this post was submitted on 06 Dec 2023
113 points (87.9% liked)
Technology
60052 readers
3344 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It's hard to avoid. People here just have been bitching about tpm because Linux distro maintainers don't want to jump through hoops signing their shit. This problem doesn't exist outside of Linux forums and people with absurdly old hardware.
Wrong. Linux has supported TPM2.0 for ages before even Windows and every distro maintainer would gladly sign their shit. The problem is that a shitload of hardware only accepts Microsoft TPM keys by default which can't legally be used by Linux distributions, forcing the work onto the users. It's pure vendor lock-in.
Also, this is going to be a way less of an issue when UKI's become the standard.
As I recall it, and correct me if I am wrong; but Linux and Distros are given keys to use? So if they want to they can revoke those keys and you could only install a Windows operating system?
The the default keys on the hardware, e.g. the keys hardcoded to the motherboard are 95+% of the time only the Microsoft Windows one's.
Even if the distro maintainers & developers had everything configured by default to be signed which is a pain in the ass without UKI's, it still requires the user to add new keys manually. Rarely do you have hardware with a key for a Linux distribution, and even if you managed to get hardware that has them, the majority of the time it's only keys for stuff like RHEL, Ubuntu Enterprise Edition, etc.
That's generally not possible, but I imagine if the BIOS is Internet capable it could be.
Nope. TPM isn't required to be able to install the system, only to take advantage of secure boot and security features of the hardware.