Table of Contents
Linux creator Linus Torvalds is fed up with AMD’s fTPM and wants to Turn Off AMD fTPM RNG. The firmware-based trusted platform module that causes performance issues on some Ryzen systems. He has proposed to disable its random number generator function, which he thinks is unnecessary and problematic.
A TPM is a chip that stores and performs cryptographic operations, such as encryption, decryption, signing, and verification. It is used to protect sensitive data and ensure the identity and integrity of devices and software.
However, TPMs can be hardware-based or firmware-based. Hardware-based TPMs are separate chips or modules on the motherboard, while firmware-based TPMs are software-based solutions that use the CPU’s features and functions.
AMD uses firmware-based TPMs, or fTPMs, instead of hardware-based TPMs. This makes them more flexible, compatible, and cost-effective. However, it also makes them more prone to software bugs and performance issues.
One of the issues with AMD’s fTPM is that it causes intermittent stuttering on some Ryzen systems. This happens because fTPM accesses flash memory via serial interface to generate random numbers for cryptographic operations.
This process can hold up system activity and cause temporary pauses in system interactivity or responsiveness.
This issue affects both Windows and Linux users. AMD released a BIOS patch and workaround for Windows users last year, but it seems that the issue still persists on Linux systems. Some Linux users have reported stuttering problems with fTPM, especially when using applications that require a lot of random numbers, such as video conferencing and gaming.
Turn Off AMD fTPM RNG
This has annoyed Linus Torvalds, who oversees the development of the Linux kernel. He has suggested to disable fTPM’s random number generator function altogether, and use the CPU’s rdrand instruction instead.
Rdrand is a CPU instruction that generates random numbers using hardware entropy sources. It is faster, more accessible, and more unpredictable than fTPM’s random number generator.
“Let’s just disable the stupid fTPM hwrnd thing,” Torvalds said on the Linux kernel mailing list. “Maybe use it for the boot-time ‘gather entropy from different sources,’ but clearly it should not be used at runtime.”
Torvalds argued that fTPM’s random number generator is not reliable, fast, or secure. He said that it can be influenced by external factors, such as power management, temperature, and clock frequency. He also said that it is not independent from other CPUs in a multi-core system, since they share the same clock source.
Torvalds’ suggestion has sparked a debate among other Linux developers and experts. Some agree with him that fTPM’s random number generator is problematic and unnecessary. Others disagree with him that rdrand is a better alternative.
They point out that rdrand is not truly random either, since it can be affected by external factors as well. They also point out that rdrand can be manipulated by malicious actors who can tamper with the hardware entropy sources.
Torvalds’ fTPM project is still a work in progress, and it faces many challenges and criticisms. However, it also represents an innovative and promising attempt to provide a software-based alternative to hardware-based TPMs.
Torvalds’ fTPM aims to offer the same level of security and integrity as hardware-based TPMs, but with more flexibility, compatibility, and performance. Whether it succeeds or not remains to be seen.
What is Torvalds’ Suggestion to Disable fTPM’s Random Number Generator
- Quote Torvalds’ statement on the Linux kernel mailing list
- Explain his rationale for disabling fTPM’s random number generator: it is not reliable, fast, or secure
- Explain his alternative solution: using CPU’s rdrand instruction instead
- Explain the advantages of rdrand over fTPM: faster, more accessible, more unpredictable
- Explain the limitations of rdrand: not truly random, influenced by external factors, not independent from other CPUs
Conclusion
- Summarize the main points of the article
- Provide some context on Torvalds’ role and personality as the Linux creator and overseer
- Provide some perspective on the challenges and criticisms faced by Torvalds’ fTPM project
- Provide some outlook on the future of fTPM and TPM in general
FAQs
What is a TPM?
A TPM is a trusted platform module, a chip that stores and performs cryptographic operations, such as encryption, decryption, signing, and verification. It is used to protect sensitive data and ensure the identity and integrity of devices and software.
What is a fTPM?
A fTPM is a firmware-based TPM, a software-based solution that emulates a hardware-based TPM. It uses the CPU’s features and functions to provide the same level of security and integrity as a hardware-based TPM.
What is the difference between fTPM and hardware-based TPM?
The main difference between fTPM and hardware-based TPM is that fTPM does not require a dedicated chip or module on the motherboard. It can be integrated into the CPU or BIOS firmware. This makes it more flexible, compatible, and cost-effective than hardware-based TPM. However, it also makes it more vulnerable to software attacks, bugs, and performance issues.
What is the problem with AMD’s fTPM implementation?
The problem with AMD’s fTPM implementation is that it causes intermittent stuttering on some Ryzen systems. This happens because fTPM accesses flash memory via serial interface to generate random numbers for cryptographic operations. This process can hold up system activity and cause temporary pauses in system interactivity or responsiveness.
What is Torvalds’ suggestion to disable fTPM’s random number generator?
Torvalds’ suggestion to disable fTPM’s random number generator is to use CPU’s rdrand instruction instead. Rdrand is a CPU instruction that generates random numbers using hardware entropy sources. It is faster, more accessible, and more unpredictable than fTPM’s random number generator. However, it is not truly random, since it can be influenced by external factors, such as power management, temperature, and clock frequency.