this post was submitted on 01 Aug 2023

650 points (100.0% liked)

Linux

47337 readers

1041 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz

650

Fed-up Torvalds suggests disabling AMD’s 'stupid' performance-killing fTPM RNG (www.theregister.com)

submitted 1 year ago* (last edited 1 year ago) by floofloof@lemmy.ca to c/linux@lemmy.ml

155 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] nan@lemmy.blahaj.zone 20 points 1 year ago (1 children)

We use the TPM pretty extensively with no Windows in the environment.

[–] ArcticAmphibian@lemmus.org 9 points 1 year ago (5 children)

But with a reason, I'm sure. There's no reason for the everyday consumer to need one, other than Microsoft wanting more control.

[–] bear@slrpnk.net 12 points 1 year ago (1 children)

Data encryption and decryption without entering a password is a pretty darn good reason.

[–] ArcticAmphibian@lemmus.org 2 points 1 year ago (2 children)

Sure, but does a grandmother's Solitaire & Facebook PC really need quick encrypting and decrypting? Anyone not dealing with sensitive info doesn't need one.

[–] Shere_Khan@lemmy.dbzer0.com 14 points 1 year ago (1 children)

Yes, because they are the least likely to know they are a part of a botnet

[–] JuxtaposedJaguar@lemmy.ml 3 points 1 year ago

How would at-rest encryption make it less likely that your computer joins a botnet, or more likely that you'd notice if it did?

[–] bear@slrpnk.net 9 points 1 year ago (1 children)

There's no downside to having it. There's many downsides to not having it. This seems pretty cut and dry to me.

[–] argv_minus_one@beehaw.org 2 points 1 year ago* (last edited 1 year ago) (1 children)

There’s no downside to having it.

Sure there are. If it gets compromised with malicious code, I have no way of removing it.

I can protect ring 0. I can keep crap out of ring 0. If all else fails, I can nuke everything in ring 0 and boot a fresh OS installation. But I can't do a single bleeping thing except throw out the whole machine if malware takes over ring -1.

[–] bear@slrpnk.net 1 points 1 year ago (1 children)

This is already the case with your motherboard firmware, which fTPM is a part of. You are correct in that you have no real way to handle malware in it except throw it away. This doesn't change in any way if you get rid of TPM.

[–] argv_minus_one@beehaw.org 1 points 1 year ago

It decreases the attack surface.

[–] kingthrillgore@kbin.social 10 points 1 year ago (1 children)

TPM actually provides some useful components to isolate encryption outside of Ring 0, which is a trust win. But any technology must be weighted against its power to oppress.

[–] argv_minus_one@beehaw.org 1 points 1 year ago* (last edited 1 year ago)

And its power to make the system less secure. Isolating things outside ring 0 means malware can isolate itself outside ring 0 as well, and then it's impossible to detect or remove without throwing out the entire machine.

Which is much, much scarier than anything an ordinary rootkit might do.

[–] vrighter@discuss.tchncs.de 6 points 1 year ago (1 children)

yes, the reason is to securely store cryptographic keys. even your own. It comes preloaded with microsoft ones usually, but you're free to delete them and install your own

[–] argv_minus_one@beehaw.org 2 points 1 year ago

…so far.

[–] knight@lemmy.zip 4 points 1 year ago (2 children)

It's the way everything is moving. Hardware protected keys can be very useful but it's a double edged sword. It's more secure but also allows companies to lock consumers out.

We need rules that say when this tech is used the consumer still gets full control over it. Like what Google does with their Pixel phones and the Titan chip. Not what Apple does.

[–] ReversalHatchery@beehaw.org 7 points 1 year ago

Like what google does? You mean disallowing people who use a privacy respecting android rom from using their banking apps and such? Soon very possibly banking websites included?

[–] argv_minus_one@beehaw.org 2 points 1 year ago* (last edited 1 year ago)

It's only more secure until someone discovers yet another RCE bug in the firmware, and then you've got malware in your machine that's impossible to detect or remove.

Because it's secure.

Against you.

[–] some_guy@kbin.social 3 points 1 year ago (2 children)

the average citizen has nothing to hide therefore deserves no privacy

[–] SteveTech@programming.dev 9 points 1 year ago

I think you forgot a /s

[–] Hexarei@programming.dev 3 points 1 year ago

I'm sure you'll be ok sending me your social security number, home address, bank login details, credit card number, a copy of all the files on your hard drive...

I mean, you deserve no privacy right?