People who use Linux, do you Enable Secure Boot and use the TPM (for Full Disk Encryption)? Or do you have those off?
-
"TPM is a backdoor" was something that got bandied around during the Vista era psrtially by people not understanding and partially (imo) to muddy the waters.
Secure Boot was maligned as at the time only MS were allowed to sign for it, so it was just an anti-linux locker. Later, after much haranguing, they backpedaled and allowed Canonical and Redhat to sign things, much much later, we could self sign.
TPM was also maligned around the same since MS (allegedly) had aspersions to only allow signed software which would be encrypted so that 'bad actors' (the users themselves) couldn't change 'protected' (any) executables. I think the closest we've ever seen of that is Windows S.
To be fair, we see all these things (or similar) used in the mobile and console space used to do the shitty stuff we were afraid of.
-
Reason I'm asking is because there are some people claiming that the TPM is a backdoor or something. I wonder if people on Lemmy subscribe to that belief, or no?
I don't, because I have better control over my disks. With TPM, the keys are stored within the chip itself, and I won't be able to unlock it if I boot into another OS (re-installing, dual boot, etc). With password, while inconvenient, I know that I can always unlock it, ans the chance of locking myself out is negligible.
TPM being a backdoor doesn't seem likely to me. Worst case scenario, transparent mode is just as bad as unencrypted disk. Most of the time, it adds extra security, though you are at the risk of locking yourself out.
-
Reason I'm asking is because there are some people claiming that the TPM is a backdoor or something. I wonder if people on Lemmy subscribe to that belief, or no?
Off. My system won't boot with it turned on. It just hangs at a black screen. From what I've been able to find out, it's due to unsigned video drivers.
-
To be fair, we see all these things (or similar) used in the mobile and console space used to do the shitty stuff we were afraid of.
wrote on last edited by [email protected]It's weird this didn't get more pushback on mobile. Even the mainstream press was critical when Microsoft proposed it for PCs.
-
It's weird this didn't get more pushback on mobile. Even the mainstream press was critical when Microsoft proposed it for PCs.
It was kind of the norm with phones. The shift from cellphone over feature phone to smartphone was gradual enough that outside of some enthusiasts nobody cared about running their own OS on one.
Nowadays I even wish I could run my own OS on my washing machine.
-
It was kind of the norm with phones. The shift from cellphone over feature phone to smartphone was gradual enough that outside of some enthusiasts nobody cared about running their own OS on one.
Nowadays I even wish I could run my own OS on my washing machine.
It had been the norm for phones, then Android came along and a much more PC-like level of capability became the norm for phones. SafetyNet didn't show up until five years later and it didn't get significant negative press.
-
Reason I'm asking is because there are some people claiming that the TPM is a backdoor or something. I wonder if people on Lemmy subscribe to that belief, or no?
I don't use either of those. If I were to use anything I'd use Linux's LUKS disk encryption, but as others have said, I'd rather error on the side of data recovery if I lose the keys.
-
Reason I'm asking is because there are some people claiming that the TPM is a backdoor or something. I wonder if people on Lemmy subscribe to that belief, or no?
I just use LUKS and type a boot password like a fucking pioneer of computing!
-
Reason I'm asking is because there are some people claiming that the TPM is a backdoor or something. I wonder if people on Lemmy subscribe to that belief, or no?
I use heads firmware, which seals an otp key in the tpm to let you verify the integrity of the firmware, which then uses your gpg pubkey written into the firmware to verify the integrity of the boot partition.
An open, self-controlled equivalent to secure boot that relies on the tpm and your own gpg key, instead of on vendor secure boot signing keys. Very cool project! -
Reason I'm asking is because there are some people claiming that the TPM is a backdoor or something. I wonder if people on Lemmy subscribe to that belief, or no?
Full disk encryption with LUKS. Don't really see much point in a TPM for booting my personal device, although it definitely has use cases and I don't know what's backdoorsy about it.
