How To Disable The TPM Under Linux

Alexzee

Well-Known Member
Joined
Jun 1, 2019
Messages
3,725
Reaction score
1,999
Credits
22,221
A short read on dealing with the TPM module and a special thanks to our member @osprey.

 


maybe I am just dumb but what exactly is the purpose of TPM. yes I have dealt with but what is the purpose of it. What is it meant to do that helps us?
 
yes I have dealt with but what is the purpose of it. What is it meant to do that helps us?

It helps keep you safe from malware on a hardware level, such as rootkits.

TPM itself is a great concept. I've never had an issue with it but I don't deny that other people have. TPM2 is even more impressive. It's good stuff, I think.

Properly configured, it can stop your system from running unsigned code. (Linux distros are happily signed, which is how we use EFI booting.)

It's not infallible. There's a new attack called LogoFail which you probably haven't seen yet. That one's gonna be drastic if it gets legs. Basically, all the boot stuff is signed - except some bits, like the logo. Attackers have figured out how to make an evil logo and do stuff to the pre-boot environment. While it's still in POC stage, it means throwing your hardware away. A few OEMs use a signed logo, so those are safe.
 
It helps keep you safe from malware on a hardware level, such as rootkits.

TPM itself is a great concept. I've never had an issue with it but I don't deny that other people have. TPM2 is even more impressive. It's good stuff, I think.

Properly configured, it can stop your system from running unsigned code. (Linux distros are happily signed, which is how we use EFI booting.)

It's not infallible. There's a new attack called LogoFail which you probably haven't seen yet. That one's gonna be drastic if it gets legs. Basically, all the boot stuff is signed - except some bits, like the logo. Attackers have figured out how to make an evil logo and do stuff to the pre-boot environment. While it's still in POC stage, it means throwing your hardware away. A few OEMs use a signed logo, so those are safe.
I have heard of the bios and logo attacks, but not seen them personally. Sad that people feel the need to destroy.

What I guess I should ask is how does TPM work? is it something we really need or is it another way to make life tough for the users and devs? but no real help except for windows?
 
I'd say it's needed in modernity. While I can probably explain it at a layman's level, Wikipedia will do a better job.
 
Last edited:

Members online


Top