• rastilin@kbin.social
    link
    fedilink
    arrow-up
    7
    ·
    1 year ago

    TPM is basically never for your benefit. It’s becoming a requirement because Microsoft is going to one day say “you can only run apps installed from the Windows Store, because everything else is insecure” and lock down the software market. Valve knows this which is why they’re going so hard on the Steam Deck and Linux.

      • Ghast@lemmy.ml
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        I don’t know why I keep hearing of security measures to stop someone sleuthing into bootloaders.

        Am I the only person using Linux who isn’t James Bond?

        • Eager Eagle@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          so you never caught a team of government officials in your living room brute forcing your bootloader at 4am as you got up to use the bathroom, huh. Lucky guy.

        • hansl@lemmy.ml
          link
          fedilink
          arrow-up
          0
          ·
          1 year ago

          I’m an engineer with trade secrets on his laptop. I’ve heard of dozens of people getting laptops stolen from their cars that they left for like ten or fifteen minutes.

          The chances are slims, but if it happens I’m in deep trouble whether those secrets leak of not. I’m not taking the risk. I’m encrypting my disk.

          It’s not like there’s a difference in performance nowadays.

          • duncesplayed@lemmy.one
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            TPM’s not going to help with that situation, though, right? Either you’re typing in your encryption password on boot (in which case you don’t need TPM to keep your password), or you’re not, in which case the thief has your TPM module with the password in it.

        • The_Mixer_Dude@lemmus.org
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 year ago

          I’m still on the hunt for a desktop Linux distro that has no security features or passwords. My usage for this may not be common but it can’t be rare enough that there are zero options

      • interdimensionalmeme@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        TPM bad, put your secrets on a proper encryption peripheral, like a smartcard running javacardOS

        TPM will turn into cpu-bound DRM, the more you use it, the more this cancer will grow

      • floofloof@lemmy.caOP
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        1 year ago

        It seems unlikely Valve will ever make Windows the primary OS for their devices. And they’d lose a lot of user support if they ever required the TPM for their own software, so hopefully they wouldn’t risk it.

        • Hot Saucerman@lemmy.ml
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 year ago

          I doubt they would risk it as well, but the point is that it exists on the SteamDeck and can be utilized.

            • Hot Saucerman@lemmy.ml
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              TPM is basically never for your benefit. It’s becoming a requirement because Microsoft is going to one day say “you can only run apps installed from the Windows Store, because everything else is insecure” and lock down the software market. Valve knows this which is why they’re going so hard on the Steam Deck and Linux.

              This is the comment I was replying to. I was simply pointing out that for a company “going hard” on SteamDeck and Linux, it’s curious that they would spend any amount of effort at all enabling the TPM to allow people to run Windows. I guess my point is I don’t think they’re “going hard” quite as much as the person I responded to thinks.

              Also it was just pointing out that this specifically can affect the SteamDeck since they use an AMD processor with AMD fTPM.

        • Solar Bear@slrpnk.net
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          1 year ago

          Why does everybody seem to think that userspace attestation is the only use for the TPM? The primary use is for data to be encrypted at rest but decrypted at boot as long as certain flags aren’t tripped. TPM is great for the security of your data if you know how to set it up.

          Valve is never going to require TPM attestation to use Steam, that’s just silly. Anti-cheat companies might, but my suggestion there is to just not play games that bundle malware.

          • fred@lemmy.ml
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            Whatever is touted as the primary use doesn’t matter as much as what anti-user features it enables.

      • ArcticAmphibian@lemmus.org
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        But with a reason, I’m sure. There’s no reason for the everyday consumer to need one, other than Microsoft wanting more control.

          • ArcticAmphibian@lemmus.org
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Sure, but does a grandmother’s Solitaire & Facebook PC really need quick encrypting and decrypting? Anyone not dealing with sensitive info doesn’t need one.

            • Solar Bear@slrpnk.net
              link
              fedilink
              English
              arrow-up
              0
              ·
              1 year ago

              There’s no downside to having it. There’s many downsides to not having it. This seems pretty cut and dry to me.

              • argv_minus_one@beehaw.org
                link
                fedilink
                English
                arrow-up
                1
                ·
                edit-2
                1 year ago

                There’s no downside to having it.

                Sure there are. If it gets compromised with malicious code, I have no way of removing it.

                I can protect ring 0. I can keep crap out of ring 0. If all else fails, I can nuke everything in ring 0 and boot a fresh OS installation. But I can’t do a single bleeping thing except throw out the whole machine if malware takes over ring -1.

              • JuxtaposedJaguar@lemmy.ml
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                How would at-rest encryption make it less likely that your computer joins a botnet, or more likely that you’d notice if it did?

    • Rhabuko@feddit.de
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      1 year ago

      And now Imagine Linux had actually more market share on the Desktop. But for that, Linux needs at least a little more software support to be reliable for other people. And that software is usually not open source. Maybe with Flatpak, it will finally get somewhere in that regard, if there’s enough interest from people.

      • PoisonedPrisonPanda@discuss.tchncs.de
        link
        fedilink
        arrow-up
        0
        ·
        1 year ago

        its not about the software support.

        its because people are lazy to learn. most people dont even know that an OS can be different.

        for them windows is defacto THE PC.

        • Rhabuko@feddit.de
          link
          fedilink
          arrow-up
          0
          ·
          1 year ago

          Sorry but that’s just wrong. Enough people simply don’t even consider Linux because their needed software doesn’t work + there’s no equivalent alternative. And my PC/OS is not a hobby or a Ideology. It’s a tool that I use to work with.

          • CAPSLOCKFTW@lemmy.ml
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            Is it really wrong? Do you have numbers? I think the most people claim above is at least plausible. It surely fits my personal experience, but that is of course not worth much.

            I would argue that most people use their PC for web browsing, light photo editing and personal office stuff and maybe gaming (at least outside work) and those people are not affected by “the software I need does not work and there is no alternative”.

            • honk@feddit.de
              link
              fedilink
              English
              arrow-up
              0
              ·
              1 year ago

              Your first point is web browsing. Even that doesn‘t work properly on a linux desktop lol. Browser performance is abysmal because the browsers lack out of the box support for hardware acceleration. Even if you get it to work it might not work reliably and an update might break it again.

              Try using a discord call and open a youtube video in 4k at the same time on a a freshly installed linux desktop. The audio will be choppy and the video will drop frames like crazy. Just moving around windows on your desktop is not nearly as smooth as it is on windows.

              • CAPSLOCKFTW@lemmy.ml
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                You seem to be very misinformed. Browsers do not lack hardware acceleration. Some distributions do not include the necessary packets in their default configuration. Some. And when you get it to work, like in Arch Linux, where almost nothing is installed by default, it works flawlessly for years, never had an update breaking browser hardware acceleration.

                I can run 12 4k youtube videos at the same time and route the audio to different channels of my different audio devices AND accept several calls from different webapps and the only thing that is not smooth is your way of discussing things LOL