this post was submitted on 10 Oct 2025
98 points (100.0% liked)

Linux

9810 readers
946 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
98
Linux Now Disabling TPM Bus Encryption By Default For Performance Reasons (www.phoronix.com)
submitted 1 week ago by cm0002@lemmy.zip to c/linux@programming.dev
22 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] possiblylinux127@lemmy.zip 1 points 1 week ago (1 children)

TPMs protect against evil maid attacks

Android has a nice solution with the system vs user encryption

[–] sapousername@mastodon.uno 0 points 1 week ago (1 children)

@possiblylinux127 And allows to decrypt the disk if someone steals your laptop: it can just turn it on to read it...

[–] possiblylinux127@lemmy.zip 1 points 1 week ago (1 children)

That isn't how TPMs work

The TPM checks the signature of the software with the signature it has internally. If that signature changes it will refuse to release the keys.

[–] sapousername@mastodon.uno 0 points 1 week ago* (last edited 1 week ago) (1 children)

@possiblylinux127 Exactly. So if someone steals your laptop it can just press the power on button to read your disk. Security my ass.

[–] possiblylinux127@lemmy.zip 1 points 1 week ago (1 children)

...if they can log in

[–] sapousername@mastodon.uno -2 points 1 week ago (1 children)

@possiblylinux127

  1. Password is not mandatory
  2. Some organizations require ultra-simple password formats (e.g. 6 digits)
  3. Afaik password is not enabled by default in windows

Call this security... It's just a marketing lock-in strategy. A good old password is all you need for encrypting a disk.

[–] possiblylinux127@lemmy.zip 2 points 1 week ago

...Except none of that is true