Find the answer to your Linux question:
Results 1 to 4 of 4
While booting the other day, I noticed an error message flash past. I was curious, so I looked in dmesg and found these lines: tpm_tis 00:09: 1.2 TPM (device-id 0xB, ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Engineer hazel's Avatar
    Join Date
    May 2004
    Location
    Harrow, UK
    Posts
    1,244

    Thumbs down I have a TPM chip in my computer. I am not pleased.


    While booting the other day, I noticed an error message flash past. I was curious, so I looked in dmesg and found these lines:

    tpm_tis 00:09: 1.2 TPM (device-id 0xB, rev-id 16)
    tpm_tis 00:09: Adjusting TPM timeout parameters.
    tpm_tis 00:09: TPM is disabled/deactivated (0x7)
    tpm_tis 00:09: A TPM error (7) occurred attempting to read a pcr value
    IMA: No TPM chip found, activating TPM-bypass!

    I never saw anything like this on the Scenic. Obviously the kernel has loaded a new driver in response to some hardware it's found on my HP Compaq. I googled and found that TPM stands for Trusted Platform Module. That made the back of my neck itch; "trusted" always means "Trust us! We have your best interests at heart."

    A TPM is a chip built into your motherboard, which contains an encryption key that you are not allowed to know. The argument is that if you don't know it, you can't store it anywhere on your disk where crackers can get at it. It can be used to encrypt disks (MS bitlocker uses it). It can also provide a unique ID, allowing you to be tracked on the Net. And apparently it can be set to control what software you can run.

    As you can see, the TPM in my computer is inactivated (there may well be a BIOS setting for this). But is it consistent with the philosophy of free software for the kernel to talk to a proprietary spy-in-the-box like this?

    Here is a link to a discussion if you're interested.
    Last edited by hazel; 06-03-2013 at 11:46 AM. Reason: Link added
    "I'm just a little old lady; don't try to dazzle me with jargon!"
    www.hrussman.entadsl.com

  2. #2
    Linux User Steven_G's Avatar
    Join Date
    Jun 2012
    Location
    Western US
    Posts
    415
    Well, I'm not sure about the philosophy of free software part. I'm one of those that just likes stuff to work. But, I'm glad to see you're taking an interest in your BIOS!

    And, if you feel up to it one day and it bothers you enough, it is possible to hack a locked BIOS. They can be unlocked and modified. You *should* be able to go in to a hacked BIOS and remove all instructions for the chip and it will be like it's not even there.

    However, THAT is where you run the chance of turning it in to a brick.

    But, if you do a standard update you may have to go back in and turn it off again if it is really a setting in the BIOS.

  3. #3
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,665
    Unfortunately, most new systems have TPM or "secure" UEFI installed. At least the dmesg logs show that it is disabled and by-passed! I agree though, all this TPM/secure-UEFI cruft irritates the heck out of me as well - makes me feel that I don't own my own cruft!
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Engineer hazel's Avatar
    Join Date
    May 2004
    Location
    Harrow, UK
    Posts
    1,244
    In my Crux kernel, I have deliberately not built the tpm driver so I don't get that stupid error any more.
    "I'm just a little old lady; don't try to dazzle me with jargon!"
    www.hrussman.entadsl.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •