this post was submitted on 11 Apr 2024
296 points (97.7% liked)

Linux Gaming

14926 readers
1 users here now

Discussions and news about gaming on the GNU/Linux family of operating systems (including the Steam Deck). Potentially a $HOME away from home for disgruntled /r/linux_gaming denizens of the redditarian demesne.

This page can be subscribed to via RSS.

Original /r/linux_gaming pengwing by uoou.

Resources

WWW:

Discord:

IRC:

Matrix:

Telegram:

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 7 months ago (1 children)

TPM is a joke in my mind

I thought this at first as well, but they have an interesting property.

They have a manufacturer signed private key. If you get the public key from the manufacturer of the TPM, you can actually verify that the TPM as it was designed by the manufacturer performed the work.

That's a really interesting property because for the first time there's a way to verify what hardware is doing over the network via cryptography.

[–] [email protected] 2 points 7 months ago (1 children)

Or, if I can extract that key from the hardware, I can pretend to be that hardware whenever I want, right?

[–] [email protected] 1 points 7 months ago (1 children)

Hmmm... I was going to say no because it's asymmetric crypto, but you're right if you are somehow able to extract the signed private key, you can still lie... Good point

[–] [email protected] 2 points 7 months ago

Got some bad news. They already can do that. It's a very low effort attack too. Current TPM spits its key out in clear text. Funny right?