? Are you a secret agent? I feel like that would give you our though.

        It’s not a matter that I would have nothing to hide, this defense is stupid. It’s a matter that you should use a security adapted to your need, because the cost doesn’t offset the benefit otherwise. And with disk encryption you will far more often be sorry than happy if you’re a normal person.

        • mplewis@lemmy.globe.pub
          link
          fedilink
          arrow-up
          6
          arrow-down
          1
          ·
          1 year ago

          Full disk encryption is something you really want to have when your computer is lost or stolen.

      • ArcticAmphibian@lemmus.org
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        7
        ·
        1 year ago

        But with a reason, I’m sure. There’s no reason for the everyday consumer to need one, other than Microsoft wanting more control.

        • Solar Bear@slrpnk.net
          link
          fedilink
          English
          arrow-up
          9
          arrow-down
          1
          ·
          1 year ago

          Data encryption and decryption without entering a password is a pretty darn good reason.

          • ArcticAmphibian@lemmus.org
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            7
            ·
            1 year ago

            Sure, but does a grandmother’s Solitaire & Facebook PC really need quick encrypting and decrypting? Anyone not dealing with sensitive info doesn’t need one.

        • kingthrillgore@kbin.social
          link
          fedilink
          arrow-up
          7
          ·
          1 year ago

          TPM actually provides some useful components to isolate encryption outside of Ring 0, which is a trust win. But any technology must be weighted against its power to oppress.

        • vrighter@discuss.tchncs.de
          link
          fedilink
          arrow-up
          5
          ·
          1 year ago

          yes, the reason is to securely store cryptographic keys. even your own. It comes preloaded with microsoft ones usually, but you’re free to delete them and install your own

        • knight@lemmy.zip
          link
          fedilink
          arrow-up
          4
          arrow-down
          2
          ·
          1 year ago

          It’s the way everything is moving. Hardware protected keys can be very useful but it’s a double edged sword. It’s more secure but also allows companies to lock consumers out.

          We need rules that say when this tech is used the consumer still gets full control over it. Like what Google does with their Pixel phones and the Titan chip. Not what Apple does.

          • Hexarei@programming.dev
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            I’m sure you’ll be ok sending me your social security number, home address, bank login details, credit card number, a copy of all the files on your hard drive…

            I mean, you deserve no privacy right?

    • Ret2libsanity@infosec.pub
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      4
      ·
      1 year ago

      TPM is pretty important in any modern OS.

      Sure you don’t need it. But it’s not 2013. It should be standard along with FDE