[pdenton]

Linux always boots perfectly fine with TPM hardware support disabled, even when there actually is such a chip built in.

The real showstopper would be if "SecureBoot" would be enforced. I hope it never actually happens for personal computers. Everything else in the consumer electronics business is pretty much a lost cause already.

[belltaco]

TPM 2.0 and Secure Boot are two different things. Secure Boot has been enforced by default for the better part of a decade now with the major consumer Linux distros supporting it, and can be disabled in the BIOS setup.

SecureBoot prevents a very dangerous set of persistent rootkits that are completely invisible to the OS, not sure why tech savvy folks are against it for the vast majority of computer users, even Linux ones. Many UEFI setups allow you to add your own keys to the EFI and self-sign.

>Linux always boots perfectly fine with TPM hardware support disabled, even when there actually is such a chip built in

That would mean Linux is less secure in that scenario since the TPM is used to secure store things like hard drive encryption keys.

[tpxl]

> The real showstopper would be if "SecureBoot" would be enforced. I hope it never actually happens for personal computers. Everything else in the consumer electronics business is pretty much a lost cause already.

This is the end game. Widespread hardware and software support with default off, then default on, then always on. All to protect users from themselves of course.

[belltaco]

The so called "end game" is already here on mobile/tablets with iOS and most Android devices. And also Chromebooks. I have a Chromebook that got bricked because the TPM malfunctioned and there's no way to repair it without replacing the mainboard. Yet all these devices are credited with being more secure devices compared to PCs.

[hulitu]

> Yet all these devices are credited with being more secure devices compared to PCs.

Yes. They are more secure for the manifacturer. Do you want to give this app access to your files ? To all your files. And it phones home. Encrypted so you cannot see.

[aaaaaaaaata]

Security ≠ Privacy

[westcort]

Win 8 had a secure boot. It was tricky to get Linux working on that system.

Right now, I am looking into repurposing an old thin client as a daily driver machine.

[compsciphd]

Dell's Wyse 5070 (and 5470 AIO with a passable for non professional graphics usage 24" display) thin clients are $100 (ebay or even dell outlet) machines that make great daily drivers. they aren't speed demons, but with a m.2 ssd stick and 8-16GB of ram, they are more than fast enough for every day use (my 5470 seemed to just stay at a 2.4ghz boost clock in a reasonably ACd room (and with just passive cooling to its cpu, no fan). So don't even need really old ones.

they also make great plex servers, due to intel quicksync for transcoding videos.

[navjack27]

Secure boot is at least on the latest insider versions I'm on. I was unable to apply updates on the dev flights because my updated motherboard BIOS had the default option enabled for CSM which I thought was absurd when I finally looked. So yeah. You can't install future versions of Windows 11 with CSM enabled.