Whoops. Thanks. I corrected the URL in the post.
Man, I’m glad Sync for Lemmy launched today, I really missed the automatic amp removal from links.
I always just kill my TPM chip. It’s so obvious tpm will be used in the future for application offline DRM. They will executed encrypted operations under the TPM veil and decompilers will become unusable.
How do you kill your TPM chip?
Level 1, turn off in bios
Level 2, desolder from motherboard
Level 3, remove cpu pins related to tpm
Level 4, decap cpu, laser off tpm bus or blocks
Level 5, throw computer into a volcano and go live in the woods using no technology more complex than a flint and steel.
Thank you, the best I can do is level 2 (once I learn how to solder)
I love how Torvalds always calls it like he sees it.
insert nvidia middle finger gif here
Inserted
Would love this. I’m still getting the ftpm stutters and there’s no way to disable it in my motherboards bios.
Wow I’m surprised you can’t disable it. I can disable it on my desktop BIOS (Gigabyte X570S Pro AX) and my work laptop BIOS (Dell G15).
the module can cause intermittent stuttering, depending on which Ryzen processor you’re using. It appeared when the fTPM was in use, it would access its flash storage via a serial interface, and when doing so, held up activity by the rest of the system.
Could this be why I get stuttering in games after enabling TPM installing windows 11?
good thing my Ryzen 1000 series motherboard doesn’t even have TPM…I need to upgrade lool
Relevant:
😂😂😂
“Maybe use it for the boot-time ‘gather entropy from different sources,’ but clearly it should not be used at runtime.”
Good idea. Ask it during boot/
insmodfor some hardware-random bits to seed Linux’s usual software-only CSPRNG, then just use that.And even that might not be a great idea. I wouldn’t be surprised if the fTPM RNG is subtly not-entirely-random, at some alphabet agency’s behest. I remember there being a controversy over
rdrandfor this reason…The fix with any possible issues with rdrand is the same here. When entropy is gathered from many sources including hardware instructions, any nefarious plant in the chip is drowned out in a sea of noise.
I’m no cryptographer, but that seems like an awfully dangerous assumption.
Well, it’s an fTPM, aka software, and AFAIK, no software can truly have a random RNG.
So it might be very good pseudo random at best.
It could be only mostly firmware, with a hardware RNG.
If not, and it uses a CSPRNG, then I don’t see much point in using it at all. Linux already has its own CSPRNG.
Yup. I’ve been wondering if that was the thing that’s made the v6.4 kernels so unstable on Ryzen machines.
TPM is basically never for your benefit. It’s becoming a requirement because Microsoft is going to one day say “you can only run apps installed from the Windows Store, because everything else is insecure” and lock down the software market. Valve knows this which is why they’re going so hard on the Steam Deck and Linux.
[This comment has been deleted by an automated system]
This is why I keep my initrd tattooed as a barcode on my testicles.
“Please teabag the web cam to boot.”
There’s two types of users, those who write a detailed precise technical answer to the subject, and then there’s you
You know, I’ve been thinking about what I want my first tattoo to be for months, you’ve just given me a great idea
Kernel upgrades are very… Painful.
I don’t know why I keep hearing of security measures to stop someone sleuthing into bootloaders.
Am I the only person using Linux who isn’t James Bond?
[This comment has been deleted by an automated system]
so you never caught a team of government officials in your living room brute forcing your bootloader at 4am as you got up to use the bathroom, huh. Lucky guy.
TPM bad, put your secrets on a proper encryption peripheral, like a smartcard running javacardOS
TPM will turn into cpu-bound DRM, the more you use it, the more this cancer will grow
[This comment has been deleted by an automated system]
You are only seeing what TPM is now. Not what TPM will become when it become an entire encrypted computing processor capable of executing any code while inspection is impossible.
Imagine denuvo running at ring level -1
[This comment has been deleted by an automated system]
I agree. If it doesn’t work, disable it until it’s fixed
Oh I disabled that a while ago because their hardware random number generator always returned 0xfffff…
Honesty, hardware random number generation seems sketchy. Something you’d expect government backdoors to be in.
Based linus. Kill it, it’s pointless
I’ve had a weird system-wide stutter for months and the usual googling and troubleshooting didn’t help… omg. This might be it. Thank you Linus and thank you op.
