I’ve had a weird system-wide stutter for months and the usual googling and troubleshooting didn’t help… omg. This might be it. Thank you Linus and thank you op.
I always just kill my TPM chip. It’s so obvious tpm will be used in the future for application offline DRM. They will executed encrypted operations under the TPM veil and decompilers will become unusable.
Just disabled it in BIOS/UEFI. Should I disable security device support too, or doesn’t it matter when fTPM is disabled?
How do you kill your TPM chip?
Level 1, turn off in bios
Level 2, desolder from motherboard
Level 3, remove cpu pins related to tpm
Level 4, decap cpu, laser off tpm bus or blocks
“Maybe use it for the boot-time ‘gather entropy from different sources,’ but clearly it should not be used at runtime.”
Good idea. Ask it during boot/
insmodfor some hardware-random bits to seed Linux’s usual software-only CSPRNG, then just use that.And even that might not be a great idea. I wouldn’t be surprised if the fTPM RNG is subtly not-entirely-random, at some alphabet agency’s behest. I remember there being a controversy over
rdrandfor this reason…