• Skull giver@popplesburger.hilciferous.nl
    link
    fedilink
    arrow-up
    160
    arrow-down
    8
    ·
    1 year ago

    You’re going to need a TPM or some other security key if you want to come close to the security Bitlocker’s and Apple’s T2 chip provide. TPM+password encryption is the norm on any serious attempts at data protection, for good reason.

    It’s already quite hard to get decent encryption on most Linux distros, with GRUB lacking support for modern key derivation techniques for full disk encryption, and several distros still relying on unencrypted boot partitions that anyone can modify the initrd of without any trace.

    Secure boot can protect all of these steps without TPM encryption if you bother to set up your own keys, kick out Microsoft’s keys (killing any chance of a successful dual boot), and set up automatic signing of your bootloader and every intermediate step, but that’s more than any common Linux user is willing to go through. For Secure Boot to work well you’ll probably also want some kind of verification that the system didn’t just modify its environment and chainloaded the Linux bootloader and TPMs are the only way to do that on many systems.

    “TPM bad” is as bad a take as “Linux bad”. The technology isn’t inherently good or bad, and both good and bad actors can use it to their advantage, just like the Linux kernel is used in portable hacking devices and in firewalls alike. You can make a problem out of the signed firmware and backdoors and such, but unless you’re running a Pentium II or a RISC-V chip that probably runs at the same speeds, you’re stuck with some kind of binary blob of microcode and firmware on any computer anyway; TPMs don’t add or remove anything from that.

    • Ghast@lemmy.ml
      link
      fedilink
      arrow-up
      50
      arrow-down
      3
      ·
      1 year ago

      I don’t know why I keep hearing of security measures to stop someone sleuthing into bootloaders.

      Am I the only person using Linux who isn’t James Bond?

      • Skull giver@popplesburger.hilciferous.nl
        link
        fedilink
        arrow-up
        43
        arrow-down
        7
        ·
        1 year ago

        The thing is, Windows does this out of the box. So does macOS. So do iOS and Android. When you set a PIN on Windows 11 or even add an extra password to your already TPM-encrypted hard drive, you don’t even know you’re getting any of this security. You don’t need to! It just works!

        Linux is the only system that doesn’t just make this stuff work out of the box. There are some issues that prevent it from being as easy to use as on other systems (the fact that loading Linux keys into a motherboard take an extra user interaction, for example) but there are solutions to all of these problems if Linux distros were to put some work into it.

        There’s absolutely no reason why you should need to use the terminal to configure the TPM, you should just need to tick a box during install that makes the system use better encryption (or disable it if you use the drive in multiple computers). The reason you need to play James bond with layers of encryption and boot configurations is that standard Linux tooling had awful support for using the security hardware that every computer sold the last decade or so already contains.

      • hansl@lemmy.ml
        link
        fedilink
        arrow-up
        8
        ·
        1 year ago

        I’m an engineer with trade secrets on his laptop. I’ve heard of dozens of people getting laptops stolen from their cars that they left for like ten or fifteen minutes.

        The chances are slims, but if it happens I’m in deep trouble whether those secrets leak of not. I’m not taking the risk. I’m encrypting my disk.

        It’s not like there’s a difference in performance nowadays.

        • duncesplayed@lemmy.one
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          1
          ·
          1 year ago

          TPM’s not going to help with that situation, though, right? Either you’re typing in your encryption password on boot (in which case you don’t need TPM to keep your password), or you’re not, in which case the thief has your TPM module with the password in it.

          • pcouy@lemmy.pierre-couy.fr
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            From what I understand, TPM is “trusted” because of the fact the secrets it contains are supposed to be safe from an attacker with hardware access.

            This is what makes it good at protecting data in case of a stolen laptop. This is also what makes it good at enforcing offline DRM or any kind of system where manufacturers can restrict the kind of software users can run on their hardware.

      • Eager Eagle@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        ·
        1 year ago

        so you never caught a team of government officials in your living room brute forcing your bootloader at 4am as you got up to use the bathroom, huh. Lucky guy.

      • JuxtaposedJaguar@lemmy.ml
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        It’s 30% legitimate concern over a non-negligible risk of government overreach, 70% having fun pretending to be James Bond.

      • The_Mixer_Dude@lemmus.org
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        I’m still on the hunt for a desktop Linux distro that has no security features or passwords. My usage for this may not be common but it can’t be rare enough that there are zero options

    • interdimensionalmeme@lemmy.ml
      link
      fedilink
      arrow-up
      29
      arrow-down
      8
      ·
      1 year ago

      TPM bad, put your secrets on a proper encryption peripheral, like a smartcard running javacardOS

      TPM will turn into cpu-bound DRM, the more you use it, the more this cancer will grow

      • Skull giver@popplesburger.hilciferous.nl
        link
        fedilink
        arrow-up
        25
        arrow-down
        1
        ·
        1 year ago

        Intel literally removed CPU-bound DRM from their recent processors because it wasn’t secure. Besides, the encryption keys for DRM are safely stored deep inside the iGPU anyway. All the TPM does is store a few kilobytes of cryptographic data and record signals sent to it by the OS in a way that the OS can’t alter down the line.

        The TPM is literally built to be used as an encryption peripheral. You can use alternatives like Yubikeys as external TPMs for extra security of course, but that doesn’t mean every desktop, laptop, and smartphone needs one.

        Your smartcard has the exact same potential to become used as a means for DRM. In standard use cases it’s literally meant to govern access to a computer.

        • interdimensionalmeme@lemmy.ml
          link
          fedilink
          arrow-up
          8
          arrow-down
          11
          ·
          1 year ago

          You are only seeing what TPM is now. Not what TPM will become when it become an entire encrypted computing processor capable of executing any code while inspection is impossible.

          Imagine denuvo running at ring level -1

          • We already had SGX, that got killed off because it wasn’t resistent against side channel attacks and because barely anyone cared to use it. We also have TrustZone or some comparable technology on every ARM chip out there.

            When Intel dropped SGX for 11th gen and newer processors, Intel CPUs lost the ability to play Ultra HD Blurays. We have had TEE based DRM since 2016 and nobody cared or noticed.

            Of course AMD hasn’t stopped including its Secure Processor TEE in its chips, through an embedded ARM core that runs TrustZone code, like on an Android phone. AMD market share probably isn’t big enough for anticheat to require AMD-SP (and I bet it’s too expensive to get code running on there anyway) but I’m sure some platforms are using them because AMD still hasn’t removed the feature yet.

            Anticheat runs in our kernels now exactly because there’s a lack of proper hardware authorization. DRM can be a lot less invasive if it can verify the state of the machine without obfuscated kernel drivers. We’re even getting Linux based anticheat kernel modules soon. DRM is at ring 0 and it’s not even a controversial topic among gamers anymore. Running at -1 doesn’t even need a TPM, all that needs is a motherboard manufacturer weird enough to put Denuvo in their firmware.

            A TPM doesn’t execute arbitrary code. That would put the secret key material at risk. Furthermore, all it can access is the SPI bus or whatever low speed bus it’s hooked up to, it can’t access your hardware like Intel ME or AMD’s PSP can.

            Based on your fears, I think you’re mistaking TPMs (harder to steal Yubikey-like hardware) with trusted execution environments (code running in your CPU that you can’t see or alter).

            • interdimensionalmeme@lemmy.ml
              link
              fedilink
              arrow-up
              4
              arrow-down
              3
              ·
              1 year ago

              Yes, it’s right in the name “trusted platform module”. There is no secret that their ambition is to become a space to run code outside the user’s reach and scrutiny.

              They start with the most legitimate and innocuous purpose. Once it is adopted and ubiquitous it will not suffer the fate of the other attempts and rotting on the vine.

              Then surprise TPM 5.0 become full scale full speed trusted execution environment and it’s too late to do anything about it. Eventually , non trusted processing capability will be phased out and only Intel and signed code will run.

    • bouh@lemmy.world
      link
      fedilink
      arrow-up
      2
      arrow-down
      12
      ·
      1 year ago

      Why do you need full disk encryption in your day to day life? Are you a secret agent? I feel like that would give you our though.

      It’s not a matter that I would have nothing to hide, this defense is stupid. It’s a matter that you should use a security adapted to your need, because the cost doesn’t offset the benefit otherwise. And with disk encryption you will far more often be sorry than happy if you’re a normal person.

      • mplewis@lemmy.globe.pub
        link
        fedilink
        arrow-up
        7
        arrow-down
        1
        ·
        1 year ago

        Full disk encryption is something you really want to have when your computer is lost or stolen.

      • mackwinston@feddit.uk
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        edit-2
        1 year ago

        People are imperfect. People have left laptops full of personal and/or commercially sensitive data on trains or planes, had them stolen from cars and houses etc. Full disc encryption is a defence against data breaches especially for computers that are not bolted down. Or it might be as simple as a person not wanting the embarrassment of their porn stash being found.