TPM is basically never for your benefit. It’s becoming a requirement because Microsoft is going to one day say “you can only run apps installed from the Windows Store, because everything else is insecure” and lock down the software market. Valve knows this which is why they’re going so hard on the Steam Deck and Linux.
[This comment has been deleted by an automated system]
This is why I keep my initrd tattooed as a barcode on my testicles.
“Please teabag the web cam to boot.”
Kernel upgrades are very… Painful.
There’s two types of users, those who write a detailed precise technical answer to the subject, and then there’s you
You know, I’ve been thinking about what I want my first tattoo to be for months, you’ve just given me a great idea
I don’t know why I keep hearing of security measures to stop someone sleuthing into bootloaders.
Am I the only person using Linux who isn’t James Bond?
[This comment has been deleted by an automated system]
so you never caught a team of government officials in your living room brute forcing your bootloader at 4am as you got up to use the bathroom, huh. Lucky guy.
TPM bad, put your secrets on a proper encryption peripheral, like a smartcard running javacardOS
TPM will turn into cpu-bound DRM, the more you use it, the more this cancer will grow
[This comment has been deleted by an automated system]
You are only seeing what TPM is now. Not what TPM will become when it become an entire encrypted computing processor capable of executing any code while inspection is impossible.
Imagine denuvo running at ring level -1
[This comment has been deleted by an automated system]
I love how Torvalds always calls it like he sees it.
insert nvidia middle finger gif here
Inserted
I always just kill my TPM chip. It’s so obvious tpm will be used in the future for application offline DRM. They will executed encrypted operations under the TPM veil and decompilers will become unusable.
How do you kill your TPM chip?
Level 1, turn off in bios
Level 2, desolder from motherboard
Level 3, remove cpu pins related to tpm
Level 4, decap cpu, laser off tpm bus or blocks
I’ve had a weird system-wide stutter for months and the usual googling and troubleshooting didn’t help… omg. This might be it. Thank you Linus and thank you op.
Would love this. I’m still getting the ftpm stutters and there’s no way to disable it in my motherboards bios.
“Maybe use it for the boot-time ‘gather entropy from different sources,’ but clearly it should not be used at runtime.”
Good idea. Ask it during boot/
insmodfor some hardware-random bits to seed Linux’s usual software-only CSPRNG, then just use that.And even that might not be a great idea. I wouldn’t be surprised if the fTPM RNG is subtly not-entirely-random, at some alphabet agency’s behest. I remember there being a controversy over
rdrandfor this reason…Based linus. Kill it, it’s pointless
