How To Disable The TPM Under Linux

Alexzee

Alexzee

Well-Known Member
Joined
Jun 1, 2019
Messages
3,747
Reaction score
2,015
Credits
22,396
A short read on dealing with the TPM module and a special thanks to our member @osprey.

writerforlinux.wixsite.com

How To Disable The TPM Under Linux

Freezing and black screens are some of the signs that the TPM (trusted platform module) isn't disabled. That is, (to clarify) on a computer that originally had Windows installed to the HDD at the time of purchase.Those two issues are the ones I'm aware of at the time of writing this article...
writerforlinux.wixsite.com writerforlinux.wixsite.com
 


maybe I am just dumb but what exactly is the purpose of TPM. yes I have dealt with but what is the purpose of it. What is it meant to do that helps us?
 
APTI said:
yes I have dealt with but what is the purpose of it. What is it meant to do that helps us?
Click to expand...

It helps keep you safe from malware on a hardware level, such as rootkits.

TPM itself is a great concept. I've never had an issue with it but I don't deny that other people have. TPM2 is even more impressive. It's good stuff, I think.

Properly configured, it can stop your system from running unsigned code. (Linux distros are happily signed, which is how we use EFI booting.)

It's not infallible. There's a new attack called LogoFail which you probably haven't seen yet. That one's gonna be drastic if it gets legs. Basically, all the boot stuff is signed - except some bits, like the logo. Attackers have figured out how to make an evil logo and do stuff to the pre-boot environment. While it's still in POC stage, it means throwing your hardware away. A few OEMs use a signed logo, so those are safe.
 
KGIII said:
It helps keep you safe from malware on a hardware level, such as rootkits.

TPM itself is a great concept. I've never had an issue with it but I don't deny that other people have. TPM2 is even more impressive. It's good stuff, I think.

Properly configured, it can stop your system from running unsigned code. (Linux distros are happily signed, which is how we use EFI booting.)

It's not infallible. There's a new attack called LogoFail which you probably haven't seen yet. That one's gonna be drastic if it gets legs. Basically, all the boot stuff is signed - except some bits, like the logo. Attackers have figured out how to make an evil logo and do stuff to the pre-boot environment. While it's still in POC stage, it means throwing your hardware away. A few OEMs use a signed logo, so those are safe.
Click to expand...
I have heard of the bios and logo attacks, but not seen them personally. Sad that people feel the need to destroy.

What I guess I should ask is how does TPM work? is it something we really need or is it another way to make life tough for the users and devs? but no real help except for windows?
 
I'd say it's needed in modernity. While I can probably explain it at a layman's level, Wikipedia will do a better job.
 
Last edited:
You must log in or register to reply here.

Members online

Total: 691 (members: 4, guests: 687)

Latest posts

Top