this post was submitted on 28 Dec 2023
118 points (96.8% liked)
Technology
60012 readers
2565 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Has the linux community solved the Pluton problem yet? Meaning... actually been able to verify that you can check the microcode in the 'always network enabled crytopgraphic key verifier' part of the chip that is functionally below ring zero... can it actually be verified that Pluton chips can have that layer of them wiped?
EDIT: Answering my own question here later in the day, answer seems to be: not wiped, but most likely effectively neutralized.
https://www.phoronix.com/news/Pluton-TPM-CRB-Merged-Linux-6.3
Looks like Mr. Matthew Garret figured out how to expose the TPM2 Command Process Buffer, which should mean that anything spooky going in or out of it would ... probably, eventually be noticed by the linux community.
I've had quite the uh... exciting life thisnpast year and missed this news, had to refresh myself on some of the details.
Not 100% sure if the actual microcode governing what goes on inside the Pluton module has been able to be voided, cleared or reverse engineered and rewritten... but basically the spooky DRM of your entire computer type shit only works with Windows + Pluton.
And, also thanks to Mr. Garret, a whole bunch of bullshit UEFI shenanigans from computers that ship with Windows on them that is intended to prevent you from turning such a machine into a bare metal Linux machine... thanks to Mr. Garret there are workarounds and fixes for this on what seems to be most modern hardware.
Still, best option, imo, is to build your machine yourself (the old ways never die), or these days you can purchase a small but growing number of PCs, laptops and other devices that actually just come with either no OS or some linux distro installed, from various linux centric organizations.
A great strategy until it's no longer an option.