Linux Creator Recommends Disabling Mandatory Feature for Windows 11 on AMD Chips

2023-08-04 21:00:55

Linus Torvalds, the creator of Linux, often has strong opinions and does not hesitate to give them online. And this time, it attacks a function of AMD processors which is however mandatory to install Windows 11, Microsoft’s latest system: fTPM.

If you feel like you’ve heard of it before, that’s normal: fTPM is the basis of the flaw in Tesla’s vehicles discussed today. The problems of fTPM require some explanation, and the first will be to clarify what is fTPM. The TPM, for Trusted Platform Moduleis a technology that is intended to secure encryption keys and perform certain security-related tasks, such as providing truly random random numbers.

The function circled in red is the crux of the problem. (Guillaume Piolle)

The classic implementation of the TPM comes in the form of a dedicated chip, which is integrated directly on the motherboard. This solution is not new: it was used by Apple to protect Mac OS X in the case of the 2005 development kit and the first Intel Macs had a chip of this type, unused. With Windows 11, Microsoft imposed the presence of the technology and CPU manufacturers therefore offered a solution to avoid adding an additional chip: an embedded version in the processor. At AMD, this path is called fTPM and the f means here firmware.

In absolute terms, it is interesting: everything works without any particular additional cost. But — and this is the reason of the wrath of Linus —, AMD’s implementation might be improved. The random number generator, widely used by the Linux kernel, can indeed cause major slowdowns in some cases. One of the reasons is that the fTPM virtual module partly depends on a flash memory placed on the motherboard, access to which is very slow. And as long as the generator has not completed its task, the system is blocked. This problem has often been seen on Windows and has sometimes forced some users to install a dedicated module to avoid slowdowns.

Let’s just disable the stupid fTPM hwrnd thing.

In theory, an update to the UEFI motherboard might fix the problem, but — as theexplain Phoronix — new bugs related to fTPM appear from time to time. The solution proposed by Linus, which does not put the forms, is therefore to completely deactivate the fTPM in the interface of the BIOS of the PC. The message begins with ” Let’s just disable the stupid fTPM hwrnd thing. “, either ” Let’s just disable the stupid fTPM hwrnd “. The sequence indicates that it is maybe best for randomness, but should not be used; that the point of going through this system when modern CPUs have dedicated instructions is low and that if you don’t consider the CPU to be reliable, don’t think that the fTPM is, without even taking into account its problems . Finally, he ends by explaining that he considers it possible to say that this trick does not work and that there are alternatives that are not worse anyway.

Linus’ message.

Finally, and this is a point noted in Linus Torvalds’ message, switching to the processor’s random number generator does not necessarily solve all the problems: the one integrated into AMD Ryzen CPUs has long been a concern, with random numbers that weren’t completely random or even no response that was blocking the startup, as shown in this article fromArs Technica in 2019. Finally, let’s remember, disabling the fTPM without installing a dedicated chip can prevent Windows 11 from starting. But it’s probably a concern that Linus hasn’t even touched.

1691197467
#Linux #Creator #Recommends #Disabling #Mandatory #Feature #Windows #AMD #Chips

Leave a Replay