Results 1 to 4 of 4
While booting the other day, I noticed an error message flash past. I was curious, so I looked in dmesg and found these lines: tpm_tis 00:09: 1.2 TPM (device-id 0xB, ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 06-03-2013 #1
I have a TPM chip in my computer. I am not pleased.
tpm_tis 00:09: 1.2 TPM (device-id 0xB, rev-id 16)
tpm_tis 00:09: Adjusting TPM timeout parameters.
tpm_tis 00:09: TPM is disabled/deactivated (0x7)
tpm_tis 00:09: A TPM error (7) occurred attempting to read a pcr value
IMA: No TPM chip found, activating TPM-bypass!
I never saw anything like this on the Scenic. Obviously the kernel has loaded a new driver in response to some hardware it's found on my HP Compaq. I googled and found that TPM stands for Trusted Platform Module. That made the back of my neck itch; "trusted" always means "Trust us! We have your best interests at heart."
A TPM is a chip built into your motherboard, which contains an encryption key that you are not allowed to know. The argument is that if you don't know it, you can't store it anywhere on your disk where crackers can get at it. It can be used to encrypt disks (MS bitlocker uses it). It can also provide a unique ID, allowing you to be tracked on the Net. And apparently it can be set to control what software you can run.
As you can see, the TPM in my computer is inactivated (there may well be a BIOS setting for this). But is it consistent with the philosophy of free software for the kernel to talk to a proprietary spy-in-the-box like this?
Here is a link to a discussion if you're interested.
Last edited by hazel; 06-03-2013 at 11:46 AM. Reason: Link added
- 06-03-2013 #2
Well, I'm not sure about the philosophy of free software part. I'm one of those that just likes stuff to work. But, I'm glad to see you're taking an interest in your BIOS!
And, if you feel up to it one day and it bothers you enough, it is possible to hack a locked BIOS. They can be unlocked and modified. You *should* be able to go in to a hacked BIOS and remove all instructions for the chip and it will be like it's not even there.
However, THAT is where you run the chance of turning it in to a brick.
But, if you do a standard update you may have to go back in and turn it off again if it is really a setting in the BIOS.
- 06-13-2013 #3
- Join Date
- Apr 2009
- I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
Unfortunately, most new systems have TPM or "secure" UEFI installed. At least the dmesg logs show that it is disabled and by-passed! I agree though, all this TPM/secure-UEFI cruft irritates the heck out of me as well - makes me feel that I don't own my own cruft!Sometimes, real fast is almost as good as real time.
Just remember, Semper Gumbi - always be flexible!
- 06-13-2013 #4
In my Crux kernel, I have deliberately not built the tpm driver so I don't get that stupid error any more.