TPM is basically never for your benefit. It’s becoming a requirement because Microsoft is going to one day say “you can only run apps installed from the Windows Store, because everything else is insecure” and lock down the software market. Valve knows this which is why they’re going so hard on the Steam Deck and Linux.
I don’t know why I keep hearing of security measures to stop someone sleuthing into bootloaders.
Am I the only person using Linux who isn’t James Bond?
so you never caught a team of government officials in your living room brute forcing your bootloader at 4am as you got up to use the bathroom, huh. Lucky guy.
I’m an engineer with trade secrets on his laptop. I’ve heard of dozens of people getting laptops stolen from their cars that they left for like ten or fifteen minutes.
The chances are slims, but if it happens I’m in deep trouble whether those secrets leak of not. I’m not taking the risk. I’m encrypting my disk.
It’s not like there’s a difference in performance nowadays.
I’m still on the hunt for a desktop Linux distro that has no security features or passwords. My usage for this may not be common but it can’t be rare enough that there are zero options
TPM bad, put your secrets on a proper encryption peripheral, like a smartcard running javacardOS
TPM will turn into cpu-bound DRM, the more you use it, the more this cancer will grow
Why do you need full disk encryption in your day to day life? Are you a secret agent? I feel like that would give you our though.
It’s not a matter that I would have nothing to hide, this defense is stupid. It’s a matter that you should use a security adapted to your need, because the cost doesn’t offset the benefit otherwise. And with disk encryption you will far more often be sorry than happy if you’re a normal person.
People are imperfect. People have left laptops full of personal and/or commercially sensitive data on trains or planes, had them stolen from cars and houses etc. Full disc encryption is a defence against data breaches especially for computers that are not bolted down. Or it might be as simple as a person not wanting the embarrassment of their porn stash being found.
https://hothardware.com/news/steam-deck-tpm-support-install-windows-11
I mean I generally agree with you, but the SteamDeck runs on an AMD processor with a fTPM that Valve slowly added support for.
It seems unlikely Valve will ever make Windows the primary OS for their devices. And they’d lose a lot of user support if they ever required the TPM for their own software, so hopefully they wouldn’t risk it.
Why does everybody seem to think that userspace attestation is the only use for the TPM? The primary use is for data to be encrypted at rest but decrypted at boot as long as certain flags aren’t tripped. TPM is great for the security of your data if you know how to set it up.
Valve is never going to require TPM attestation to use Steam, that’s just silly. Anti-cheat companies might, but my suggestion there is to just not play games that bundle malware.
I doubt they would risk it as well, but the point is that it exists on the SteamDeck and can be utilized.
Sadly, I agree. I’m at the point now where as long as I’m not trying to game I can thrive on Linux. But even then I spend way more time than necessary getting things to work that do so out of the box on Windows. We have a long way to go before legacy apps is the only reason to run it.
But with a reason, I’m sure. There’s no reason for the everyday consumer to need one, other than Microsoft wanting more control.
Data encryption and decryption without entering a password is a pretty darn good reason.
TPM actually provides some useful components to isolate encryption outside of Ring 0, which is a trust win. But any technology must be weighted against its power to oppress.
yes, the reason is to securely store cryptographic keys. even your own. It comes preloaded with microsoft ones usually, but you’re free to delete them and install your own
It’s the way everything is moving. Hardware protected keys can be very useful but it’s a double edged sword. It’s more secure but also allows companies to lock consumers out.
We need rules that say when this tech is used the consumer still gets full control over it. Like what Google does with their Pixel phones and the Titan chip. Not what Apple does.
And now Imagine Linux had actually more market share on the Desktop. But for that, Linux needs at least a little more software support to be reliable for other people. And that software is usually not open source. Maybe with Flatpak, it will finally get somewhere in that regard, if there’s enough interest from people.
its not about the software support.
its because people are lazy to learn. most people dont even know that an OS can be different.
for them windows is defacto THE PC.
Most people dont want an OS to be different. They are happy if it boots up and does what they want to do. It’s not lazy, it’s an active disagreement with the premise.
This is why nobody upgrades to Windows 10 from 7, or to 11 from 10. Security risks and lack of features aside, their OS just works for them.
These things are only a concern to enthusiasts.
Sorry but that’s just wrong. Enough people simply don’t even consider Linux because their needed software doesn’t work + there’s no equivalent alternative. And my PC/OS is not a hobby or a Ideology. It’s a tool that I use to work with.
Linux still has too many issues, for example…
- Fedora doesn’t provide binary drivers even if they exist, you need to get a pluggable wifi usb tool that is supported and install the repositories and configure binary drivers to get wifi working on a huge amount of laptops.
- Ubuntu does provide binary drivers but the configuration tool can just crash by itself a lot of the time and just fail to load the driver.
- Ubuntu’s desktop sometimes just crashes.
- Fedora uses some strange memory compression driver to handle its paging file and this can sometimes just crash the OS entirely by itself.
These are major issues that shouldn’t be issues, they should either have been fixed as a priority for the crashes or have some kind of workaround that doesn’t require owning specific USBs that regular people just won’t have. There’s no reason for the memory compression thing either, it probably doesn’t do that much for performance overall but random hard-locks are a huge negative. Linux is its own worst enemy on the desktop.
Realistically windows is really good at repairing itself (or just getting it to a state where its usable again, to most users would be ‘repaired’).
Until linux has some sort of system like this, its just not worth the headache to 99% of users. The linux errors aren’t even that descriptive when they happen, and could be cause by like anything.
Most people are unable to administrate their own systems, therefore GNU/Linux–an operating system built on empowering developers and administrators–is basically unimaginable.
Microsoft and Apple have co-opted the admin duties for users, and that’s why people use their operating systems. It spares them from the disaster we all saw and experienced in the Window XP days–but that comes at a price.
It’s not software support, it’s not anythign to do with Linux. It’s a computer illiteracy problem.
Android could, in some respects, be considered linux’s biggest success story among regular users and that’s because Google co-opts admin duties.
It spares them from the disaster we all saw and experienced in the Window XP days
What disaster?