• rastilin@kbin.social
    link
    fedilink
    arrow-up
    354
    ·
    1 year ago

    TPM is basically never for your benefit. It’s becoming a requirement because Microsoft is going to one day say “you can only run apps installed from the Windows Store, because everything else is insecure” and lock down the software market. Valve knows this which is why they’re going so hard on the Steam Deck and Linux.

      • Ghast@lemmy.ml
        link
        fedilink
        arrow-up
        54
        ·
        1 year ago

        I don’t know why I keep hearing of security measures to stop someone sleuthing into bootloaders.

        Am I the only person using Linux who isn’t James Bond?

        • Eager Eagle@lemmy.world
          link
          fedilink
          English
          arrow-up
          10
          ·
          1 year ago

          so you never caught a team of government officials in your living room brute forcing your bootloader at 4am as you got up to use the bathroom, huh. Lucky guy.

        • hansl@lemmy.ml
          link
          fedilink
          arrow-up
          8
          ·
          1 year ago

          I’m an engineer with trade secrets on his laptop. I’ve heard of dozens of people getting laptops stolen from their cars that they left for like ten or fifteen minutes.

          The chances are slims, but if it happens I’m in deep trouble whether those secrets leak of not. I’m not taking the risk. I’m encrypting my disk.

          It’s not like there’s a difference in performance nowadays.

          • duncesplayed@lemmy.one
            link
            fedilink
            English
            arrow-up
            6
            ·
            1 year ago

            TPM’s not going to help with that situation, though, right? Either you’re typing in your encryption password on boot (in which case you don’t need TPM to keep your password), or you’re not, in which case the thief has your TPM module with the password in it.

            • pcouy@lemmy.pierre-couy.fr
              link
              fedilink
              arrow-up
              2
              ·
              1 year ago

              From what I understand, TPM is “trusted” because of the fact the secrets it contains are supposed to be safe from an attacker with hardware access.

              This is what makes it good at protecting data in case of a stolen laptop. This is also what makes it good at enforcing offline DRM or any kind of system where manufacturers can restrict the kind of software users can run on their hardware.

        • JuxtaposedJaguar@lemmy.ml
          link
          fedilink
          arrow-up
          3
          ·
          1 year ago

          It’s 30% legitimate concern over a non-negligible risk of government overreach, 70% having fun pretending to be James Bond.

        • MonkderZweite@feddit.ch
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          I mean, i do have some stuff that i encrypt, but encrypting the folder or packing it on a small partitiin and encrypting only this fs after booting makes more sense to me.

        • The_Mixer_Dude@lemmus.org
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          I’m still on the hunt for a desktop Linux distro that has no security features or passwords. My usage for this may not be common but it can’t be rare enough that there are zero options

      • interdimensionalmeme@lemmy.ml
        link
        fedilink
        arrow-up
        31
        ·
        1 year ago

        TPM bad, put your secrets on a proper encryption peripheral, like a smartcard running javacardOS

        TPM will turn into cpu-bound DRM, the more you use it, the more this cancer will grow

          • interdimensionalmeme@lemmy.ml
            link
            fedilink
            arrow-up
            8
            ·
            1 year ago

            You are only seeing what TPM is now. Not what TPM will become when it become an entire encrypted computing processor capable of executing any code while inspection is impossible.

            Imagine denuvo running at ring level -1

              • interdimensionalmeme@lemmy.ml
                link
                fedilink
                arrow-up
                4
                ·
                1 year ago

                Yes, it’s right in the name “trusted platform module”. There is no secret that their ambition is to become a space to run code outside the user’s reach and scrutiny.

                They start with the most legitimate and innocuous purpose. Once it is adopted and ubiquitous it will not suffer the fate of the other attempts and rotting on the vine.

                Then surprise TPM 5.0 become full scale full speed trusted execution environment and it’s too late to do anything about it. Eventually , non trusted processing capability will be phased out and only Intel and signed code will run.

      • bouh@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        Why do you need full disk encryption in your day to day life? Are you a secret agent? I feel like that would give you our though.

        It’s not a matter that I would have nothing to hide, this defense is stupid. It’s a matter that you should use a security adapted to your need, because the cost doesn’t offset the benefit otherwise. And with disk encryption you will far more often be sorry than happy if you’re a normal person.

        • mplewis@lemmy.globe.pub
          link
          fedilink
          arrow-up
          7
          arrow-down
          1
          ·
          1 year ago

          Full disk encryption is something you really want to have when your computer is lost or stolen.

        • mackwinston@feddit.uk
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          edit-2
          1 year ago

          People are imperfect. People have left laptops full of personal and/or commercially sensitive data on trains or planes, had them stolen from cars and houses etc. Full disc encryption is a defence against data breaches especially for computers that are not bolted down. Or it might be as simple as a person not wanting the embarrassment of their porn stash being found.

        • bluejay@lemmy.dbzer0.com
          link
          fedilink
          arrow-up
          14
          ·
          1 year ago

          Sadly, I agree. I’m at the point now where as long as I’m not trying to game I can thrive on Linux. But even then I spend way more time than necessary getting things to work that do so out of the box on Windows. We have a long way to go before legacy apps is the only reason to run it.

          • HuntressHimbo@lemm.ee
            link
            fedilink
            arrow-up
            19
            ·
            1 year ago

            Personally I found the time I saved from not having any control over my system has more than made up for tinkering that I have to do to get things running. My laptop would regularly become unusable for 20+ minutes on windows because of disk performance issues, and I as the user had no means to prevent windows from running the service that locked everything up. That along with other times windows just decides your use case is less important have added up to far more time then having to debug a game here and there

            • Apathy Tree@lemmy.dbzer0.com
              link
              fedilink
              English
              arrow-up
              11
              ·
              1 year ago

              Ungh, yeah I used to have that problem with my laptop when I was in college.

              I only booted it up for classes unless I had a test coming up I needed to study for or something. Because why the fuck would I not do that - I had a regular computer at home for everything else.

              Every couple weeks, that meant it was updating instead of being available for note taking, and usually for the entire hour I needed it. Because apparently setting the updates to run during shutdown wasn’t good enough, they needed to be run on boot, because fuck you that’s why.

              Linux is just… hey I should probably update this shit at some point… meh, tomorrow.

              • aksdb@feddit.de
                link
                fedilink
                English
                arrow-up
                7
                ·
                1 year ago

                Because apparently setting the updates to run during shutdown wasn’t good enough, they needed to be run on boot, because fuck you that’s why.

                Oh it also loves to install updates on shut down. So when you need to leave the class room to go home that fucking thing tells you to not cut power because it needs to install shit. Fuck you, I need to catch my bus!

                • Apathy Tree@lemmy.dbzer0.com
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  1 year ago

                  Legit idgaf if you want to be plugged in for an update, if it’s inconvenient I’m unplugging it, fuck you for thinking I won’t, and it’s above 60% battery so it doesn’t matter anyway.

                  Maybe if my computer wasn’t buying so much avocado toast it could manage resources better.

            • Fushuan [he/him]@lemm.ee
              link
              fedilink
              arrow-up
              6
              ·
              1 year ago

              The people that prefer Windows for gaming are not the people that will have performance issues on an OS basis, their rig is powerful enough to run complex games, the OS based performance loss is negligible in comparison. Hell, I sometimes don’t reboot the work computer for days and it doesn’t freeze at all. The system is on an SSD and there are no hiccups nor disk performance issues. In any case, with current day prices, buying a new m2 stick and new ram is less than 100€ total, and to be honest, I’d rather pay that and be fine for 4-5 years than spend a big part of my free time trying to make witcher 3, baldur’s gate 3, path of exile, tons of steam games and league working perfectly for Linux. It’s just not worth it.

              I use WSL for work because coding in a Linux environment is better but I still need access to office tools, because companies work with those tools.

              Linux won the servers war, but it still has to do much to win the home/work computer war.

          • kyub@social.tchncs.de
            link
            fedilink
            arrow-up
            4
            ·
            edit-2
            1 year ago

            “Long way” won’t be long, because Google 2.0, err, MS’ direction continues to make Win worse over time (cloudify everything, extract more data and strip more rights+control from each user, and gain more money via price-increasing subscription models) while the open source desktop ecosystem around Linux is getting noticeably better for almost every user every ~5 years or so. The era of Windows as a “pure” OS died with W7. Since W10, it’s OS + integrated malware. Start of downfall.

            • bluejay@lemmy.dbzer0.com
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              Those things matter to you and me but we’re in the minority. As long as Johnny Gamer and Grandma Facebooker can still do their preferred activities in Windows there’s a close to zero percent chance they’ll put the effort into making the switch.

      • floofloof@lemmy.caOP
        link
        fedilink
        English
        arrow-up
        26
        ·
        edit-2
        1 year ago

        It seems unlikely Valve will ever make Windows the primary OS for their devices. And they’d lose a lot of user support if they ever required the TPM for their own software, so hopefully they wouldn’t risk it.

        • Solar Bear@slrpnk.net
          link
          fedilink
          English
          arrow-up
          31
          ·
          edit-2
          1 year ago

          Why does everybody seem to think that userspace attestation is the only use for the TPM? The primary use is for data to be encrypted at rest but decrypted at boot as long as certain flags aren’t tripped. TPM is great for the security of your data if you know how to set it up.

          Valve is never going to require TPM attestation to use Steam, that’s just silly. Anti-cheat companies might, but my suggestion there is to just not play games that bundle malware.

          • fred@lemmy.ml
            link
            fedilink
            arrow-up
            11
            ·
            1 year ago

            Whatever is touted as the primary use doesn’t matter as much as what anti-user features it enables.

            • Solar Bear@slrpnk.net
              link
              fedilink
              English
              arrow-up
              8
              ·
              1 year ago

              Anti-user features which are enabled by games and programs that were already anti-user before this. Hardly worth getting upset about, nothing has really changed. You already should have been avoiding them, because they were already anti-user.

        • Hot Saucerman@lemmy.ml
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          I doubt they would risk it as well, but the point is that it exists on the SteamDeck and can be utilized.

            • Hot Saucerman@lemmy.ml
              link
              fedilink
              English
              arrow-up
              3
              ·
              1 year ago

              TPM is basically never for your benefit. It’s becoming a requirement because Microsoft is going to one day say “you can only run apps installed from the Windows Store, because everything else is insecure” and lock down the software market. Valve knows this which is why they’re going so hard on the Steam Deck and Linux.

              This is the comment I was replying to. I was simply pointing out that for a company “going hard” on SteamDeck and Linux, it’s curious that they would spend any amount of effort at all enabling the TPM to allow people to run Windows. I guess my point is I don’t think they’re “going hard” quite as much as the person I responded to thinks.

              Also it was just pointing out that this specifically can affect the SteamDeck since they use an AMD processor with AMD fTPM.

              • jaykstah@waveform.social
                link
                fedilink
                English
                arrow-up
                3
                ·
                1 year ago

                They are “going hard” the way I see it. Without Valve doing legwork behind the scenes and collaborating with anticheat developers we wouldn’t even have Apex Legends running on Linux like we’ve had for a year and a half. They’ve been talking about wanting to use Linux as a viable PC gaming platform to escape Microsofts lockdown of their platform since the days of Steam Machines when Windows 8 and the new store app were giving bad signs.

                Either way Valve would be silly not to provide a compatible way to use Windows on the Deck. Even though the situation is much better these days, they know very well that a lot of enthusiast PC gamers would be dismissive of the Deck if Windows couldn’t work properly on it and that word of mouth would bring less confidence in the product.

                • Bulletdust@lemmy.ml
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  1 year ago

                  Does EAC work correctly playing Apex Legends under Linux? If it does I’ll download the game tonight.

              • rastilin@kbin.social
                link
                fedilink
                arrow-up
                2
                ·
                1 year ago

                I don’t see how it affects the Steam Deck. It’s entirely possible that the Steam Deck supports fTPM purely because it was part of the motherboard template Valve chose and it would have been more trouble to change it than to just leave it in.

      • ArcticAmphibian@lemmus.org
        link
        fedilink
        English
        arrow-up
        9
        ·
        1 year ago

        But with a reason, I’m sure. There’s no reason for the everyday consumer to need one, other than Microsoft wanting more control.

          • ArcticAmphibian@lemmus.org
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            Sure, but does a grandmother’s Solitaire & Facebook PC really need quick encrypting and decrypting? Anyone not dealing with sensitive info doesn’t need one.

              • JuxtaposedJaguar@lemmy.ml
                link
                fedilink
                arrow-up
                3
                ·
                1 year ago

                How would at-rest encryption make it less likely that your computer joins a botnet, or more likely that you’d notice if it did?

            • Solar Bear@slrpnk.net
              link
              fedilink
              English
              arrow-up
              9
              ·
              1 year ago

              There’s no downside to having it. There’s many downsides to not having it. This seems pretty cut and dry to me.

              • argv_minus_one@beehaw.org
                link
                fedilink
                English
                arrow-up
                2
                ·
                edit-2
                1 year ago

                There’s no downside to having it.

                Sure there are. If it gets compromised with malicious code, I have no way of removing it.

                I can protect ring 0. I can keep crap out of ring 0. If all else fails, I can nuke everything in ring 0 and boot a fresh OS installation. But I can’t do a single bleeping thing except throw out the whole machine if malware takes over ring -1.

                • Solar Bear@slrpnk.net
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  1 year ago

                  This is already the case with your motherboard firmware, which fTPM is a part of. You are correct in that you have no real way to handle malware in it except throw it away. This doesn’t change in any way if you get rid of TPM.

        • kingthrillgore@kbin.social
          link
          fedilink
          arrow-up
          10
          ·
          1 year ago

          TPM actually provides some useful components to isolate encryption outside of Ring 0, which is a trust win. But any technology must be weighted against its power to oppress.

          • argv_minus_one@beehaw.org
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            1 year ago

            And its power to make the system less secure. Isolating things outside ring 0 means malware can isolate itself outside ring 0 as well, and then it’s impossible to detect or remove without throwing out the entire machine.

            Which is much, much scarier than anything an ordinary rootkit might do.

        • vrighter@discuss.tchncs.de
          link
          fedilink
          arrow-up
          6
          ·
          1 year ago

          yes, the reason is to securely store cryptographic keys. even your own. It comes preloaded with microsoft ones usually, but you’re free to delete them and install your own

        • knight@lemmy.zip
          link
          fedilink
          arrow-up
          4
          ·
          1 year ago

          It’s the way everything is moving. Hardware protected keys can be very useful but it’s a double edged sword. It’s more secure but also allows companies to lock consumers out.

          We need rules that say when this tech is used the consumer still gets full control over it. Like what Google does with their Pixel phones and the Titan chip. Not what Apple does.

          • ReversalHatchery@beehaw.org
            link
            fedilink
            arrow-up
            7
            ·
            1 year ago

            Like what google does? You mean disallowing people who use a privacy respecting android rom from using their banking apps and such? Soon very possibly banking websites included?

          • argv_minus_one@beehaw.org
            link
            fedilink
            arrow-up
            2
            ·
            edit-2
            1 year ago

            It’s only more secure until someone discovers yet another RCE bug in the firmware, and then you’ve got malware in your machine that’s impossible to detect or remove.

            Because it’s secure.

            Against you.

          • Hexarei@programming.dev
            link
            fedilink
            arrow-up
            3
            ·
            1 year ago

            I’m sure you’ll be ok sending me your social security number, home address, bank login details, credit card number, a copy of all the files on your hard drive…

            I mean, you deserve no privacy right?

    • Ret2libsanity@infosec.pub
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 year ago

      TPM is pretty important in any modern OS.

      Sure you don’t need it. But it’s not 2013. It should be standard along with FDE

    • Rhabuko@feddit.de
      link
      fedilink
      arrow-up
      5
      ·
      edit-2
      1 year ago

      And now Imagine Linux had actually more market share on the Desktop. But for that, Linux needs at least a little more software support to be reliable for other people. And that software is usually not open source. Maybe with Flatpak, it will finally get somewhere in that regard, if there’s enough interest from people.

      • PoisonedPrisonPanda@discuss.tchncs.de
        link
        fedilink
        arrow-up
        22
        ·
        1 year ago

        its not about the software support.

        its because people are lazy to learn. most people dont even know that an OS can be different.

        for them windows is defacto THE PC.

        • Rhabuko@feddit.de
          link
          fedilink
          arrow-up
          13
          ·
          1 year ago

          Sorry but that’s just wrong. Enough people simply don’t even consider Linux because their needed software doesn’t work + there’s no equivalent alternative. And my PC/OS is not a hobby or a Ideology. It’s a tool that I use to work with.

          • CAPSLOCKFTW@lemmy.ml
            link
            fedilink
            arrow-up
            16
            ·
            1 year ago

            Is it really wrong? Do you have numbers? I think the most people claim above is at least plausible. It surely fits my personal experience, but that is of course not worth much.

            I would argue that most people use their PC for web browsing, light photo editing and personal office stuff and maybe gaming (at least outside work) and those people are not affected by “the software I need does not work and there is no alternative”.

            • Dubious_Fart@lemmy.ml
              link
              fedilink
              English
              arrow-up
              4
              ·
              1 year ago

              I am a gamer and I run into “the software doesnt do what I want, and theres no way around it/alternative” very often.

              almost always cause I want to run another file in the same proton instance of a game to install a mod or do something else.

              Or because something just doesnt work, despite following the instructions and others getting it to work.

              Like, Cyberpunk is my most recent example. CET doesnt work, followed the guide, installed the packages the guide said to, still nothing. It doesnt prevent me from running the game, but it certainly stops me from enjoying it the way i want to.

            • Rhabuko@feddit.de
              link
              fedilink
              arrow-up
              4
              ·
              1 year ago

              I would argue that most people use their PC for web browsing, light photo editing

              Maybe just me but I know nobody who still uses a PC for this things anyway. The vast majority of people use their smartphones or tablets for basic stuff like that. People who still use a PCs or Laptops, usually do more work than that.

            • honk@feddit.de
              link
              fedilink
              English
              arrow-up
              3
              ·
              1 year ago

              Your first point is web browsing. Even that doesn‘t work properly on a linux desktop lol. Browser performance is abysmal because the browsers lack out of the box support for hardware acceleration. Even if you get it to work it might not work reliably and an update might break it again.

              Try using a discord call and open a youtube video in 4k at the same time on a a freshly installed linux desktop. The audio will be choppy and the video will drop frames like crazy. Just moving around windows on your desktop is not nearly as smooth as it is on windows.

              • CAPSLOCKFTW@lemmy.ml
                link
                fedilink
                arrow-up
                11
                ·
                1 year ago

                You seem to be very misinformed. Browsers do not lack hardware acceleration. Some distributions do not include the necessary packets in their default configuration. Some. And when you get it to work, like in Arch Linux, where almost nothing is installed by default, it works flawlessly for years, never had an update breaking browser hardware acceleration.

                I can run 12 4k youtube videos at the same time and route the audio to different channels of my different audio devices AND accept several calls from different webapps and the only thing that is not smooth is your way of discussing things LOL

                • honk@feddit.de
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  1 year ago

                  I‘ve had this issue on several distros and multiple friends have the same issue. Video hardware acceleration in a browser is a mess. This is definitely not only affecting me as there is a significant amount of complaints on forums and reddit.

                  And there is no way that the average computer user will use arch. And as long as you gotta fiddle around with your system to get even the most basic shit running smoothly like watching a high resolution youtube video and moving around windows on your other screen at the same time linux will stay irrelevant as a desktop os. It‘s still a system for nerds and I kinda feel like that this is okay.

            • conciselyverbose@kbin.social
              link
              fedilink
              arrow-up
              3
              ·
              1 year ago

              You named multiple things with major compromises.

              Gaming is fine if you use Steam and the compatibility layer or jump through hoops, and don’t play basically anything online.

              The photo editing tools on Linux are dogshit.

              Web browsing is fine, but not if you want to stream any content, because no one will serve you anything even medium quality without DRM.

              Office stuff can kind of be replaced, but mostly by using the browser versions of the shit people actually use, because the tools to collaborate with others (particularly non-techy people) don’t exist for open source alternatives.

              The software available is absolutely a massive limitation.

              • CAPSLOCKFTW@lemmy.ml
                link
                fedilink
                arrow-up
                5
                ·
                1 year ago

                Gaming is fine unless the game has kernel level anti cheat. Minor compromise.

                Photo editing tools are good enough for the needs of normal people. Gimp and Darktable are not dogshit, no compromise.

                DRM under Firefox works. Never had a problem with it plus most people don’t even watch on computers. No compromise.

                Non techy people mostly not do collaborative projects. Plus registering for any cloud with office and collaboration is easy. Minor compromise.

                • conciselyverbose@kbin.social
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  1 year ago

                  Basically the entire multiplayer space is locked out. It’s a massive compromise. And every platform that isn’t Steam requires significant manual configuration and still has issues.

                  No, they’re not good. And they’re not suitable for any normal person because the UX is a dumpster fire.

                  Nobody with normal tv/movie content gives you comparable quality on Linux.

                  Yes, normal people do need to collaborate. And no, none of the office options on Linux are capable of functional collaboration for normal people, except Google/microsoft through browser nonsense.

          • mnemonicmonkeys@sh.itjust.works
            link
            fedilink
            arrow-up
            7
            ·
            edit-2
            1 year ago

            I think it’s more that there’s a perception of things not being compatible with Linux nowadays. A lot of the games that didn’t work 5 years ago now do, and I’m still seeing people complain that games like Halo Infinite don’t work on there when they actually do.

            The only things I can think of that aren’t compatible and required for some tasks are Photoshop and professional CAD/CAE software. For >90% of the population Linux should be able to handle everything they need

            • Rhabuko@feddit.de
              link
              fedilink
              arrow-up
              4
              ·
              edit-2
              1 year ago

              90% of the population don’t use a PC anymore. Smartphones and Tablets have replaced PCs for the most basic tasks.

        • I am become Noodle@lemmy.dbzer0.com
          link
          fedilink
          arrow-up
          8
          ·
          1 year ago

          Most people dont want an OS to be different. They are happy if it boots up and does what they want to do. It’s not lazy, it’s an active disagreement with the premise.

          This is why nobody upgrades to Windows 10 from 7, or to 11 from 10. Security risks and lack of features aside, their OS just works for them.

          These things are only a concern to enthusiasts.

          • evatronic@lemm.ee
            link
            fedilink
            English
            arrow-up
            8
            ·
            1 year ago

            It’s also why, as shitty behavior as it is, MS getting aggressive about upgrading to 10/11 is a net good, from a security standpoint.

            I am intentionally ignoring the “10/11 is just spyware with an OS bundled in” thing in the above statement.

        • rastilin@kbin.social
          link
          fedilink
          arrow-up
          8
          ·
          1 year ago

          Linux still has too many issues, for example…

          • Fedora doesn’t provide binary drivers even if they exist, you need to get a pluggable wifi usb tool that is supported and install the repositories and configure binary drivers to get wifi working on a huge amount of laptops.
          • Ubuntu does provide binary drivers but the configuration tool can just crash by itself a lot of the time and just fail to load the driver.
          • Ubuntu’s desktop sometimes just crashes.
          • Fedora uses some strange memory compression driver to handle its paging file and this can sometimes just crash the OS entirely by itself.

          These are major issues that shouldn’t be issues, they should either have been fixed as a priority for the crashes or have some kind of workaround that doesn’t require owning specific USBs that regular people just won’t have. There’s no reason for the memory compression thing either, it probably doesn’t do that much for performance overall but random hard-locks are a huge negative. Linux is its own worst enemy on the desktop.

          • mackwinston@feddit.uk
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            1 year ago

            Sometimes the issues with WiFi chipsets is not the distro but the manufacturer. Debian for instance now includes non-free firmware on its installation ISO image, but some manufacturers do not allow the distribution (e.g. Broadcom) of firmware, so Debian can’t legally include them. And unfortunately the manufacturers don’t make it easy to “just download the firmware” so you can put it on the USB stick so the installer can see them. (Literally the only issue with putting Debian on my old 2013 Macbook Pro was the Broadcom firmware - but fortunately, having a Debian desktop I could install the firmware downloader there to get the two files the installer needed).

            This is not a fault of the Linux distro, but a fault of the hardware manufacturer. Unfortuantely, like the smell of piss in a subway, we all have to deal with Broadcom.

        • Sethayy@sh.itjust.works
          link
          fedilink
          arrow-up
          4
          ·
          1 year ago

          Realistically windows is really good at repairing itself (or just getting it to a state where its usable again, to most users would be ‘repaired’).

          Until linux has some sort of system like this, its just not worth the headache to 99% of users. The linux errors aren’t even that descriptive when they happen, and could be cause by like anything.

          • Dubious_Fart@lemmy.ml
            link
            fedilink
            English
            arrow-up
            7
            ·
            edit-2
            1 year ago

            100% Agree.

            It will never be the year of the linux desktop, until linux is easy to use and easy to troubleshoot and fix.

            and let me tell you, every minor problem requiring some kind of arcane terminal ritualism in ancient enochian that only veteran sysadmins know, is not, and will never be, easy to use or troubleshoot.

            • DeadGemini@waveform.social
              link
              fedilink
              English
              arrow-up
              4
              ·
              edit-2
              1 year ago
              • [package_name] --help
              • man [package_name]

              There, I just gave you 2 ways to turn that arcane terminal ritualism in ancient enochian that only veteran sysadmins know, into a plain english service manual that any literate human being can use to figure out basically any terminal application ever.

              • Dubious_Fart@lemmy.ml
                link
                fedilink
                English
                arrow-up
                5
                ·
                edit-2
                1 year ago

                Yeah, I’ve done --help. It doesnt make it simple. and it doenst magically let you figure out how to solve the problem, assuming you even know what package is causing the problem.

                I’ve gone through more than enough fixing of more than enough problems as an average, not-sysadmin person. I know how bullshit it is. Just because you are used to it doesnt make it easier for regular people to use.

                Microsoft has done a lot of shit wrong, but the one thing they got right is the usability of the OS, how any idiot can be sat infront of a computer and know what they’re doing with less than a day of faffing about, and can easily fix most common problems in a few clicks.

          • 1984
            link
            fedilink
            arrow-up
            7
            ·
            1 year ago

            But windows is frustrating and slow spyware, so there is that…

          • PoisonedPrisonPanda@discuss.tchncs.de
            link
            fedilink
            arrow-up
            6
            ·
            1 year ago

            have you ever head windows errors?

            they dont even bother to give anything else than an error code which is applicable to 482885 different roots of errors.

            Indeed the repairing functionality works. but yeah. the problem will be solved. linux has moved exceptional towards usability and will continue to do so.

          • bitcrafter@lemmy.sdf.org
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            I can’t speak for other distributions, but Pop!_OS has had a “Refresh Install” option for a while now that does exactly this. This hasn’t happened often, but there have been a couple of times when something borked my system to the point of making it no longer boot, and re-running the installer in “Refresh Install” mode got everything back and running within 30 minutes while preserving all of my non-system files; in particular this meant that I didn’t have to re-download my Steam and other locally installed games, which is significant because they are the largest apps on my system.

      • s_s@lemmy.one
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        1 year ago

        Most people are unable to administrate their own systems, therefore GNU/Linux–an operating system built on empowering developers and administrators–is basically unimaginable.

        Microsoft and Apple have co-opted the admin duties for users, and that’s why people use their operating systems. It spares them from the disaster we all saw and experienced in the Window XP days–but that comes at a price.

        It’s not software support, it’s not anythign to do with Linux. It’s a computer illiteracy problem.

        Android could, in some respects, be considered linux’s biggest success story among regular users and that’s because Google co-opts admin duties.

  • interdimensionalmeme@lemmy.ml
    link
    fedilink
    arrow-up
    94
    ·
    1 year ago

    I always just kill my TPM chip. It’s so obvious tpm will be used in the future for application offline DRM. They will executed encrypted operations under the TPM veil and decompilers will become unusable.

  • shapis@lemmy.ml
    link
    fedilink
    arrow-up
    57
    ·
    1 year ago

    Would love this. I’m still getting the ftpm stutters and there’s no way to disable it in my motherboards bios.

  • FunkyMonkey@feddit.de
    link
    fedilink
    arrow-up
    44
    ·
    1 year ago

    I’ve had a weird system-wide stutter for months and the usual googling and troubleshooting didn’t help… omg. This might be it. Thank you Linus and thank you op.

    • floofloof@lemmy.caOP
      link
      fedilink
      English
      arrow-up
      16
      ·
      edit-2
      1 year ago

      I had it on my Windows 11 PC for a long time. I use this PC for music production and it was infuriating - the sound would just cut out intermittently like the computer couldn’t keep up. I tried lots of things, including an expensive CPU upgrade. In the end Asus released a new BIOS for the motherboard to address this AMD stutter, and that fixed it.

        • floofloof@lemmy.caOP
          link
          fedilink
          English
          arrow-up
          8
          ·
          edit-2
          1 year ago

          Which AGESA version?

          I don’t really know anything about that. Currently HWiNFO64 shows Microcode Update Revision A201025 and SMU Firmware Revision 56.74.0. I don’t know whether those are the numbers you’re asking for, or what they were while it was still having problems.

    • Leaflet@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      The issue is worked around in newer kernel versions. But it’s better to just update your BIOS to fix the issue.

  • RoundSparrow@lemmy.ml
    link
    fedilink
    arrow-up
    27
    ·
    1 year ago

    the module can cause intermittent stuttering, depending on which Ryzen processor you’re using. It appeared when the fTPM was in use, it would access its flash storage via a serial interface, and when doing so, held up activity by the rest of the system.

    • sp00nix@lemmy.ml
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      Could this be why I get stuttering in games after enabling TPM installing windows 11?

  • argv_minus_one@beehaw.org
    link
    fedilink
    English
    arrow-up
    16
    ·
    1 year ago

    “Maybe use it for the boot-time ‘gather entropy from different sources,’ but clearly it should not be used at runtime.”

    Good idea. Ask it during boot/insmod for some hardware-random bits to seed Linux’s usual software-only CSPRNG, then just use that.

    And even that might not be a great idea. I wouldn’t be surprised if the fTPM RNG is subtly not-entirely-random, at some alphabet agency’s behest. I remember there being a controversy over rdrand for this reason…

    • pingveno@lemmy.ml
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      The fix with any possible issues with rdrand is the same here. When entropy is gathered from many sources including hardware instructions, any nefarious plant in the chip is drowned out in a sea of noise.

    • MystikIncarnate@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Well, it’s an fTPM, aka software, and AFAIK, no software can truly have a random RNG.

      So it might be very good pseudo random at best.

      • argv_minus_one@beehaw.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        It could be only mostly firmware, with a hardware RNG.

        If not, and it uses a CSPRNG, then I don’t see much point in using it at all. Linux already has its own CSPRNG.

  • The Doctor@beehaw.org
    link
    fedilink
    English
    arrow-up
    13
    ·
    1 year ago

    Yup. I’ve been wondering if that was the thing that’s made the v6.4 kernels so unstable on Ryzen machines.

  • nomadjoanne@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Oh I disabled that a while ago because their hardware random number generator always returned 0xfffff…

    Honesty, hardware random number generation seems sketchy. Something you’d expect government backdoors to be in.