Announcement

Collapse
No announcement yet.

The State Of TPM2 Support On Linux, Better Support Coming

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • The State Of TPM2 Support On Linux, Better Support Coming

    Phoronix: The State Of TPM2 Support On Linux, Better Support Coming

    With Microsoft having begun to mandate TPM2 (Trusted Platform Module 2) support be present in all platforms for newer versions of Windows, these chips are going to become a lot more common to laptops and desktops. Thus veteran kernel developer James Bottomley is looking closely at the current and future support for TPM2 on Linux...

    http://www.phoronix.com/scan.php?pag...ux-2017-Coming

  • #2
    Microsoft and other companies involved with TPM are not interested in it so that you can have a more secure computer and be better protected.
    They are interesting in securing the computing environment from you.
    Trusted computing means that the computing environment is trusted by them not to have been tampered with by you.
    Trusted computing means that the computing environment is protected from you. You are not trusted.
    They are interested in TPM because it can be used for DRM so that Amazon, Netflix, HBO, YouTube, Spotify, etc can stream content to you without you being able to record, edit or share it.

    Last edited by uid313; 01-03-2017, 09:39 AM.

    Comment


    • #3
      Originally posted by uid313 View Post
      They are interested in TPM because it can be used for DRM so that Amazon, Netflix, HBO, YouTube, Spotify, etc can stream content to you without you being able to record, edit or share it.
      Erm.. no that's not what a TPM does. A TPM is like a smart card/Cryptographic HSM for storing private keys that you generate yourself. Microsoft use it in Windows Hello as a replacement for "remember my password" features of SAML authentication. A TPM also fixes things like OpenSSL Heartbleed by never exposing raw private keys to system processes.

      Video DRM is coming too of course. Its going to be a graphics card feature, not a TPM feature.

      Comment


      • #4
        A properly used TPM is amazing for users. Like having a built-in Yubi Key or RSA token.

        However, they are such tempting targets for backdoors that I don't know how they can be trusted. The US NSA or the Chinese must have a great desire for access to these, and there isn't any good way to verify the final silicon.

        Comment


        • #5
          Would be nice to mention that it's about mobile devices, not desktops.

          Not that it really changes something, but anyway.

          Comment


          • #6
            Ah, I see where this coming from: the developer concluded that the plague may occupy laptops at some point. I'm not sure why they thought so, but to stay corrected: the Miscrosoft's mandate is exclusively to mobile devices, and thank god, they don't have much market there (the market is mostly Android, iOS, and by rumors Blackberry, though I didn't see them anywhere except shops).

            Comment


            • #7
              Originally posted by Zan Lynx View Post
              A properly used TPM is amazing for users. Like having a built-in Yubi Key or RSA token.

              However, they are such tempting targets for backdoors that I don't know how they can be trusted. The US NSA or the Chinese must have a great desire for access to these, and there isn't any good way to verify the final silicon.
              That's the problem: it's not properly implemented/used.
              Anything that removes power of choice from you, is bad for you.
              I don't oppose having TPM and having it enabled by default.
              What i don't like is not having the choice to disable it.

              Comment


              • #8
                Originally posted by uid313 View Post
                Microsoft and other companies involved with TPM are not interested in it so that you can have a more secure computer and be better protected.
                They are interesting in securing the computing environment from you.
                Considering that 99% of the threats to a PC come by their idiot dumbfuck users, that's not even bad.

                They are interested in TPM because it can be used for DRM so that Amazon, Netflix, HBO, YouTube, Spotify, etc can stream content to you without you being able to record, edit or share it.
                Which is fine. If people likes to get ripped off, let them get ripped off.

                Comment


                • #9
                  Also, said it before and I'm saying it again, I'm NOT going to trust closed hardware with closed firmware to be truly "secure" in any way, shape or form.

                  Comment


                  • #10
                    Originally posted by starshipeleven View Post
                    Also, said it before and I'm saying it again, I'm NOT going to trust closed hardware with closed firmware to be truly "secure" in any way, shape or form.
                    I second that. Relying on any commercial TPM to secure encrypted disks shares the same problem as unlocking encypted /boot from GRUB: transferral of trust from open source software to closed firmware and closed chips.

                    My big desktop motherboards have TPM sockets, but I don't have the ability to fab my own trustworthy TPM's to fill them with. I suspect getting an AMD TPM to release my private key would be about as hard for the FBI as it was for them the time someone had set an ATA security set passphrase for their hard drive and the FBI almost instantly unlocked it. Thus I don't waste my time on closed TPMs.

                    Comment

                    Working...
                    X