Linux To Allow Disabling TPM PCR Integrity Protection Due To Performance Bottleneck

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • phoronix
    Administrator
    • Jan 2007
    • 67186

    Linux To Allow Disabling TPM PCR Integrity Protection Due To Performance Bottleneck

    Phoronix: Linux To Allow Disabling TPM PCR Integrity Protection Due To Performance Bottleneck

    Linux 6.10 introduced TPM bus encryption and integrity protection for enhancing the Trusted Platform Module support to protect against interposers from compromising them with TPM sniffing attacks. There is now a new option being added to opt-out of this protection due to a discovered performance bottleneck...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
  • jeisom
    Senior Member
    • Mar 2013
    • 265

    #2
    Seems like if you are worried about an interposer that you should maybe only disable it once logged in or at least periodically check, just not necessarily every time.

    Comment

    • coder
      Senior Member
      • Nov 2014
      • 8863

      #3
      Uh, what sorts of performance impacts should this have? I wonder if we can see a broad suite of benchmarks with it enabled/disabled on AMD & Intel, Michael?

      Comment

      • Espionage724
        Senior Member
        • Sep 2024
        • 333

        #4
        Cool. I usually run with TPM disabled. I'm thinking I'd like the integrity checks to stay enabled if I'm relying on the TPM for security; if the perf hit was too much, I'd likely opt for not using the TPM at all vs making it less-secure.

        Along with a separate option, I feel like this should also be toggled with mitigations=off

        Comment

        • stormcrow
          Senior Member
          • Jul 2017
          • 1511

          #5
          Originally posted by Espionage724 View Post
          Cool. I usually run with TPM disabled. I'm thinking I'd like the integrity checks to stay enabled if I'm relying on the TPM for security; if the perf hit was too much, I'd likely opt for not using the TPM at all vs making it less-secure.

          Along with a separate option, I feel like this should also be toggled with mitigations=off
          Only applies to add-on TPM hardware modules. TPMs that are built into the CPU can't be physically snooped. The vast majority of TPMs on client systems in the past several years have been the later type facilitated via firmware modules (and have their own problems).

          Comment

          • Old Grouch
            Senior Member
            • Apr 2020
            • 675

            #6
            Originally posted by stormcrow View Post

            Only applies to add-on TPM hardware modules. TPMs that are built into the CPU can't easily be physically snooped. The vast majority of TPMs on client systems in the past several years have been the later type facilitated via firmware modules (and have their own problems).
            Can't is a strong word. Moving the TPM onto the CPU die means that you can't snoop by clipping a monitor connection to the macroscopic bus connecting to the TPM, however, I suspect university labs, large-enough criminal groups, and (signals) intelligence agencies have access methods that the average hardware tinkerer does not.

            Moving the TPM onto the CPU die does remove a whole swathe of attacks, but it doesn't remove all risks, and as ever, evaluation of the likelihood of the attacks you are protecting against is necessary.

            Comment

            Working...
            X