548
Fed-up Torvalds suggests disabling AMD’s 'stupid' performance-killing fTPM RNG
(www.theregister.com)
this post was submitted on 01 Aug 2023
548 points (98.9% liked)
Linux
48157 readers
678 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
TPM is basically never for your benefit. It's becoming a requirement because Microsoft is going to one day say "you can only run apps installed from the Windows Store, because everything else is insecure" and lock down the software market. Valve knows this which is why they're going so hard on the Steam Deck and Linux.
[This comment has been deleted by an automated system]
This is why I keep my initrd tattooed as a barcode on my testicles.
"Please teabag the web cam to boot."
There's two types of users, those who write a detailed precise technical answer to the subject, and then there's you
Kernel upgrades are very... Painful.
You know, I've been thinking about what I want my first tattoo to be for months, you've just given me a great idea
I don't know why I keep hearing of security measures to stop someone sleuthing into bootloaders.
Am I the only person using Linux who isn't James Bond?
[This comment has been deleted by an automated system]
so you never caught a team of government officials in your living room brute forcing your bootloader at 4am as you got up to use the bathroom, huh. Lucky guy.
I mean, i do have some stuff that i encrypt, but encrypting the folder or packing it on a small partitiin and encrypting only this fs after booting makes more sense to me.
I’m an engineer with trade secrets on his laptop. I’ve heard of dozens of people getting laptops stolen from their cars that they left for like ten or fifteen minutes.
The chances are slims, but if it happens I’m in deep trouble whether those secrets leak of not. I’m not taking the risk. I’m encrypting my disk.
It’s not like there’s a difference in performance nowadays.
I'm still on the hunt for a desktop Linux distro that has no security features or passwords. My usage for this may not be common but it can't be rare enough that there are zero options
Ubuntu, no encryption, select boot to desktop by default when the system installs.
Like, really?
Still smashing in passwords left and right
TPM bad, put your secrets on a proper encryption peripheral, like a smartcard running javacardOS
TPM will turn into cpu-bound DRM, the more you use it, the more this cancer will grow
[This comment has been deleted by an automated system]
You are only seeing what TPM is now. Not what TPM will become when it become an entire encrypted computing processor capable of executing any code while inspection is impossible.
Imagine denuvo running at ring level -1
[This comment has been deleted by an automated system]
Yes, it's right in the name "trusted platform module". There is no secret that their ambition is to become a space to run code outside the user's reach and scrutiny.
They start with the most legitimate and innocuous purpose. Once it is adopted and ubiquitous it will not suffer the fate of the other attempts and rotting on the vine.
Then surprise TPM 5.0 become full scale full speed trusted execution environment and it's too late to do anything about it. Eventually , non trusted processing capability will be phased out and only Intel and signed code will run.
Today I learned that I actually set up secure boot properly. Neat!
Trusting some obscure hardware might be a bad idea then.
Why do you need full disk encryption in your day to day life? Are you a secret agent? I feel like that would give you our though.
It's not a matter that I would have nothing to hide, this defense is stupid. It's a matter that you should use a security adapted to your need, because the cost doesn't offset the benefit otherwise. And with disk encryption you will far more often be sorry than happy if you're a normal person.
Full disk encryption is something you really want to have when your computer is lost or stolen.
We use the TPM pretty extensively with no Windows in the environment.
But with a reason, I'm sure. There's no reason for the everyday consumer to need one, other than Microsoft wanting more control.
Data encryption and decryption without entering a password is a pretty darn good reason.
Sure, but does a grandmother's Solitaire & Facebook PC really need quick encrypting and decrypting? Anyone not dealing with sensitive info doesn't need one.
Yes, because they are the least likely to know they are a part of a botnet
There's no downside to having it. There's many downsides to not having it. This seems pretty cut and dry to me.
TPM actually provides some useful components to isolate encryption outside of Ring 0, which is a trust win. But any technology must be weighted against its power to oppress.
yes, the reason is to securely store cryptographic keys. even your own. It comes preloaded with microsoft ones usually, but you're free to delete them and install your own
It's the way everything is moving. Hardware protected keys can be very useful but it's a double edged sword. It's more secure but also allows companies to lock consumers out.
We need rules that say when this tech is used the consumer still gets full control over it. Like what Google does with their Pixel phones and the Titan chip. Not what Apple does.
the average citizen has nothing to hide therefore deserves no privacy
I think you forgot a /s
I'm sure you'll be ok sending me your social security number, home address, bank login details, credit card number, a copy of all the files on your hard drive...
I mean, you deserve no privacy right?
You do realize that he is talking about a RNG gen and not the TPM?
It is talking about the RNG built into the fTPM.
TPM is pretty important in any modern OS.
Sure you don’t need it. But it’s not 2013. It should be standard along with FDE