Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask Slashdot: Best/Newest Hardware Without "Trusted Computing"?

timothy posted about a year ago | from the in-light-of-recent-events dept.

Privacy 290

An anonymous reader writes "What is the best/newest hardware without trusted computing (TC) / Trusted Platform Module(TPM)? I am currently running ancient 32-bit hardware and thinking about an upgrade to something x64 with USB3, SATA3 and >1 core on the CPU ... but don't want TC/TPM. I have no need to run anything like Blu Ray movie disks or Microsoft Windows that requires TC/TPM or the UEFI boot process. Is anybody else still trying to avoid TC/TPM? What have your experiences been? Any pointers?" Worth reading on this front, too: Richard Stallman on so-called Trusted Computing,.

cancel ×

290 comments

Sorry! There are no comments related to the filter you selected.

What? (4, Informative)

Anonymous Coward | about a year ago | (#44536429)

Don't buy a TPM module? Just because a motherboard supports it doesn't mean you have to turn it on... or am I missing something?

get a mac. (1, Interesting)

noh8rz10 (2716597) | about a year ago | (#44536451)

get a mac: http://www.osxbook.com/book/bonus/chapter10/tpm/ [osxbook.com]

At the time of this writing (October 2006), the newest Apple computer models, such as the MacPro and possibly the revised MacBook Pro and the revised iMac, do not contain an onboard Infineon TPM. Apple could bring the TPM back, perhaps, if there were enough interest (after all, it is increasingly common to find TPMs in current notebook computers), but that's another story.

Re:get a mac. (3, Insightful)

Anonymous Coward | about a year ago | (#44536533)

Yawn. Obsolescence built in, with each OSX "upgrade" Apple drop support for a whole generation of hardware. Quad core xeons are now in limbo. Yes, that standard Intel and PCI system is already at a dead end. When the next cat OS is released with a slightly changed icon set, the next top end systems will be excluded.

And as for imacs, zero upgradability other than RAM and high failure rates, also suffer from OSX obsolescence.

So, no, don't go down the Apple route unless you intend to replace the whole system to stay current, even if it doesn't need it.

Re:get a mac. (2, Informative)

dugancent (2616577) | about a year ago | (#44536639)

Yawn. Obsolescence built in, with each OSX "upgrade" Apple drop support for a whole generation of hardware. Quad core xeons are now in limbo. Yes, that standard Intel and PCI system is already at a dead end. When the next cat OS is released with a slightly changed icon set, the next top end systems will be excluded.

And as for imacs, zero upgradability other than RAM and high failure rates, also suffer from OSX obsolescence.

So, no, don't go down the Apple route unless you intend to replace the whole system to stay current, even if it doesn't need it.

My 2008 MacBook is still receiving upgrades, and will get Mavericks. Upgraded the ram to 8gb and I'm doing just fine.

Re:get a mac. (1, Insightful)

the_B0fh (208483) | about a year ago | (#44536829)

Are you seriously trying to talk sense to AC? Do I have to revoke your cred...? Don't make me give you this talk again! :)

Re:get a mac. (4, Insightful)

Alsee (515537) | about a year ago | (#44537045)

Are you clueless? He's not "talking sense". The whole point here is that it's becoming increasingly difficult to not-buy a TPM. A lot of motherboards now have this shit welded in place, and its presence is often not listed when you're shopping to buy a computer.

An "Ask Slashdot" on how to avoid purchasing Trusted Computing is entirely appropriate. Hell, there should be a goddamn front page story in the New York Times telling people that many computers are being shipped with TPMs, and informing the general public where to shop if they don't want to fork over money for an anti-owner TMP chip pre-welded into whatever computer they buy.

-

Re: get a mac. (0)

slydder (549704) | about a year ago | (#44537131)

So, it's come to this has it.

Re:get a mac. (0)

Anonymous Coward | about a year ago | (#44536657)

Even if OS X support is dropped, Macs are largely standard PCs and can continue to run Gentoo or Windows XP or whatever slashdot likes to run.

Re: get a mac. (0)

Anonymous Coward | about a year ago | (#44536677)

My 2007 model Intel core2 duo 2.66GHz MacBook Pro is still performing for me with recent upgrades of 6GB RAM and SSD. Running Mountain Lion. I don't play games or produce rich media, but the thing plays all web content and runs a Win7 VM fine.

Re: get a mac. (2)

rthille (8526) | about a year ago | (#44536775)

My Core-2 Duo Macbook is EOL at Snow Leopard, but I'm fine with that. In fact I'm still running Leopard on it, since I want to do a clean reinstall instead of an upgrade but haven't made time to do it. Besides, once I upgrade to snow leopard I won't be able to run the "AirPort Admin Utility for Graphite and Snow.app" to admin my original Airport base station.

I don't understand the whining about 'planned obsolescence'. My gear continues to run just like when I bought it. Besides, I consider many of the "enhancements" of recent OSX upgrades to be steps backward...

Re: get a mac. (1)

guruevi (827432) | about a year ago | (#44536819)

It's Core, not Core2 that's obsoleted and it should still run Lion...

Re: get a mac. (2)

viperidaenz (2515578) | about a year ago | (#44536951)

mean while, you can run Windows 8 on any Pentium 4.

Re: get a mac. (2)

gnasher719 (869701) | about a year ago | (#44537175)

mean while, you can run Windows 8 on any Pentium 4.

Meanwhile, if I write software targetted at MacOS X 10.7 or later, I can safely rely on the user having a 64 bit processor. No 32 bit versions needed anymore.

Re:get a mac. (-1)

Anonymous Coward | about a year ago | (#44537201)

That's not exclusive to Apple. I've got a c.2006 Core 2 "mobile workstation" that became obsoleted ~2009 when the videocard drivers became "legacy" and newer OSs that came out later didn't support them (the legacy drivers) anymore. Sure it'll still run XP Pro (or Server 2003) and up to Ubuntu 8 fine, but it's useless to me on any of the newer OSs.

Anything that has a non-upgradable video card (or really any non-upgradable subsystem) is basically on a shortlist for obsolescence.

Re:get a mac. (1, Redundant)

DavidinAla (639952) | about a year ago | (#44537303)

You absolutely don't have a clue what you're talking about.

Re:What? (4, Interesting)

Anonymous Coward | about a year ago | (#44536507)

Even if you do turn it on, it only goes about doing what you ask it to do. You can use it to pull some random numbers from, for instance, and completely ignore the cryptographic functions. And neither UEFI or secure boot has nothing to do with TPM. That's completely separate and, on every x86/x86_64 machine I know of, able to be easily run in custom mode with your own keys (and noone else's keys), or disabled entirely.

So if you're being paranoid about this because of fears about spying or remotely taking over your computer... Well, you're being paranoid. If you're scared of that because of TPM, you should be much more scared of that because of not having the complete specifications to rebuild the computer from a hunk of silicon..

Re:What? (0)

Anonymous Coward | about a year ago | (#44536557)

You are right, build a machine yourself and don't enable it, problem solved.

I'm not entirely sure, but I guess once you enable it then you can't disable it again?

Re:What? (1)

Anonymous Coward | about a year ago | (#44536695)

You are right, build a machine yourself and don't enable it, problem solved.

I'm not entirely sure, but I guess once you enable it then you can't disable it again?

Yes, you can disable it again, if you aren't using it for anything (like disk encryption). I don't understand the premise for the posters question, TPM chip only does what you activate it to do. Doesn't matter if it is on the motherboard or not, no need to avoid a dead IC, and you will likely not save any cost.

Re:What? (2, Funny)

Anonymous Coward | about a year ago | (#44536561)

Let me go scare him some more. Hey check this out: http://en.wikipedia.org/wiki/Intel_Active_Management_Technology#Using_Intel_AMT

*gets popcorn* ;)

Re:What? (2)

thejynxed (831517) | about a year ago | (#44537109)

Funny thing, I actually have that enabled on a few of my machines that I use for file storage, etc. Makes it easier to monitor/control them (with a few other tools) than what Microsoft offers on the consumer level.

Re:What? (2, Informative)

Mashiki (184564) | about a year ago | (#44536615)

No you're not missing anything. Even UEFI can be turned off on nearly every motherboard out there, my mobo from my new build early this year has UEFI and I could turn it off if I want. Right there in the menu selections. Though most good consumer boards also support TPM as an option. As you said, just don't buy the module. Even the mid-range MSI board I recently picked up supports it.

Re:What? (5, Informative)

SCPRedMage (838040) | about a year ago | (#44536777)

Turn off... UEFI...

The fuck? UEFI is a replacement for BIOS; "disabling" it would entail disabling your system's ability to boot at all. Likely what you mean is Secure Boot, which is an optional feature for newer UEFI systems that caused a bunch of stink with Windows 8.

Re:What? (-1)

Anonymous Coward | about a year ago | (#44536847)

RedMage the dumbass...

Re:What? (1)

Randle_Revar (229304) | about a year ago | (#44536901)

They still have BIOS. If you turn off UEFI, you use the BIOS.

Re:What? (4, Informative)

Microlith (54737) | about a year ago | (#44536945)

No, you don't turn UEFI off. What you do is activate the CSM, which emulates older BIOS calls and maps them to UEFI functionality.

Re:What? (0)

Anonymous Coward | about a year ago | (#44536975)

No, it doesn't have BIOS. It just turns on BIOS compatibility.

Re:What? (4, Insightful)

Alsee (515537) | about a year ago | (#44537001)

No, it's you missing something.

just don't buy the module.

THAT IS EXACTLY WHAT HE'S TRYING TO DO.

A lot of computers are now being shipped with TPM's SOLDERED onto the motherboard, and they are making progressing on packaging the TPM inside the CPU chip.
He doesn't want to buy that crap, I don't want to buy that crap, and the problem is that a lot of people are buying that crap without knowing it. The Trusted Computing Group has stated that part of their strategy for forcing everyone to buy into their Trusted Computing crap is to ensure that TPMs are already built in to all new computers being sold.

-

Re:What? (2, Informative)

girlintraining (1395911) | about a year ago | (#44537027)

Even UEFI can be turned off on nearly every motherboard out there, my mobo from my new build early this year has UEFI and I could turn it off if I want. Right there in the menu selections. Though most good consumer boards also support TPM as an option.

This is only half-true. I have disabled UEFI boot on my ASRock Z68 Extreme3 Gen3, but when attaching a USB mass storage device, there is still a substantial delay if it is a mechanical drive while it searches for bootable partitions. This behavior shouldn't happen if UEFI is truly disabled -- and this behavior is unique to UEFI motherboards. If boot from USB is disabled on pre-UEFI motherboards, this does not happen.

As well, I cannot prevent UEFI firmware from being loaded from devices; I can only set a preference to use "legacy" firmware. However, if such "legacy" firmware isn't found, it will still load via UEFI. It will also boot from UEFI if there are not any non-UEFI boot options available; I tested this by plugging in a flash drive which was UEFI boot-compliant and physically disconnected all other devices. It booted, even though it was disabled in the BIOS.

As well, the TPM module in most motherboards cannot be disabled. You have the option of not using it; However, its functionality can be accessed at any time. This includes, amongst other things, key storage and access to a unique identifier. This functionality can be "disabled" by the OS, which under Windows means it will not use the TPM, but user-space applications can still execute TPM operations, including (for example) ActiveX controls embedded into web pages and video games.

The only way to disable the TPM is to physically remove it from the motherboard, however in current models this is typically integrated directly into the BIOS chip, thus it may not be possible to disable it without destroying the motherboard.

Re:What? (-1)

Anonymous Coward | about a year ago | (#44537237)

Uh...no.

Dude just stop talking already. You don't understand anything about technology. I recall you previously in another article trying to "educate" people on why they should only use AES and never use RSA, completely blind to the fact that these are different types of encryption used for different purposes and oblivious to the fact that they should definitely not be used interchangeably. Also to correct another recent post of yours, GPS in itself doesn't drain battery; GPS receivers don't transmit anything in order to determine your location, and properly designed ones use very little power even with a bad signal.

You're the kind of person who should hear and not be heard. Thank you.

Re:What? (0)

Anonymous Coward | about a year ago | (#44536893)

None of my new MB's have any of that (Xeons 2011 and 1155). What have you been looking at?

Re:What? (3, Informative)

tlambert (566799) | about a year ago | (#44537257)

Don't buy a TPM module? Just because a motherboard supports it doesn't mean you have to turn it on... or am I missing something?

It's pretty much impossible to get a new system with any reasonable compute ability without at least some form of back doored TPM-like facility these days. For example, the new Intel Ivy Bridge Chipsets have vPro, which gives similar capabilities. Likewis, the new AMD systems currently being planned have the ability to run TZones in the on-board ARM processor to implement a software TPM, as long as they aren't exposed out directly.

http://www.hardwaresecrets.com/news/Intel-Launches-Ivy-Bridge-CPUs-with-vPro-Technology/6464 [hardwaresecrets.com]
http://newsroom.intel.com/community/intel_newsroom/blog/2012/05/15/intel-strengthens-security-boosts-performance-for-business-with-3rd-generation-intel-core-vpro-platforms [intel.com]

Re:What? (0)

Anonymous Coward | about a year ago | (#44537269)

Call be brain dead, but every single machine I've bought or used with a TPM has shipped it disabled, or in some cases, the TPM is on a small daughterboard card that needs to be shoved in a slot for it to work.

Sounds like much ado about nothing to me.

I've found TPM chips useful, but that's just me.

Perhaps instead of trying to fight this battle, might consider looking fighting a battle where anything that leaves your machine is free game for searches and seizures at anytime?

Non sequitur (4, Insightful)

Anonymous Coward | about a year ago | (#44536437)

I have no need to run anything like Blu Ray movie disks or Microsoft Windows that requires TC/TPM or the UEFI boot process.

Non sequitur much? What do Blu-Ray movies have to do with a TPM or UEFI secure boot? Also, Windows 8 can be run just fine without UEFI secure boot and doesn't need a TPM. UEFI secure boot is only needed to sell a certified product. Trying to drum up some FUD or what?

Re:Non sequitur (4, Insightful)

sunderland56 (621843) | about a year ago | (#44536799)

You might be overreacting; english has extremely loose parsing rules. Try reading it like this:

I have no need to run anything like ( ( Blu Ray movie disks ) OR ( Microsoft Windows that requires TC/TPM or the UEFI boot process) ).

Re:Non sequitur (0)

Anonymous Coward | about a year ago | (#44536999)

That was how I parsed it and the latter part still is incorrect.

why? (2, Insightful)

Anonymous Coward | about a year ago | (#44536439)

None of the consumer grade machines that you would buy or build for installing your own system enforce TPM or UEFI or any of that, so far it is all optional. So no need to currently avoid it, just don't use it.

Not sure off the top of my head (-1)

Anonymous Coward | about a year ago | (#44536447)

But I'd go to Wal-Mart and check out their cheapest Toshiba. I get a new one for my wife every other year and they, for the most part, seem to be as featureless as possible.

Re:Not sure off the top of my head (4, Funny)

oodaloop (1229816) | about a year ago | (#44536465)

My god man, how many Wal-Marts could you possibly need?

Get over it... (1, Informative)

Anonymous Coward | about a year ago | (#44536455)

You don't HAVE to enable TPM. It's a bios option in most of the mobos i've seen so far. Most don't even have anything in that plug. They just include a tpm header to plug that in someday. Even UEFI is just a plain ol bios unless unless you run something that requires the stupid security shit.

If you're REALLY dead set on not even having it at all... You're going to be stuck 2 generations ago forever.

Mobo mfgs included it because its easier to make one product line that has it all. It's not going to take over your system unless you install software that requires that.

Re:Get over it... (0)

Dredd13 (14750) | about a year ago | (#44536585)

If you're REALLY dead set on not even having it at all... You're going to be stuck 2 generations ago forever.

Or you can just buy Apple products, which don't have the TPM in them, last I knew.

Re:Get over it... (1)

Albanach (527650) | about a year ago | (#44536661)

If you're REALLY dead set on not even having it at all... You're going to be stuck 2 generations ago forever.

Any evidence for this statement? There's a bunch of posts above that say it can typically be turned off at the BIOS, if the motherboard even as the unit installed, and that windows 8 will run without it. So if you can run a current OS, why would the OP be stuck 2 generations ago?

Re:Get over it... (2)

Gavrielkay (1819320) | about a year ago | (#44536823)

He did say, "If you're REALLY dead set on not even having it at all..." which would imply not simply turning it off, but it not being there. I think the statement is probably pretty accurate. If you don't mind turning it off, almost anything would work, if you want it not present... well, that's much harder.

Re:Get over it... (0)

Anonymous Coward | about a year ago | (#44536707)

ALL Intel Macs come with a TPM chip installed and Apple uses it for OS DRM.

Re:Get over it... (3, Informative)

Dredd13 (14750) | about a year ago | (#44536981)

No they don't. They started shipping with them in the mid 2000's, but never built a driver for one, and stopped including it in their hardware in 2009.

Thanks for playin', though.

Re:Get over it... (0)

Anonymous Coward | about a year ago | (#44536727)

Ever since I saw the Apple hockey puck mouse, I permanently removed Apple from my mind!

Re:Get over it... (1)

mysidia (191772) | about a year ago | (#44536947)

Or you can just buy Apple products, which don't have the TPM in them, last I knew.

Like other hardware that just has the header and no TPM chip; they can probably be modded for TPM easily.

If not... they may be obsolete in the future, when you eventually want to use a software program that requires a TPM-enabled system.

If you don't have SW requiring a TPM enabled system, then you can always turn off the capability in the CMOS, and ignore the fact your board has that feature -- the OS won't be able to use it.

But how can they track your activities? (0)

Anonymous Coward | about a year ago | (#44536459)

If you were to go "off the grid" how are governments and corporations supposed to keep track of your activities? You obviously have something to hide. They will still find you and track you down even if you use archaic hardware. [insert evil laugh here]

Answer: Almost everything (0)

will_die (586523) | about a year ago | (#44536471)

What kind of trolling is this?
You can easily find computers without those options, or at the very least can be disabled.

ThinkPenguin.com's against trusted computing... (5, Informative)

Anonymous Coward | about a year ago | (#44536473)

I'd get in touch with ThinkPenguin. The company avoids trusted computing, non-free dependencies, and other digital restrictions that are bad for users. HP, Lenovo/IBM, Dell, Toshiba, Sony, and Apple are enemies of user freedom and should be avoided. They ship systems with digital restrictions and/or propitiatory pieces that prevent users from replacing things like the wifi in what is otherwise a standard slot. As a result if you get a system with a unsupported wifi card you can't replace it- or in other examples eventually move to a distribution that is 100% free like Trisquel or Parabola GNU/Linux.

ThinkPenguin's been working with the free software foundation on various issues like USB wireless cards and other projects. They helped bring a new chipset to the free software community (ar9271 and the older ar9170). They also don't ship parts/computers dependent on non-free drivers/firmware. The only real exception is the BIOS. That might change if the company gets enough support. Right now it is a non-trivial and significant task to fix. Particularly when every user wants a different configuration and demands the absolute latest in specs (like Haswell for example).

Re:ThinkPenguin.com's against trusted computing... (2)

skipkent (1510) | about a year ago | (#44536483)

What, I've Frankensteined plenty of Lenovo machines in my time.

Re:ThinkPenguin.com's against trusted computing... (0)

Anonymous Coward | about a year ago | (#44537241)

Just because you can do it on some systems doesn't justify the companies actions. I shouldn't have to be a technical wiz to get GNU/Linux working when it would otherwise have worked.

Re:ThinkPenguin.com's against trusted computing... (4, Funny)

Barny (103770) | about a year ago | (#44536515)

I would like to welcome the marketing department of ThinkPenguin (C)(TM) to slashdot.

Re:ThinkPenguin.com's against trusted computing... (1)

CAOgdin (984672) | about a year ago | (#44536739)

What an ignorant troll. What "WiFI" module that you can't change? What make and model? I just changed/upgraded several WiFi Modules in Dell laptops in the past few days to gain speed and reliability.

And, when you finally need to buy parts for that "ThinkPenguin" or other small-time maker, where will you go? At least with a major manufacturer, I know I can still buy a replacement powerswitch or cover hinge when I need one, years after the products is no longer being sold.

This sounds like the AC posting is an employee of the company they extol...even to the extent of theorizing BIOS might become "open" at some future date. What a CROCK!

On the issue of TPM: It's there if I ever need it...but because I don't install the software for it, it appears to be abandoned and affects nothing people do on these computers.

Re:ThinkPenguin.com's against trusted computing... (3, Informative)

the_B0fh (208483) | about a year ago | (#44536863)

you didn't hear about IBM/Lenovo requiring you to use *THEIR* wifi cards in the laptops? A non-IBM braneded but exactly the same model, wouldn't work because the BIOS checks for it. Pretty widely reported here on slashdot.

Re:ThinkPenguin.com's against trusted computing... (1)

Anonymous Coward | about a year ago | (#44537271)

First off- your wrong. Nobody claimed that this was applicable to all systems manufactured by these companies. The claim is that they implement digital restrictions in at least some systems. And in most cases it isn't just a handful. It's a large majority.

Lenovo has been doing it the longest and if you actually had a clue you'd have found out everybody who has one just about has got to patch it for the wifi card to be replaced:

http://www.thinkwiki.org/wiki/Problem_with_unauthorized_MiniPCI_network_card

HP is really horrible and seems to be doing it on a shit ton of laptops.

Dell has been doing the shortest amount of time.

Re:ThinkPenguin.com's against trusted computing... (1)

Dputiger (561114) | about a year ago | (#44536765)

pieces that prevent users from replacing things like the wifi in what is otherwise a standard slot. As a result if you get a system with a unsupported wifi card you can't replace it.

[Citation fucking needed]

Please, show me the special proprietary WiFi slot in Dell's latest $299 standardized-to-an-inch-of-existence system that only sends and receives electrical signals from Magical Dell WiFi.

Re:ThinkPenguin.com's against trusted computing... (2, Interesting)

Anonymous Coward | about a year ago | (#44536927)

The issue for Lenovo (I don't know about Dell) is that the BIOS has a whitelist of approved cards for those internal slots and if you plug-in a card not on the list the computer won't boot. However, Lenovo doesn't sell laptops with unsupported cards so you'll only see the issue when you try to manually upgrade it (and how many users do that?). For the power users who do open the case to upgrade, there's modified BIOSes that remove the whitelist. And before you start saying how bad Lenovo is for blocking other cards, they are legally not allowed to support non-certified cards due to FCC regulations. Blame the FCC not Lenovo.

For some of the older Thinkpads, the internal PCI-e slots are not standard. They're USB based and not PCI-e based, so while looking standard, all cards won't work for them. I just ran into this issue wanting to add a mSATA SSD to a T60p.

Re:ThinkPenguin.com's against trusted computing... (0)

Anonymous Coward | about a year ago | (#44537031)

Well, let's see - they require a special PSU handshake or can refuse to charge - even the genuine ones fail on occasion.
So why should a firmware lockout for non-Dell WiFi cards be impossible?

I agree with anonymous coward (3, Insightful)

TsuruchiBrian (2731979) | about a year ago | (#44536477)

I don't see a problem with it, unless it can't be disabled. If you want all the freedoms, one of those freedoms is to enable or disable a TPM when you want. Maybe the only reason you want a TPM is so you can have one to test ways to circumvent it.

Not this shit again (3, Informative)

Anonymous Coward | about a year ago | (#44536479)

The story about the TPM was a load of horseshit FUD. TPMs are good if you want secure crypto key storage. If you don't, use a tinfoil hat.

"Secure boot" is the thing you want to avoid if you're suitably paranoid.

Re:Not this shit again (0)

Anonymous Coward | about a year ago | (#44537075)

Thankfully, this is modded "funny".

Although I don't find it funny at all, that there are actually morons out there advocating *pro* TPM.
Who, besides the *dumbest* of the organized crime, would ever do such a thing? A Fox News worker? A mentally ill person?

You know, I always thought the absolute worst conspiracy theory that requires the absolute worst of gullible people, is the one where people still believe in the system, no matter what. I swear there are people out there right now, that are literally physically raped in the ass while their money is stolen and somebody laughs in their face... and they still go "What? Me being raped in the ass? Thatâ(TM)s absolute horseshit FUD! Only a conspiracy theorist with a tinfoil hat would ever believe that!"
Somehow they never realize, that it's *them* who act like a conspiracy theorist, believing what they want to believe despite conflicting evidence literally fucking them up the ass.
Itâ(TM)s a saaad sight. But if people start to fall for it, it quickly becomes a *dangerous* sight. And that's the problem.

Buy it, turn it off (4, Insightful)

Anonymous Coward | about a year ago | (#44536485)

Just buy it with TPM and turn it off. It's just like 3D televisions--it's a permanent addition to the feature list, regardless of how many people actually want or use it. Yeah it sucks that you pay for stuff you don't use. I'm sure you'll survive the experience.

And if you're paranoid that turning it off won't REALLY turn it off, how do you know a motherboard without a TPM module doesn't REALLY have a super-secret disguised TPM module? If you're that paranoid, you'll have to build the motherboard yourself.

Consumer grade junk usually doesn't have TPM (0)

Anonymous Coward | about a year ago | (#44536489)

Buy consumer grade hardware, i.e. no workstations or business grade laptops. There's usually no TPM because home users don't have a need for it or the infrastructure to use it.

NSA backdoors are everywhere. (0)

Anonymous Coward | about a year ago | (#44536493)

Every modern, totalitarian regime needs easy way to spy on own peasants. Don't expect hard drive without embedded serial number, motherboards with burned MAC or CPU with ID.

Don't fight just follow the path they outlined for you.

Why? (4, Insightful)

chill (34294) | about a year ago | (#44536503)

TPM is just a secure hardware keystore. It allows you to store secret keys in it. Don't want it? Don't activate it.

It is most commonly used in corporate machines, but can be used in Linux to support LUKS for full-disk encryption.

As usual, people fear what they don't understand. The trick to TPM is *WHO HAS THE KEYS*. If *I* have the keys, it is a great feature. TPM itself isn't inherently bad any more than any safe is inherently bad.

Stallman's piece focuses exclusively on TPM being implemented as a mandated piece where either the gov't or the media industry has the keys. Focusing on one theoretical use case and determining the entire system is evil is just plain wrong.

Re:Why? (2, Interesting)

Anonymous Coward | about a year ago | (#44536565)

Stallman's piece focuses exclusively on TPM being implemented as a mandated piece where either the gov't or the media industry has the keys. Focusing on one theoretical use case and determining the entire system is evil is just plain wrong.

Yeah, and theorizing that the Big Brother really IS watching over you just because it's theoretically possible is a just plain wr-oh, wait, that actually did happen because the people in power can be expected to abuse any technology available to them if we just turn a blind eye to it and ignore the possibliity! That's a great strategy, nothing to see here folks, bury your head in the sand, etc. like usual.

Re:Why? (0)

Anonymous Coward | about a year ago | (#44536681)

Because TPM has been around 10 years, and there are zero DRM applications which use it. In reality, the person sticking their head in the sand is you.

Re:Why? (0)

Anonymous Coward | about a year ago | (#44537069)

Quit shouting at others when your own head is in the sand. The reason nothing is using it is BECAUSE people have been informed about it and have avoided it like the plague.

Re:Why? (0)

Anonymous Coward | about a year ago | (#44537323)

I'm going to have to agree with that one.

Re:Why? (4, Insightful)

Anonymous Coward | about a year ago | (#44536627)

Stallman's piece focuses exclusively on TPM being implemented as a mandated piece where either the gov't or the media industry has the keys. Focusing on one theoretical use case and determining the entire system is evil is just plain wrong.

Both scenarios are more or less "theoretical", but the most likely to end up widely implemented is exactly the one RMS focuses on. That is why he focuses on it. It's also the reason why the entire thing came into being. The other stuff is a nicety for the geeks, nothing more. That nicety doesn't make the purpose behind it less wrong or evil.

Re:Why? (1)

Anonymous Coward | about a year ago | (#44536641)

The trick to TPM is *WHO HAS THE KEYS*. If *I* have the keys, it is a great feature.

And if you give your keys to a chip manufactured by a third party, a chip which internal workings you know nothing about? Who really has the keys then? Just you and the NSA?

Re:Why? (1)

Randle_Revar (229304) | about a year ago | (#44536923)

The NSA could just get Intel and AMD to include backdoors in their chips/chipsets, if you want to go down that route.

Re:Why? (4, Insightful)

blahplusplus (757119) | about a year ago | (#44536645)

"Stallman's piece focuses exclusively on TPM being implemented as a mandated piece where either the gov't or the media industry has the keys. "

Not quite, the same way F2P games and always online DRM made it so far. Most people are tech illiterate, all that's needed to get TPM out there is a dumb public and some widget they will always buy mindlessly like phones. I expect phones and/or some aspect of videogames to be where TPM is first implemented. The upper classes in america are obsessed with manipulating the public mind for their own corporate profits. I suspect there are people working right this moment to find a way to push more hardware DRM and legal bullshit. I imagine we'll first see this from the game industry and then it will seep into other industries.

The idea that Stallman is 'alarmist' given how dystopian, authoritarian and anti-freedom american copyright and patent law has become and its negative effect on people owning the digital products they buy is already cause for alarm. The fact that digital goods are effectively infininite and people are talking moronically about selling 'used digital games' (bizarre aspect of american capitalist thinking in the non scarce digital world).

See this article, game developers and publisher are seriously totally in bizarro world trying to get rid of the used game market.

http://www.gamasutra.com/blogs/DanRogers/20130806/197733/THE_FUTURE_OF_RESELLING_DIGITAL_VIDEO_GAMES.php [gamasutra.com]

Re:Why? (0)

Anonymous Coward | about a year ago | (#44537017)

You had me until

The upper classes in america are obsessed with manipulating the public mind for their own corporate profits.

Don't you have some OWS picketing to do?

Re:Why? (1, Insightful)

blahplusplus (757119) | about a year ago | (#44537065)

"Don't you have some OWS picketing to do?"

Are you a butthurt right wing american, who politicizes and incorrectly interprets any factual information as an attack on your ideology? Look intelligent adults are capable of discussing important issues and not getting offended at the drop of a hat because they are paying attention to and research the corruption in the world at large, both in governments and corporations. I know reality tends to offend those who yearn for a simple worldview and believe the world is mostly a just place, but it's not.

It's not about left/right, it's about morals that transcend ideology. The abuses of power and implementation of authoritarian and profiteering ideology into domains it doesn't belong (i.e. getting rid of the ability to OWN, modify and repair what you by using legal con-artist techniques and trickery is fucking evil).

If you don't believe that then you shouldn't even bother posting because you are lacking both the intelligence and maturity to understand that it's not about capitalism vs communism, or left vs. right, it's about you know being a decent moral human being who isn't a total asshole.

Re:Why? (5, Informative)

Alsee (515537) | about a year ago | (#44537243)

As usual, people fear what they don't understand.

I've studied the entire TPM technical specification. I understand it in minute detail.

The trick to TPM is *WHO HAS THE KEYS*. If *I* have the keys, it is a great feature.

EXACTLY!

And the entire point here is that you DON'T have the keys. The TPM technical specification is quite explicit that the owner of the computer is FORBIDDEN to ever get his keys. Specifically this means the PrivEK (Private Endorsement Key) and the SRK (StorageRootKey). The owner is forbidden to have his StorageRootKey, because the StorageRootKey is explicitly designed to encrypt data on the harddrive such that the owner of the computer cannot read or alter it. The owner is forbidden to have his Private Endorsement Key because this key is used to secure the Remote Attestation process against the owner. Remote Attestation is where the chip securely (secure against the owner) securely tracks your hardware and the software you run, and sends that spy-report out to other computers over the internet. If the owner had his Private Endorsement key, these Attestation spy-reports wouldn't be secure against the owner.

TPM is just a secure hardware keystore.

It's more than that, but an important part of it is that it's a "secure hardware keystore". Specifically, it is designed to be SECURE AGAINST THE OWNER. The Trusted Platform Module Technical Specification explicitly refers to the owner of the chip as an attack-threat which the chip MUST be secure against.

Stallman's piece focuses exclusively on TPM being implemented as a mandated piece where either the gov't or the media industry has the keys.

The "Master Keys" are held by the Trusted Computing Group. The crucial individual keys are locked inside the Trusted Computing chips, secured against the owners.

Focusing on one theoretical use case and determining the entire system is evil is just plain wrong.

Lets make it really simple. The moment they give owners some option to read their keys out of the chip, or give owners the option to buy chips that come with a printed copy of they keys, then I will jump up front and center proclaiming that Trusted Computing is wonderful and harmless... I'll lead the charge smacking down anyone claiming it's evil.

However the Trusted Computing Group has explicitly refused all demands for any sort of "Owner Override" and explicitly forbid owners to ever get a hold of their own keys. That is because the entire point of Trusted Computing is to secure computers AGAINST their owners. The entire point of Trusted Computing is that "Owners can't be trusted", so they want to be able to "Trust" computers to be secure against the owners.

The moment they allow owners to get their keys then I agree that the owner is in control.

Note that the standard argument against allowing owners to get their keys is that a virus or malware or something might get a hold of the key if it's accessible from the chip, or if it's on the harddrive anywhere. Which is a patently bullshit argument for refusing to let me buy a chip with a PRINTED COPY of my master keys. Malicious software can't read paper. End of argument. Then I can toss the printed keys in my safety deposit box at my local bank, and you can't make any believable argument that it's somehow "for my security" that you're refusing to let me get my own goddamn keys.

A simple rule for everyone:
Just say "I want my keys", NO KEYS, NO SALE

-

euphemism (0)

Anonymous Coward | about a year ago | (#44536505)

"trusted" = restricted = encumbered = crippled = oppressive

This is so 2000's ... (0)

Anonymous Coward | about a year ago | (#44536523)

I am currently running ancient 32-bit hardware and ...

Just buy a new computer and get over it, why is this even an issue in 2013.
Stop blindly following whomever told you TPM is worth spending any time/money to avoid on ideological grounds.

http://resources.infosecinstitute.com/linux-tpm-encryption-initializing-and-using-the-tpm/
You can use the damn thing for anything you want.

The same goes for UEFI people, grow a mental pair and understand the technology instead of having it interpreted by techno-priests for you.

Re:This is so 2000's ... (1)

Anonymous Coward | about a year ago | (#44536607)

The same goes for UEFI people, grow a mental pair and understand the technology instead of having it interpreted by techno-priests for you.

UEFI is the real TPM here, we all know that UEFI is optional, for now. But on ARM hardware? its forced on us.

Don't let your guard down, they will try unifying it so we can no longer disable it, you know it will happen at some point, to believe otherwise is naive and short sighted.

Re:This is so 2000's ... (1)

Anonymous Coward | about a year ago | (#44536751)

The same goes for UEFI people, grow a mental pair and understand the technology instead of having it interpreted by techno-priests for you.

UEFI is the real TPM here, we all know that UEFI is optional, for now. But on ARM hardware? its forced on us.

Don't let your guard down, they will try unifying it so we can no longer disable it, you know it will happen at some point, to believe otherwise is naive and short sighted.

I guess you mean Secure Boot? UEFI is just a BIOS replacement. Implemented well Secure Boot is a good thing, as added protection against malware. The issue is about who controls the keys and signing.

Re:This is so 2000's ... (0)

Anonymous Coward | about a year ago | (#44536913)

But on ARM hardware? its forced on us.

Yes, because the Surface RT was so hugely successful that it drove all the 'open' Android tablets right off the market.

You guys are such hyperbolic whiners. No wonder nobody listens to you or cares what you think.

Re:This is so 2000's ... (0)

Anonymous Coward | about a year ago | (#44537121)

Yes, sir, Mr. Government-type, sir! I've got my party-approved notebook handy here, any other tips for a lowly citizen like myself?

and I want a pony. (1, Insightful)

westlake (615356) | about a year ago | (#44536527)

I am currently running ancient 32-bit hardware and thinking about an upgrade to something x64 with USB3, SATA3 and >1 core on the CPU ... but don't want TC/TPM.

You want to buy a high performance x86 motherboard which for some unfathomable reasons lacks features that have become more or less standard in both the consumer PC and the enterprise markets like UEFI and are not going away any time soon. Good luck with that,

My Asus Z78-Pro seems to work fine.... (1)

CajunArson (465943) | about a year ago | (#44536537)

I've got two different systems running Arch using these boards. One of them is booting in traditional BIOS mode, and when I turned off the secureboot and followed Arch's UEFI installation procedure, I got the second one booting with UEFI just fine.

TPM often left off (but can work FOR you). (3)

Dputiger (561114) | about a year ago | (#44536539)

TCM/TPM is often a business only feature. Consumer motherboards *frequently* don't support it. But full disk encryption programs can, and some do.

In other words, yes, you can totally opt out of buying a motherboard with TPM, including a top-of-the-line Haswell motherboard or an AMD chip, if that's your fancy. But if you buy one, you can also use it as a layer of security for a product like TrueCrypt (I do not know if TrueCrypt specifically supports it, that's just an example). And if you don't want it, you can turn it off.

Re:TPM often left off (but can work FOR you). (3, Interesting)

Alsee (515537) | about a year ago | (#44537321)

TCM/TPM is often a business only feature.

That was the initial market, but the Trusted Computing Group is quite clear that they intend, as soon as they can manage it, for it to be included in all computers. And they are well on their way to achieving that. They are already included in almost all laptops, and they are increasingly showing up in desktops.

In other words, yes, you can totally opt out of buying a motherboard with TPM

The entire point of the Ask Slashdot is that it's becoming increasingly difficult to do so. More and more computers are being shipped with the TPM soldered in place, and without the product description mentioning that fact anywhere.

-

Stallman (2, Insightful)

Anonymous Coward | about a year ago | (#44536553)

Stallman is never "worth reading".

Re:Stallman (1)

Anonymous Coward | about a year ago | (#44536801)

I think you are wrong, most of the time he is worth reading. You have to take what he says with a few grains of salt though. He has a very narrow view, but he is right about what he says in perspective to that narrow view of the world. Stallman usually brings up good points about things, but his conclusions about those points are almost never the same as the conclusions that I draw due to him always viewing things as either black or white.

It is the same with TPM. He is right that TPM is a bad thing if only Microsoft/goverment/other big corporations can issue keys for it. If I could build a linux dist and issue my own keys, then TPM would be a good thing. Problem is that I will probably never have that option, unless somebody can create a "hack" which enables users to load own keys to the TPM modules. So corporations like Microsoft/Intel decided to take the bad approach to trusted computing instead of doing something that could actually be useful... Go figure...

Reading what Stallman says is the same as reading anything else on the internet. You read it and then you have to make up your own opinion about what you have read.

You're taking all the fun out of computing (0)

Anonymous Coward | about a year ago | (#44536583)

GNU/FSF followers remind me of Catholics, no offense intended to either.

While I truly respect your freedom to believe whatever you want,
understand that I can't help from laughing if you walk around with dirt on your face. [wikipedia.org]
Seriously, at least a bindi can look nice.

Buy a computer with TPM already, it's not a sin.

Mac? (2)

Dredd13 (14750) | about a year ago | (#44536601)

Buy an Apple computer? They haven't had TPMs of any sort for a long time, near as I can tell from the literature.

Re:Mac? (0)

Anonymous Coward | about a year ago | (#44536699)

Yeah and give up the ability to upgrade the machine. Try changing parts on even an iMac is difficult/impossible.

Re:Mac? (1)

Dredd13 (14750) | about a year ago | (#44536875)

I've been an Apple user for over a decade, and haven't found a need to open one up other than to increase memory or replace a hard drive.

Other people's mileage will, of course, vary, but the vast majority of folks don't need to tinker inside their machines (and in fact their lives would be so much simpler if they stopped).

I avoid it... (1)

clonehappy (655530) | about a year ago | (#44536687)

By disabling it in the BIOS, or if that's not an option, don't install the driver. And since when do Blu Ray discs and Windows need the TPM to be enabled to run?

If Windows isn't necessary... (2)

zorba64 (1020085) | about a year ago | (#44536907)

...why not try these guys? https://www.system76.com/ [system76.com] Desktops and laptops available.

TPM - Its never there (4, Informative)

DarkXale (1771414) | about a year ago | (#44536993)

TPM is normally not included in consumer motherboards. You have to purchase a separate TPModule that plugs into the motherboard's TPM header, and thats assuming the motherboard even has that header in the first place (read the specsheet). The Asus Z77 Deluxe in this machine for example - has no TPM header, and thus has no TPM. Newer versions of that motherboard firmware does include SecureBoot support - but older versions do not. However that must be manually activated, as it defaults to disabled (and consequently must be re-activated every time you reflash/update the firmware). In addition, custom keys are supported.

TPM requires (for Intel) support from the CPU - and some consumer level CPUs (notably the K series) lack that support. The extremely common 3570K for example - cannot use TPM. So in the above case, support is missing on the motherboard level, and on the CPU level. The newer Haswell variants (for both) still has the same inability.

Freedom (1)

adary (1255614) | about a year ago | (#44537089)

is not freedom if you have no clue what to do with it (or what is it in the first place) I used to be obsessed with free software, open source, freedom of this, freedom of that, and then I grew up, got myself a Personal Computer that does exactly what I need it to do, boots up in under few seconds when it needs to boot up, wakes up from sleep mode in fraction of a second, and I don't have to reinstall it every two weeks because I tinker with freedom stuff. And do I know what it has inside? No, and I don't care as long as it does what I need it to do (like write this post on /. or read your comments, or what ever I want to do with a Personal Computer at home).

TPM research at Blackhat (3, Informative)

aelliott83 (3015777) | about a year ago | (#44537161)

There was some interesting research presented at Blackhat that pointed out the problems of using the TPM as a root of trust in your platform: https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-Slides.pdf [blackhat.com] The essence of the research is that the TPM is not adequate as a root of trust in the platform because the code that drives the TPM/does the system measurements resides on a mutable EEPROM (the bios flash chip). Therefore any attacker that can gain access to the bios flash chip via an exploit (the researchers presented one) or via an unlocked flash chip (see Yuriy Bulygin's related work) can forge the TPM measurements that serve as the root of trust in your system. This is important because software like Bitlocker uses these TPM measurement values to determine whether or not to decrypt your harddrive...

Sahi7! (-1)

Anonymous Coward | about a year ago | (#44537285)

I'd worry more about 8-row business-style keyboard (2)

npetrov (1170273) | about a year ago | (#44537315)

I am more worried about no new laptops with the standard 8-row keyboard which has Ins/Del/Home/End/PgUp/PgDn block.

All manufacturers that had those for business use - i.e. Dell, HP, Lenovo switched to the new consumer type layouts which are much slower for development work.

When this keyboard layout is ressurected, I am buying a new laptop. Until then, I stick to the fastest possible laptop with such keyboard. Which, at present is Dell E6410/E6510.

As far as UEFI and TPM - all of these can be disabled.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?