RE: Trisquel & Trusted Computing
I'm an XP Pro user looking to switch to Linux. I have asked on other forums if there is any distro & kernel version that is 100% free of this 'Trusted Computing' junk, and was recommended Trisquel. So my first question here is can anyone confirm that Trisquel contains absolutely no Trusted Computing kernel configuration items, modules, drivers, etc.?
I can't speak about what's in the kernel legitimately (meaning it's
there through free software). But I can tell you that Trisquel uses the
Linux-Libre kernel, which has been stripped of all non-free code. And
there are no non-free drivers supported by Trisquel natively (the
repositories do not carry them, they would have to be manually installed
from a .deb file).
http://en.wikipedia.org/wiki/Linux-libre
Trisquel is a free operating system (both in price, and in liberty).
All source code for everything in Trisquel is available. There is
nothing anywhere in any of its drivers or supportive code bases or
applications that does not have 100% source code available that you
could literally compile on your machine, and reproduce what you have
installed.
That being said ... are there actual, real, free software (with source
code, and rights to change it) trusted kernel modules within Linux?
There probably are. But, no matter where you go (with what Linux-based
distro) you'd find that then.
Best regards,
Rick C. Hodgin
On 06/25/2012 05:34 PM, name at domain wrote:
> I'm an XP Pro user looking to switch to Linux. I have asked on other
> forums if there is any distro & kernel version that is 100% free of
> this 'Trusted Computing' junk, and was recommended Trisquel. So my
> first question here is can anyone confirm that Trisquel contains
> absolutely no Trusted Computing kernel configuration items, modules,
> drivers, etc.?
With any of the fully free distros ( http://www.gnu.org/distros/free-distros.html ) you're in charge. You can set the configuration exactly as you wish.
Looks like the default Trisquel kernel comes with trusted computing mostly enabled. I don't know whether that is by choice or simply inherited from upstream.
CONFIG_TCG_TPM=y
CONFIG_TCG_TIS=m
CONFIG_TCG_NSC=m
CONFIG_TCG_ATMEL=m
CONFIG_TCG_INFINEON=m
CONFIG_IMA is not set
So I assume that to totally erase the configuration items you listed requires me to learn how to rebuild or reconfigure the kernal at the least? Looks to be quite a daunting task for a newbie.
Unfortunately yes, that's probably what you'd have to do.
I think I have maybe found a way to use Trisquel as my OS, yet avoid the ordeal of teaching myself how to recompile/reconfigure the kernel, but being a newbie, I would like feedback from experienced users before I pursue a possible dead-end.
Google searches indicate that INTEL_TXT.TXT, CONFIG_INTEL_TXT, etc., did not port into Linux until kernel version 2.6.32, so I am thinking that if I use Trisquel 3.5 or 3.0.1, the Intel code will not be present (Distrowatch lists Trisquel 3.5 as having kernel version 2.6.31, and Trisquel 3.0.1 using kernel 2.6.28). What do you all think of this? Advice welcomed!
Those versions are not supported anymore. That means you would never receive any update even though some security leaks are known. Compiling a kernel is not that hard... but I actually wonder if using free software applications does not keep you safe (the application must enforce the DRM, mustn't them?).
That is correct. However, it is not half as complicated as people think, especially if doing such a trivial change. Here's a guide to do just that I wrote while I was using Debian. http://forums.debian.net/viewtopic.php?f=16&t=36525 I suggest you try it, even if just for fun and learning.
Y means integrated into the kernel and always active
M means built as a module and activated if required
N means not included in any form
Those configs mentioned seem to be under device drivers > character devices. You might want to take a look at the other configs as well. Some of them are fairly easy to select while other remain esoteric for the rest of our combined lives!
Having said that I'm not sure if having those configs enabled does have any ill effects. Trusted computing does have very nasty potential uses (DRM etc) but I doubt Trisquel has any software that would use it for such purposes. Unofficial repositories or god forbid random binaries are another story but those are what you really should be afraid of!
I am a member!
You are looking at it from the wrong angle I think. While the libre-kernel should really have this disabled in the software too the hardware is what you should be concerned about. At least at the moment you can avoid the Intel CPUs with support for "Trusted Computing". We stopped shipping laptops with it months(?) ago. You have to check the processor on the Intel web site to find out if it has this featured. I forget what it is called exactly although you can spot it in the specs.
I am a translator!
On 06/29/2012 09:30 AM, name at domain wrote:
> I forget what it is called exactly although you can spot it in the specs.
Intel "Trusted eXecution Technology" (TXT)
Thanks for your comment. In fact, I am concerned with both, which is one reason I am doing custom-build. Unfortunately, it appears to me that there is no way to completely avoid hardware DRM, now that AMD has become a TCG groupie, so erasing any software based crud is even more essential to deprive hardware its support.
I am a member!
Unless I'm mistaken the Intel DRM stuff is avoidable. Don't confuse graphics DRM with digital restrictions management. If we are talking about the "Trusted Computing" piece you just need to verify the CPU doesn't contain it. Even with the latest generation Intel CPU line up there are models without "Trusted Computing". There is also the TPM component in the BIOS. We are trying to ship without this in our laptops. Still waiting to hear back from a third party working with us on the issue.
Is an Intel CPU with the absolutely appaling TXT technology on its own impotent? Does it require support from the chipset/motherboard to actually function? Are there many motherboards/chipsets that allow you to turn off the functionality of the TXT hardware?
At least some models with a TPM can disable it in the BIOS settings.
I am a member!
I don't consider TXT to really be a deciding factor. I think having a system that works with free software is the number one priority. TXT is avoidable and so we should avoid it. However the handful of users who are avoiding the technology are not relevant to Intel. It's just too small a customer base.
The thing is there isn't much we can do individually right now to discourage this kind of technology. Even if we all individually purchased systems without TXT it wouldn't have an impact.
The best way to discourage this is by creating new companies that apply free software philosophy. If these companies get large enough they will have an influence on the market.
Right now there aren't a whole lot of companies though... I can think of maybe two and I run one. The other is www.eztakes.com (they rent/sell DRM-free movies online).
My deciding factor is who controls my PC (today and in the future). When Billie Gates, TCG, or whoever/whatever pays for my custom build, software, DSL, etc., then they can decide the how/when/where I use my PC. While I'm paying the bills, they don't get any vote. This is not a protest movement, so whether my "avoiding the technology" or not buying Intel products is relevant...is quite meaningless. I cannot stop Intel from forcing DRM on everyone, but I can refuse to contribute to their profit margin, and avoid the technology by refusing to be force-fed. If that means I don't get the 'latest&greatest&biggest&best' hardware, I can live with that. If it means I have to teach myself how to decrudify Windows XP, and reconfigure/rebuild Linux kernel, then such is life. Such companies will do whatever they want...that does not mean I have to support them, or meekly accept the choices (or lack thereof) they would make for me.
I am a member!
I think I lost you. As mentioned earlier you can't custom build a system entirely free of these issues. You can't buy an older system free of these issues. So what exactly are you going to custom build?
Even the older systems have pieces like this.
You are going to run into issues with:
1. Wireless Cards (digital restrictions)
2. Graphics chipsets (non-free software dependencies)
3. Non-free BIOS
4. Non-free microcode (you can't just buy a system without this, it's in all x86 systems)
5. "Trusted Computing"
6. "Remote management" features (related to the BIOS)
7. Some other stuff I can't remember that we are working on... fixing... or trying to.
8. Some other stuff I can't remember that we are working on... fixing... or trying to.
....
You did not lose me. Having done much research on DRM and Trusted Computing, I am quite aware my custom-build cannot avoid all hardware-based DRM. What a custom-build can do is avoid majority of it, and through erasing all software-based DRM that one can, most of the unavoidable hardware-based DRM can be disabled, or at least mitigated. What DRM survives this process I can live with...at least until some Megamind cracker discovers a fix. You do what you can with what you have to work with...sometimes there is no perfect solution (yet). I focus on what I can do. For example, I may not be able to eliminate DRM code in the XP Pro 'kernel', but I have found out how to eliminate most of the rest, and that is a lot of DRM crud!