this post was submitted on 01 Aug 2023

15 points (100.0% liked)

Linux

48329 readers

639 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz

Fed-up Torvalds suggests disabling AMD’s 'stupid' performance-killing fTPM RNG (www.theregister.com)

submitted 1 year ago* (last edited 1 year ago) by floofloof@lemmy.ca to c/linux@lemmy.ml

58 comments fedilink hide all child comments

top 50 comments

sorted by: hot top controversial new old

[–] rastilin@kbin.social 9 points 1 year ago (9 children)

TPM is basically never for your benefit. It's becoming a requirement because Microsoft is going to one day say "you can only run apps installed from the Windows Store, because everything else is insecure" and lock down the software market. Valve knows this which is why they're going so hard on the Steam Deck and Linux.

[–] skullgiver@popplesburger.hilciferous.nl 5 points 1 year ago* (last edited 1 year ago) (4 children)

[This comment has been deleted by an automated system]

[–] Ghast@lemmy.ml 3 points 1 year ago (6 children)

I don't know why I keep hearing of security measures to stop someone sleuthing into bootloaders.

Am I the only person using Linux who isn't James Bond?

[–] skullgiver@popplesburger.hilciferous.nl 2 points 1 year ago* (last edited 1 year ago)

[This comment has been deleted by an automated system]

[–] eager_eagle@lemmy.world 1 points 1 year ago

so you never caught a team of government officials in your living room brute forcing your bootloader at 4am as you got up to use the bathroom, huh. Lucky guy.

load more comments (4 replies)

[–] socsa@lemmy.ml 3 points 1 year ago (5 children)

This is why I keep my initrd tattooed as a barcode on my testicles.

[–] evatronic@lemm.ee 3 points 1 year ago

"Please teabag the web cam to boot."

[–] JuxtaposedJaguar@lemmy.ml 2 points 1 year ago

Kernel upgrades are very... Painful.

[–] zalgotext@sh.itjust.works 1 points 1 year ago

You know, I've been thinking about what I want my first tattoo to be for months, you've just given me a great idea

[–] Wats0ns@sh.itjust.works 1 points 1 year ago

There's two types of users, those who write a detailed precise technical answer to the subject, and then there's you

[–] interdimensionalmeme@lemmy.ml 1 points 1 year ago (1 children)

TPM bad, put your secrets on a proper encryption peripheral, like a smartcard running javacardOS

TPM will turn into cpu-bound DRM, the more you use it, the more this cancer will grow

[–] skullgiver@popplesburger.hilciferous.nl 2 points 1 year ago* (last edited 1 year ago) (1 children)

[This comment has been deleted by an automated system]

[–] interdimensionalmeme@lemmy.ml 0 points 1 year ago (1 children)

You are only seeing what TPM is now. Not what TPM will become when it become an entire encrypted computing processor capable of executing any code while inspection is impossible.

Imagine denuvo running at ring level -1

[–] skullgiver@popplesburger.hilciferous.nl 1 points 1 year ago* (last edited 1 year ago)

[This comment has been deleted by an automated system]

[–] MonkderZweite@feddit.ch 0 points 1 year ago

Trusting some obscure hardware might be a bad idea then.

[–] nan@lemmy.blahaj.zone 0 points 1 year ago (1 children)

We use the TPM pretty extensively with no Windows in the environment.

[–] ArcticAmphibian@lemmus.org 0 points 1 year ago (1 children)

But with a reason, I'm sure. There's no reason for the everyday consumer to need one, other than Microsoft wanting more control.

[–] bear@slrpnk.net 0 points 1 year ago (1 children)

Data encryption and decryption without entering a password is a pretty darn good reason.

[–] ArcticAmphibian@lemmus.org 1 points 1 year ago (2 children)

Sure, but does a grandmother's Solitaire & Facebook PC really need quick encrypting and decrypting? Anyone not dealing with sensitive info doesn't need one.

[–] bear@slrpnk.net 0 points 1 year ago (1 children)

There's no downside to having it. There's many downsides to not having it. This seems pretty cut and dry to me.

[–] argv_minus_one@beehaw.org 1 points 1 year ago* (last edited 1 year ago)

There’s no downside to having it.

Sure there are. If it gets compromised with malicious code, I have no way of removing it.

I can protect ring 0. I can keep crap out of ring 0. If all else fails, I can nuke everything in ring 0 and boot a fresh OS installation. But I can't do a single bleeping thing except throw out the whole machine if malware takes over ring -1.

[–] Shere_Khan@lemmy.dbzer0.com 0 points 1 year ago (1 children)

Yes, because they are the least likely to know they are a part of a botnet

[–] JuxtaposedJaguar@lemmy.ml 1 points 1 year ago

How would at-rest encryption make it less likely that your computer joins a botnet, or more likely that you'd notice if it did?

[–] dingus@lemmy.ml 0 points 1 year ago (1 children)

https://hothardware.com/news/steam-deck-tpm-support-install-windows-11

I mean I generally agree with you, but the SteamDeck runs on an AMD processor with a fTPM that Valve slowly added support for.

[–] floofloof@lemmy.ca 0 points 1 year ago* (last edited 1 year ago) (2 children)

It seems unlikely Valve will ever make Windows the primary OS for their devices. And they'd lose a lot of user support if they ever required the TPM for their own software, so hopefully they wouldn't risk it.

[–] bear@slrpnk.net 0 points 1 year ago* (last edited 1 year ago) (1 children)

Why does everybody seem to think that userspace attestation is the only use for the TPM? The primary use is for data to be encrypted at rest but decrypted at boot as long as certain flags aren't tripped. TPM is great for the security of your data if you know how to set it up.

Valve is never going to require TPM attestation to use Steam, that's just silly. Anti-cheat companies might, but my suggestion there is to just not play games that bundle malware.

[–] fred@lemmy.ml 1 points 1 year ago

Whatever is touted as the primary use doesn't matter as much as what anti-user features it enables.

[–] dingus@lemmy.ml 0 points 1 year ago (1 children)

I doubt they would risk it as well, but the point is that it exists on the SteamDeck and can be utilized.

[–] some_guy@kbin.social 0 points 1 year ago (1 children)

So what’s your point?

[–] dingus@lemmy.ml 1 points 1 year ago

TPM is basically never for your benefit. It’s becoming a requirement because Microsoft is going to one day say “you can only run apps installed from the Windows Store, because everything else is insecure” and lock down the software market. Valve knows this which is why they’re going so hard on the Steam Deck and Linux.

This is the comment I was replying to. I was simply pointing out that for a company "going hard" on SteamDeck and Linux, it's curious that they would spend any amount of effort at all enabling the TPM to allow people to run Windows. I guess my point is I don't think they're "going hard" quite as much as the person I responded to thinks.

Also it was just pointing out that this specifically can affect the SteamDeck since they use an AMD processor with AMD fTPM.

load more comments (6 replies)

[–] interdimensionalmeme@lemmy.ml 3 points 1 year ago (2 children)

I always just kill my TPM chip. It's so obvious tpm will be used in the future for application offline DRM. They will executed encrypted operations under the TPM veil and decompilers will become unusable.

load more comments (2 replies)

[–] Anticorp@lemmy.ml 3 points 1 year ago (1 children)

I love how Torvalds always calls it like he sees it.

[–] ken27238@lemmy.ml 1 points 1 year ago (1 children)

insert nvidia middle finger gif here

[–] chris@l.roofo.cc 1 points 1 year ago

Inserted

linus Torvalds showing his middle finger towards the camera and at nvidia

[–] glibg10b@lemmy.ml 2 points 1 year ago

Non-AMP link: https://www.theregister.com/2023/07/31/linus_torvalds_ftpm/

[–] shapis@lemmy.ml 1 points 1 year ago (1 children)

Would love this. I'm still getting the ftpm stutters and there's no way to disable it in my motherboards bios.

[–] ipkpjersi@lemmy.ml 1 points 1 year ago* (last edited 1 year ago) (4 children)

Wow I'm surprised you can't disable it. I can disable it on my desktop BIOS (Gigabyte X570S Pro AX) and my work laptop BIOS (Dell G15).

load more comments (4 replies)

[–] ryannathans@lemmy.fmhy.net 1 points 1 year ago

Based linus. Kill it, it's pointless

[–] argv_minus_one@beehaw.org 1 points 1 year ago

"Maybe use it for the boot-time 'gather entropy from different sources,' but clearly it should not be used at runtime."

Good idea. Ask it during boot/insmod for some hardware-random bits to seed Linux's usual software-only CSPRNG, then just use that.

And even that might not be a great idea. I wouldn't be surprised if the fTPM RNG is subtly not-entirely-random, at some alphabet agency's behest. I remember there being a controversy over rdrand for this reason…

[–] FunkyMonkey@feddit.de 1 points 1 year ago

I've had a weird system-wide stutter for months and the usual googling and troubleshooting didn't help.. omg. This might be it. Thank you Linus and thank you op.

load more comments