529
Fed-up Torvalds suggests disabling AMD’s 'stupid' performance-killing fTPM RNG
(www.theregister.com)
this post was submitted on 01 Aug 2023
529 points (100.0% liked)
Linux
1254 readers
50 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
TPM is basically never for your benefit. It's becoming a requirement because Microsoft is going to one day say "you can only run apps installed from the Windows Store, because everything else is insecure" and lock down the software market. Valve knows this which is why they're going so hard on the Steam Deck and Linux.
[This comment has been deleted by an automated system]
This is why I keep my initrd tattooed as a barcode on my testicles.
"Please teabag the web cam to boot."
Kernel upgrades are very... Painful.
I don't know why I keep hearing of security measures to stop someone sleuthing into bootloaders.
Am I the only person using Linux who isn't James Bond?
[This comment has been deleted by an automated system]
I’m an engineer with trade secrets on his laptop. I’ve heard of dozens of people getting laptops stolen from their cars that they left for like ten or fifteen minutes.
The chances are slims, but if it happens I’m in deep trouble whether those secrets leak of not. I’m not taking the risk. I’m encrypting my disk.
It’s not like there’s a difference in performance nowadays.
TPM's not going to help with that situation, though, right? Either you're typing in your encryption password on boot (in which case you don't need TPM to keep your password), or you're not, in which case the thief has your TPM module with the password in it.
TPM bad, put your secrets on a proper encryption peripheral, like a smartcard running javacardOS
TPM will turn into cpu-bound DRM, the more you use it, the more this cancer will grow
[This comment has been deleted by an automated system]
You are only seeing what TPM is now. Not what TPM will become when it become an entire encrypted computing processor capable of executing any code while inspection is impossible.
Imagine denuvo running at ring level -1
[This comment has been deleted by an automated system]
Today I learned that I actually set up secure boot properly. Neat!
Support for old software is now the only reason to use windows.
I'm a big fan of Linux, but I can't believe you really think this.
I legitimately have not booted into windows for years.
Sadly, I agree. I'm at the point now where as long as I'm not trying to game I can thrive on Linux. But even then I spend way more time than necessary getting things to work that do so out of the box on Windows. We have a long way to go before legacy apps is the only reason to run it.
Personally I found the time I saved from not having any control over my system has more than made up for tinkering that I have to do to get things running. My laptop would regularly become unusable for 20+ minutes on windows because of disk performance issues, and I as the user had no means to prevent windows from running the service that locked everything up. That along with other times windows just decides your use case is less important have added up to far more time then having to debug a game here and there
Ungh, yeah I used to have that problem with my laptop when I was in college.
I only booted it up for classes unless I had a test coming up I needed to study for or something. Because why the fuck would I not do that - I had a regular computer at home for everything else.
Every couple weeks, that meant it was updating instead of being available for note taking, and usually for the entire hour I needed it. Because apparently setting the updates to run during shutdown wasn’t good enough, they needed to be run on boot, because fuck you that’s why.
Linux is just.. hey I should probably update this shit at some point… meh, tomorrow.
Oh it also loves to install updates on shut down. So when you need to leave the class room to go home that fucking thing tells you to not cut power because it needs to install shit. Fuck you, I need to catch my bus!
The people that prefer Windows for gaming are not the people that will have performance issues on an OS basis, their rig is powerful enough to run complex games, the OS based performance loss is negligible in comparison. Hell, I sometimes don't reboot the work computer for days and it doesn't freeze at all. The system is on an SSD and there are no hiccups nor disk performance issues. In any case, with current day prices, buying a new m2 stick and new ram is less than 100€ total, and to be honest, I'd rather pay that and be fine for 4-5 years than spend a big part of my free time trying to make witcher 3, baldur's gate 3, path of exile, tons of steam games and league working perfectly for Linux. It's just not worth it.
I use WSL for work because coding in a Linux environment is better but I still need access to office tools, because companies work with those tools.
Linux won the servers war, but it still has to do much to win the home/work computer war.
https://hothardware.com/news/steam-deck-tpm-support-install-windows-11
I mean I generally agree with you, but the SteamDeck runs on an AMD processor with a fTPM that Valve slowly added support for.
It seems unlikely Valve will ever make Windows the primary OS for their devices. And they'd lose a lot of user support if they ever required the TPM for their own software, so hopefully they wouldn't risk it.
Why does everybody seem to think that userspace attestation is the only use for the TPM? The primary use is for data to be encrypted at rest but decrypted at boot as long as certain flags aren't tripped. TPM is great for the security of your data if you know how to set it up.
Valve is never going to require TPM attestation to use Steam, that's just silly. Anti-cheat companies might, but my suggestion there is to just not play games that bundle malware.
Whatever is touted as the primary use doesn't matter as much as what anti-user features it enables.
Anti-user features which are enabled by games and programs that were already anti-user before this. Hardly worth getting upset about, nothing has really changed. You already should have been avoiding them, because they were already anti-user.
I like to think that Valve knows better than to try that.
We use the TPM pretty extensively with no Windows in the environment.
But with a reason, I'm sure. There's no reason for the everyday consumer to need one, other than Microsoft wanting more control.
Data encryption and decryption without entering a password is a pretty darn good reason.
TPM actually provides some useful components to isolate encryption outside of Ring 0, which is a trust win. But any technology must be weighted against its power to oppress.
yes, the reason is to securely store cryptographic keys. even your own. It comes preloaded with microsoft ones usually, but you're free to delete them and install your own
You do realize that he is talking about a RNG gen and not the TPM?
It is talking about the RNG built into the fTPM.
TPM is pretty important in any modern OS.
Sure you don’t need it. But it’s not 2013. It should be standard along with FDE
And now Imagine Linux had actually more market share on the Desktop. But for that, Linux needs at least a little more software support to be reliable for other people. And that software is usually not open source. Maybe with Flatpak, it will finally get somewhere in that regard, if there's enough interest from people.
its not about the software support.
its because people are lazy to learn. most people dont even know that an OS can be different.
for them windows is defacto THE PC.
Sorry but that's just wrong. Enough people simply don't even consider Linux because their needed software doesn't work + there's no equivalent alternative. And my PC/OS is not a hobby or a Ideology. It's a tool that I use to work with.
Is it really wrong? Do you have numbers? I think the most people claim above is at least plausible. It surely fits my personal experience, but that is of course not worth much.
I would argue that most people use their PC for web browsing, light photo editing and personal office stuff and maybe gaming (at least outside work) and those people are not affected by "the software I need does not work and there is no alternative".
Linux still has too many issues, for example...
These are major issues that shouldn't be issues, they should either have been fixed as a priority for the crashes or have some kind of workaround that doesn't require owning specific USBs that regular people just won't have. There's no reason for the memory compression thing either, it probably doesn't do that much for performance overall but random hard-locks are a huge negative. Linux is its own worst enemy on the desktop.
Most people dont want an OS to be different. They are happy if it boots up and does what they want to do. It's not lazy, it's an active disagreement with the premise.
This is why nobody upgrades to Windows 10 from 7, or to 11 from 10. Security risks and lack of features aside, their OS just works for them.
These things are only a concern to enthusiasts.
It's also why, as shitty behavior as it is, MS getting aggressive about upgrading to 10/11 is a net good, from a security standpoint.
I am intentionally ignoring the "10/11 is just spyware with an OS bundled in" thing in the above statement.