Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Got Mole problems? Call Avogadro at 6.02 x 10^23.

computers / alt.os.linux.mint / TPM in Mint

SubjectAuthor
* TPM in MintNP2
+* Re: TPM in MintMike Easter
|`- Re: TPM in MintMike Easter
+* Re: TPM in MintTheSidhe
|`- Re: TPM in MintNP2
`* Re: TPM in MintNP2
 `- Re: TPM in MintAndrei Z.

1
TPM in Mint

<sba1rp$1m2$1@solani.org>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=1557&group=alt.os.linux.mint#1557

  copy link   Newsgroups: alt.os.linux.mint
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!feeder5.news.weretis.net!news.solani.org!.POSTED!not-for-mail
From: NP2...@somewhere.invalid (NP2)
Newsgroups: alt.os.linux.mint
Subject: TPM in Mint
Date: Sun, 27 Jun 2021 16:27:05 +0200
Message-ID: <sba1rp$1m2$1@solani.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 27 Jun 2021 14:27:05 -0000 (UTC)
Injection-Info: solani.org;
logging-data="1730"; mail-complaints-to="abuse@news.solani.org"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
Firefox/60.0 SeaMonkey/2.53.6
X-User-ID: eJwNxscBwDAIBLCVTDnKOGDM/iMkegliZNfVYIrFdl0aZYegGFI1Tf89LDLiKe1I8BBS2jvPBxQaEHY=
Cancel-Lock: sha1:rx1CiVcjudQBZlitDwSNCERtIHc=
X-Mozilla-News-Host: news://news.solani.org:119
 by: NP2 - Sun, 27 Jun 2021 14:27 UTC

Currently there's a lot of talk about Windows 11 and the requirement for
TPM 2.0.

I have no intention of installing Windows 11, but I was wondering about
my own TPM status, since I always got a message saying "error
communicating with TPM chip" when I booted up Mint. I have always
ignored this error because it didn't seem to have any impact whatsoever.

So out of curiosity I enabled TPM on my machine (it was called TXT in my
BIOS - Trusted Execution Technology), and indeed the error went away.

Then after reading a bit more about TPM and "trusted computing"
(especially a lot of criticism), I decided I do not really want it, so I
disabled it again in my BIOS. Strangely enough, the error when booting
Mint didn't come back, so Mint apparently did find a way to communicate
with it now, even though it's disabled again.

Is it a good idea to enable TPM in Mint? Does Mint ever use it? Or is it
best to leave it disabled?

Re: TPM in Mint

<ijri49Fdu82U1@mid.individual.net>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=1558&group=alt.os.linux.mint#1558

  copy link   Newsgroups: alt.os.linux.mint
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!lilly.ping.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: Mik...@ster.invalid (Mike Easter)
Newsgroups: alt.os.linux.mint
Subject: Re: TPM in Mint
Date: Sun, 27 Jun 2021 08:00:23 -0700
Lines: 14
Message-ID: <ijri49Fdu82U1@mid.individual.net>
References: <sba1rp$1m2$1@solani.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: individual.net b1BUOHSpoyeMXtVlANJ3jgPvnmN2QQmydCnTUNYgh4feehNAeI
Cancel-Lock: sha1:IWcdDOtxScRGExjH/Ta9+yk1hQo=
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Thunderbird/68.10.0
In-Reply-To: <sba1rp$1m2$1@solani.org>
Content-Language: en-US
 by: Mike Easter - Sun, 27 Jun 2021 15:00 UTC

NP2 wrote:
> I enabled TPM on my machine (it was called TXT in my BIOS - Trusted
> Execution Technology), and indeed the error went away.

The article in the wp is very extensive incl TPM2 and TXT and linux.

https://en.wikipedia.org/wiki/Trusted_Platform_Module

It also lists a mailing list which is also accessible by nntp, see the
section named Linux-Integrity Archive on lore.kernel.org at
https://lore.kernel.org/linux-integrity/

--
Mike Easter

Re: TPM in Mint

<xt0CI.89161$zx1.64316@fx20.iad>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=1559&group=alt.os.linux.mint#1559

  copy link   Newsgroups: alt.os.linux.mint
Path: i2pn2.org!i2pn.org!paganini.bofh.team!news.dns-netz.com!news.freedyn.net!newsreader4.netcologne.de!news.netcologne.de!peer03.ams1!peer.ams1.xlned.com!news.xlned.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx20.iad.POSTED!not-for-mail
Reply-To: nic@none.net
Subject: Re: TPM in Mint
Newsgroups: alt.os.linux.mint
References: <sba1rp$1m2$1@solani.org>
From: nic...@none.net (TheSidhe)
Organization: Keeping Good Company
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <sba1rp$1m2$1@solani.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Lines: 48
Message-ID: <xt0CI.89161$zx1.64316@fx20.iad>
X-Complaints-To: abuse(at)newshosting.com
NNTP-Posting-Date: Sun, 27 Jun 2021 15:06:05 UTC
Date: Sun, 27 Jun 2021 11:06:05 -0400
X-Received-Bytes: 3108
 by: TheSidhe - Sun, 27 Jun 2021 15:06 UTC

On 6/27/21 10:27 AM, NP2 wrote:
> Currently there's a lot of talk about Windows 11 and the requirement
> for TPM 2.0.
>
> I have no intention of installing Windows 11, but I was wondering
> about my own TPM status, since I always got a message saying "error
> communicating with TPM chip" when I booted up Mint. I have always
> ignored this error because it didn't seem to have any impact whatsoever.
>
> So out of curiosity I enabled TPM on my machine (it was called TXT in
> my BIOS - Trusted Execution Technology), and indeed the error went away.
>
> Then after reading a bit more about TPM and "trusted computing"
> (especially a lot of criticism), I decided I do not really want it, so
> I disabled it again in my BIOS. Strangely enough, the error when
> booting Mint didn't come back, so Mint apparently did find a way to
> communicate with it now, even though it's disabled again.
>
> Is it a good idea to enable TPM in Mint? Does Mint ever use it? Or is
> it best to leave it disabled?

It appears to be something that Intel cooked up-

https://www.intel.com/content/www/us/en/support/articles/000025873/technologies.html

*What is Intel® Trusted Execution Technology (Intel® TXT)?*

Intel® Trusted Execution Technology
<https://www.intel.com/content/www/us/en/data-security/security-overview-general-technology.html>
is a set of hardware extensions to Intel® processors and chipsets that
enhance the digital office platform with security capabilities such as
measured launch and protected execution. Intel Trusted Execution
Technology provides hardware-based mechanisms that help protect against
software-based attacks and protects the confidentiality and integrity of
data stored or created on the client PC.

Intel Trusted Execution Technology provides these mechanisms by enabling
an environment where applications can run within their own
space—protected from all other software on the system. These
capabilities provide the protection mechanisms, rooted in hardware, that
are necessary to provide trust in the application's execution
environment. In turn, these mechanisms can protect vital data and
processes from being compromised by malicious software running on the
platform.

If using an AMD processor does it have relevance?

Re: TPM in Mint

<ijripbFe1u5U1@mid.individual.net>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=1560&group=alt.os.linux.mint#1560

  copy link   Newsgroups: alt.os.linux.mint
Path: i2pn2.org!i2pn.org!paganini.bofh.team!news.dns-netz.com!news.freedyn.net!newsreader4.netcologne.de!news.netcologne.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: Mik...@ster.invalid (Mike Easter)
Newsgroups: alt.os.linux.mint
Subject: Re: TPM in Mint
Date: Sun, 27 Jun 2021 08:11:38 -0700
Lines: 11
Message-ID: <ijripbFe1u5U1@mid.individual.net>
References: <sba1rp$1m2$1@solani.org> <ijri49Fdu82U1@mid.individual.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: individual.net 8kq8dd9FoZ695U3WWrHkMwQrbCS9fk4r14hc48qN0Sdeqwh+Qr
Cancel-Lock: sha1:heHrCdSL4WOJnMmfo9ggUk2rm6U=
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Thunderbird/68.10.0
In-Reply-To: <ijri49Fdu82U1@mid.individual.net>
Content-Language: en-US
 by: Mike Easter - Sun, 27 Jun 2021 15:11 UTC

Mike Easter wrote:
> The article in the wp is very extensive incl TPM2 and TXT and linux.

I think I like the Arch wiki better
https://wiki.archlinux.org/title/Trusted_Platform_Module

It refers to an old 2016 article that is also useful
https://lwn.net/Articles/674751/

--
Mike Easter

Re: TPM in Mint

<sbac3g$6pl$1@solani.org>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=1561&group=alt.os.linux.mint#1561

  copy link   Newsgroups: alt.os.linux.mint
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!feeder5.news.weretis.net!news.solani.org!.POSTED!not-for-mail
From: NP2...@somewhere.invalid (NP2)
Newsgroups: alt.os.linux.mint
Subject: Re: TPM in Mint
Date: Sun, 27 Jun 2021 19:21:51 +0200
Message-ID: <sbac3g$6pl$1@solani.org>
References: <sba1rp$1m2$1@solani.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 27 Jun 2021 17:21:52 -0000 (UTC)
Injection-Info: solani.org;
logging-data="6965"; mail-complaints-to="abuse@news.solani.org"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
Firefox/60.0 SeaMonkey/2.53.6
In-Reply-To: <sba1rp$1m2$1@solani.org>
X-User-ID: eJwFwQcBwEAIBDBLzwY5V4Z/CU1MnLxD3Vzt7AqEruFvK89HwEAyPwrBbM5LfZ40ha2Omx8poBGV
Cancel-Lock: sha1:nFlT6D8Sg3/yFCaEd1hpcV3xmDY=
 by: NP2 - Sun, 27 Jun 2021 17:21 UTC

NP2 wrote:

> Is it a good idea to enable TPM in Mint? Does Mint ever use it? Or is it
> best to leave it disabled?

It appears I was mistaken. It's actually GRUB that communicates with the
TPM chip, not Mint.

https://www.gnu.org/software/grub/manual/grub/html_node/Measured-Boot.html

Re: TPM in Mint

<sbacsk$1t8d$1@gioia.aioe.org>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=1562&group=alt.os.linux.mint#1562

  copy link   Newsgroups: alt.os.linux.mint
Path: i2pn2.org!i2pn.org!aioe.org!TwJB94PmHtFGoZ16HY1FNw.user.gioia.aioe.org.POSTED!not-for-mail
From: no-em...@invalid.invalid (Andrei Z.)
Newsgroups: alt.os.linux.mint
Subject: Re: TPM in Mint
Date: Sun, 27 Jun 2021 20:35:17 +0300
Organization: Aioe.org NNTP Server
Lines: 14
Message-ID: <sbacsk$1t8d$1@gioia.aioe.org>
References: <sba1rp$1m2$1@solani.org> <sbac3g$6pl$1@solani.org>
NNTP-Posting-Host: TwJB94PmHtFGoZ16HY1FNw.user.gioia.aioe.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Complaints-To: abuse@aioe.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.11.0
X-Notice: Filtered by postfilter v. 0.9.2
Content-Language: en-GB
 by: Andrei Z. - Sun, 27 Jun 2021 17:35 UTC

NP2 wrote:
> NP2 wrote:
>
>> Is it a good idea to enable TPM in Mint? Does Mint ever use it? Or is
>> it best to leave it disabled?
>
> It appears I was mistaken. It's actually GRUB that communicates with the
> TPM chip, not Mint.
>
> https://www.gnu.org/software/grub/manual/grub/html_node/Measured-Boot.html
>
How can I turn TPM off or disable it in Ubuntu? - Ask Ubuntu

https://askubuntu.com/questions/1250517/how-can-i-turn-tpm-off-or-disable-it-in-ubuntu?

Re: TPM in Mint

<sbad3d$7bn$1@solani.org>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=1563&group=alt.os.linux.mint#1563

  copy link   Newsgroups: alt.os.linux.mint
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!feeder5.news.weretis.net!news.solani.org!.POSTED!not-for-mail
From: NP2...@somewhere.invalid (NP2)
Newsgroups: alt.os.linux.mint
Subject: Re: TPM in Mint
Date: Sun, 27 Jun 2021 19:38:53 +0200
Message-ID: <sbad3d$7bn$1@solani.org>
References: <sba1rp$1m2$1@solani.org> <xt0CI.89161$zx1.64316@fx20.iad>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 27 Jun 2021 17:38:53 -0000 (UTC)
Injection-Info: solani.org;
logging-data="7543"; mail-complaints-to="abuse@news.solani.org"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
Firefox/60.0 SeaMonkey/2.53.6
In-Reply-To: <xt0CI.89161$zx1.64316@fx20.iad>
X-User-ID: eJwFwYEBgDAIA7CXwNFWzgEc/59ggkPnKAgGFnvM7IusqLx3G+gH+cKqOlomUYINJ/xSvj8TZxCf
Cancel-Lock: sha1:v4ArVD80O1h3MID6vBnYKyRToaA=
 by: NP2 - Sun, 27 Jun 2021 17:38 UTC

TheSidhe wrote:

> Intel Trusted Execution Technology provides these mechanisms by enabling
> an environment where applications can run within their own
> space—protected from all other software on the system. These
> capabilities provide the protection mechanisms, rooted in hardware, that
> are necessary to provide trust in the application's execution
> environment. In turn, these mechanisms can protect vital data and
> processes from being compromised by malicious software running on the
> platform.

They always want to "help protect against" all kinds of malicious stuff,
but what it all boils down to is that this whole Trusted Computing is
basically a rootkit. Read the criticisms, it's scary stuff.

Just like Intels Management Engine, which runs even when the computer is
shut down. People have been trying for years to disable it, but to no
avail.

There are some very interesting videos on YT about this IME, in case
you're interested.

>
> If using an AMD processor does it have relevance?

Yes, AMD boards have a TPM chip too. Not only that, they also have their
own Management Engine, but they call it the AMD Platform Security Processor.

https://en.wikipedia.org/wiki/AMD_Platform_Security_Processor

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor