Conversation

Notices

1. Embed this notice
   Dushman (dushman@den.raccoon.quest)'s status on Sunday, 10-Dec-2023 18:24:34 JST Dushman

   UEFI secure boot is completely useless if you don't use custom keys

   • Embed this notice
     :apa: スプリットショックウイルス † (splitshockvirus@mstdn.starnix.network)'s status on Sunday, 10-Dec-2023 18:24:33 JST :apa: スプリットショックウイルス †

     in reply to

     • かき@GNUsocialJP

     @dushman
     🔒 👢 :soy_right: cc @inference

     Haelwenn /элвэн/ :triskell: and ✙ dcc :pedomustdie: :phear_slackware: like this.
   • Embed this notice
     Sexy Moon (moon@shitposter.club)'s status on Sunday, 10-Dec-2023 19:32:11 JST Sexy Moon

     in reply to

     • hazlin no plap pirate
     • framebuffer :archlinux: :gentoo: :tuxspin:
     @dushman @hazlin @fuzzylinuxuser to run linux on secure boot the UEFI has to have a signature that was "graciously" provided through Microsoft. As far as I know almost no motherboards let you enroll your own signing key for secure boot.
   • Embed this notice
     Dushman (dushman@den.raccoon.quest)'s status on Sunday, 10-Dec-2023 19:32:13 JST Dushman

     in reply to

     • hazlin no plap pirate
     • framebuffer :archlinux: :gentoo: :tuxspin:

     @fuzzylinuxuser @hazlin@shortstacksran.ch
     I saw them malding over stuff on new thinkpads you can just turn off lol. They still run Linux just fine, hell they are even certified by Lenovo to do so and you can order them preloaded with Linux from the factory.

   • Embed this notice
     framebuffer :archlinux: :gentoo: :tuxspin: (fuzzylinuxuser@den.raccoon.quest)'s status on Sunday, 10-Dec-2023 19:32:14 JST framebuffer :archlinux: :gentoo: :tuxspin:

     in reply to

     • hazlin no plap pirate

     @dushman @hazlin@shortstacksran.ch I don't see GNUers malding at the moment, though... I don't pay attention to them, but it can't be denied that despite both being flawed, UEFI still has its advantages that BIOS cannot ever have.

   • Embed this notice
     Dushman (dushman@den.raccoon.quest)'s status on Sunday, 10-Dec-2023 19:32:15 JST Dushman

     in reply to

     • hazlin no plap pirate

     @hazlin@shortstacksran.ch all about making it more difficult for an end user to control their own deviceIt's just GNUboys malding over settings you can change or turn off completely. Proprietary UEFI isn't any worse than proprietary BIOS lol.

   • Embed this notice
     hazlin no plap pirate (hazlin@shortstacksran.ch)'s status on Sunday, 10-Dec-2023 19:32:16 JST hazlin no plap pirate

     in reply to
     @dushman I always thought the UEFI and TPM, and what ever that new bios level hard-drive encryption BS, is all about making it more difficult for an end user to control their own device.
   • Embed this notice
     Sexy Moon (moon@shitposter.club)'s status on Sunday, 10-Dec-2023 19:37:29 JST Sexy Moon

     in reply to

     • hazlin no plap pirate
     • framebuffer :archlinux: :gentoo: :tuxspin:
     @fuzzylinuxuser @dushman @hazlin I don't know why dush had to ding freetards on this, if you don't care about secure boot then coreboot/libreboot is the 100% technically superior option because all it does is boot your OS, no dumb extra vendor shit to exploit.
   • Embed this notice
     framebuffer :archlinux: :gentoo: :tuxspin: (fuzzylinuxuser@den.raccoon.quest)'s status on Sunday, 10-Dec-2023 19:37:30 JST framebuffer :archlinux: :gentoo: :tuxspin:

     in reply to

     • Sexy Moon
     • hazlin no plap pirate

     @Moon@shitposter.club @dushman@den.raccoon.quest @hazlin@shortstacksran.ch Which is exactly the problem, it's pointless to go a lot harder way.
     
     But Secure Boot has limited use cases though, it can be circumvented

   • Embed this notice
     Sexy Moon (moon@shitposter.club)'s status on Sunday, 10-Dec-2023 19:39:34 JST Sexy Moon

     in reply to

     • hazlin no plap pirate
     • framebuffer :archlinux: :gentoo: :tuxspin:
     @dushman @hazlin @fuzzylinuxuser I love coreboot more than any man should love something as abstract and specific as a bootloader software
     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Dushman (dushman@den.raccoon.quest)'s status on Sunday, 10-Dec-2023 19:39:35 JST Dushman

     in reply to

     • Sexy Moon
     • hazlin no plap pirate
     • framebuffer :archlinux: :gentoo: :tuxspin:

     @Moon@shitposter.club @fuzzylinuxuser@den.raccoon.quest @hazlin@shortstacksran.ch And yeah coreboot is best. I got it on my thinkpad.

   • Embed this notice
     Sexy Moon (moon@shitposter.club)'s status on Monday, 11-Dec-2023 05:53:32 JST Sexy Moon

     in reply to

     • hazlin no plap pirate
     • framebuffer :archlinux: :gentoo: :tuxspin:
     @dushman @hazlin @fuzzylinuxuser it's definitely worse than proprietary bios because it includes functionality to lock you out of the entire system where regular BIOS can't do that. UEFI can silently install shim drivers into Windows even on a fresh aftermarket install. It's just worse.
   • Embed this notice
     Dushman (dushman@den.raccoon.quest)'s status on Monday, 11-Dec-2023 05:53:34 JST Dushman

     in reply to

     • Sexy Moon
     • hazlin no plap pirate
     • framebuffer :archlinux: :gentoo: :tuxspin:

     @Moon@shitposter.club @fuzzylinuxuser@den.raccoon.quest @hazlin@shortstacksran.ch
     I mean mofos still complaining about the digital handcuffs of UEFI or whatever, even on fedi lol.

   • Embed this notice
     Sexy Moon (moon@shitposter.club)'s status on Monday, 11-Dec-2023 05:56:11 JST Sexy Moon

     in reply to

     • hazlin no plap pirate
     • framebuffer :archlinux: :gentoo: :tuxspin:
     @dushman @hazlin @fuzzylinuxuser make it impossible too change the OS
   • Embed this notice
     Dushman (dushman@den.raccoon.quest)'s status on Monday, 11-Dec-2023 05:56:12 JST Dushman

     in reply to

     • Sexy Moon
     • hazlin no plap pirate
     • framebuffer :archlinux: :gentoo: :tuxspin:

     @Moon@shitposter.club @hazlin@shortstacksran.ch @fuzzylinuxuser@den.raccoon.quest lock you out of the entire system What are you referring to exactly?

   • Embed this notice
     feld (feld@bikeshed.party)'s status on Monday, 11-Dec-2023 05:57:01 JST feld

     in reply to

     • Sexy Moon
     • hazlin no plap pirate
     • framebuffer :archlinux: :gentoo: :tuxspin:
     @Moon @dushman @fuzzylinuxuser @hazlin I want whatever Oxide is doing to become the default. Fuck BIOS and UEFI.
   • Embed this notice
     Sexy Moon (moon@shitposter.club)'s status on Monday, 11-Dec-2023 05:58:05 JST Sexy Moon

     in reply to

     • hazlin no plap pirate
     • framebuffer :archlinux: :gentoo: :tuxspin:
     @dushman @hazlin @fuzzylinuxuser Corebios boots Linux. If you add the SeaBIOS module to it, it acts like any other normal BIOS.
   • Embed this notice
     framebuffer :archlinux: :gentoo: :tuxspin: (fuzzylinuxuser@den.raccoon.quest)'s status on Monday, 11-Dec-2023 05:58:07 JST framebuffer :archlinux: :gentoo: :tuxspin:

     in reply to

     • Sexy Moon
     • hazlin no plap pirate

     @dushman @Moon@shitposter.club @hazlin@shortstacksran.ch Earlier you told that coreboot isn't BIOS nor UEFI though?

   • Embed this notice
     Dushman (dushman@den.raccoon.quest)'s status on Monday, 11-Dec-2023 05:58:07 JST Dushman

     in reply to

     • Sexy Moon
     • hazlin no plap pirate
     • framebuffer :archlinux: :gentoo: :tuxspin:

     @fuzzylinuxuser @Moon@shitposter.club @hazlin@shortstacksran.ch
     Yeah, it's different.

   • Embed this notice
     Dushman (dushman@den.raccoon.quest)'s status on Monday, 11-Dec-2023 05:58:08 JST Dushman

     in reply to

     • Sexy Moon
     • hazlin no plap pirate
     • framebuffer :archlinux: :gentoo: :tuxspin:

     @fuzzylinuxuser @Moon@shitposter.club @hazlin@shortstacksran.ch
     Coreboot :bleh_cat:

   • Embed this notice
     framebuffer :archlinux: :gentoo: :tuxspin: (fuzzylinuxuser@den.raccoon.quest)'s status on Monday, 11-Dec-2023 05:58:10 JST framebuffer :archlinux: :gentoo: :tuxspin:

     in reply to

     • Sexy Moon
     • hazlin no plap pirate

     @Moon@shitposter.club @dushman@den.raccoon.quest @hazlin@shortstacksran.ch Then what is your solution if we want to have the modern features of UEFI, without the flaws you described?

   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Monday, 11-Dec-2023 05:58:38 JST 翠星石

     in reply to

     • Eric Zhang 2: Episode 1
     @eric X200 can be GNUbooted, so install GNUboot, which is coreboot, but with the proprietary malware removed.
     
     It boots straight into GNU grub, where GNU/Linux-libre can easily be launched from.
     
     There's also the seaBIOS payload, but that's mediocre compared to grub.
   • Embed this notice
     Eric Zhang 2: Episode 1 (eric@pl.starnix.network)'s status on Monday, 11-Dec-2023 05:58:40 JST Eric Zhang 2: Episode 1

     in reply to
     @dushman I have an X200 but there's absolutely no way I am going to daily drive that lol. Stuck with American Megatrends for now.
   • Embed this notice
     Dushman (dushman@den.raccoon.quest)'s status on Monday, 11-Dec-2023 05:58:41 JST Dushman

     in reply to

     • Eric Zhang 2: Episode 1

     @eric@pl.starnix.network
     Just get a compatible thinkpad for cheap

   • Embed this notice
     Eric Zhang 2: Episode 1 (eric@pl.starnix.network)'s status on Monday, 11-Dec-2023 05:58:42 JST Eric Zhang 2: Episode 1

     in reply to
     @dushman Yeah but I can't install it lol
   • Embed this notice
     Dushman (dushman@den.raccoon.quest)'s status on Monday, 11-Dec-2023 05:58:43 JST Dushman

     in reply to

     • Eric Zhang 2: Episode 1

     @eric@pl.starnix.network
     coreboot ftw

   • Embed this notice
     Eric Zhang 2: Episode 1 (eric@pl.starnix.network)'s status on Monday, 11-Dec-2023 05:58:44 JST Eric Zhang 2: Episode 1

     in reply to
     @dushman
     >coreboot
     ngmi
   • Embed this notice
     Dushman (dushman@den.raccoon.quest)'s status on Monday, 11-Dec-2023 05:58:45 JST Dushman

     in reply to

     • Eric Zhang 2: Episode 1

     @eric@pl.starnix.network
     Source:
     Did it on mine before I installed coreboot on it

   • Embed this notice
     Dushman (dushman@den.raccoon.quest)'s status on Monday, 11-Dec-2023 05:58:46 JST Dushman

     in reply to

     • Eric Zhang 2: Episode 1

     @eric@pl.starnix.network
     Depends on the firmware. You can on thinkpads for example.

   • Embed this notice
     Eric Zhang 2: Episode 1 (eric@pl.starnix.network)'s status on Monday, 11-Dec-2023 05:58:47 JST Eric Zhang 2: Episode 1

     in reply to
     @dushman I don't think you can do that on prebuilts, which is what most people are using
   • Embed this notice
     Dushman (dushman@den.raccoon.quest)'s status on Monday, 11-Dec-2023 05:58:48 JST Dushman

     in reply to

     • Eric Zhang 2: Episode 1

     @eric@pl.starnix.network
     I have it disabled lol. I made it display only diagnostic text on boot, more useful to me. Haven't looked into this though so idk whether or not it would still be possible with a configuration like this.

   • Embed this notice
     Eric Zhang 2: Episode 1 (eric@pl.starnix.network)'s status on Monday, 11-Dec-2023 05:58:49 JST Eric Zhang 2: Episode 1

     in reply to
     @dushman Speaking of which: https://arstechnica.com/security/2023/12/just-about-every-windows-and-linux-device-vulnerable-to-new-logofail-firmware-attack/
   • Embed this notice
     Sexy Moon (moon@shitposter.club)'s status on Monday, 11-Dec-2023 06:00:08 JST Sexy Moon

     in reply to

     • hazlin no plap pirate
     • framebuffer :archlinux: :gentoo: :tuxspin:
     @fuzzylinuxuser @dushman @hazlin UEFI exists so vendors can load shitware and spyware and custom logos and DRM on your machine, in return you get one or two improvements to things like flashing firmware that didn't actually have to be impossible under BIOS.
     feld likes this.
   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Monday, 11-Dec-2023 06:02:54 JST 翠星石

     in reply to

     • framebuffer :archlinux: :gentoo: :tuxspin:
     @fuzzylinuxuser Coreboot has a UEFI payload option, so yes you can have UEFI with coreboot, with signing keys once you figure out how to get the bloated mess to compile - good luck.
     
     GNU Grub with gnupg key verification is better both functionality and security wise btw.
   • Embed this notice
     Sexy Moon (moon@shitposter.club)'s status on Monday, 11-Dec-2023 06:07:15 JST Sexy Moon

     in reply to

     • hazlin no plap pirate
     • framebuffer :archlinux: :gentoo: :tuxspin:
     @fuzzylinuxuser @dushman @hazlin I was just asked to explain what it was. corebios boots linux in under one second. If you need to boot a different OS, you plop SeaBIOS on top of Coreboot and it's a complete BIOS implementation that is not proprietary.
   • Embed this notice
     framebuffer :archlinux: :gentoo: :tuxspin: (fuzzylinuxuser@den.raccoon.quest)'s status on Monday, 11-Dec-2023 06:07:17 JST framebuffer :archlinux: :gentoo: :tuxspin:

     in reply to

     • Sexy Moon
     • hazlin no plap pirate

     @Moon@shitposter.club @dushman@den.raccoon.quest @hazlin@shortstacksran.ch I don't care about Windows or other OSes, why should I get another module, if I can just directly boot to *nix of my choice?

   • Embed this notice
     Sexy Moon (moon@shitposter.club)'s status on Monday, 11-Dec-2023 06:08:21 JST Sexy Moon

     in reply to

     • hazlin no plap pirate
     • framebuffer :archlinux: :gentoo: :tuxspin:
     @fuzzylinuxuser @dushman @hazlin it's difficult because it's a false dichotomy. the nice things that UEFI added didn't require UEFI, which is a trojan horse to remove control over your own machine in the long term.
     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     framebuffer :archlinux: :gentoo: :tuxspin: (fuzzylinuxuser@den.raccoon.quest)'s status on Monday, 11-Dec-2023 06:08:22 JST framebuffer :archlinux: :gentoo: :tuxspin:

     in reply to

     • Sexy Moon
     • hazlin no plap pirate

     @Moon@shitposter.club @dushman@den.raccoon.quest @hazlin@shortstacksran.ch That's not a solution though? You didn't directly stick to the question...

   • Embed this notice
     Sexy Moon (moon@shitposter.club)'s status on Monday, 11-Dec-2023 06:13:42 JST Sexy Moon

     in reply to

     • hazlin no plap pirate
     • framebuffer :archlinux: :gentoo: :tuxspin:
     @dushman @hazlin @fuzzylinuxuser A bunch of AMD server boards used to support it. I wish I had it for my boards too.
   • Embed this notice
     Dushman (dushman@den.raccoon.quest)'s status on Monday, 11-Dec-2023 06:13:43 JST Dushman

     in reply to

     • Sexy Moon
     • hazlin no plap pirate
     • framebuffer :archlinux: :gentoo: :tuxspin:

     @Moon@shitposter.club @fuzzylinuxuser@den.raccoon.quest @hazlin@shortstacksran.ch
     I wish coreboot had wider support. I'd slap it on my main rig too if that was the case.

   • Embed this notice
     Johnny Peligro (mischievoustomato@5dollah.click)'s status on Monday, 11-Dec-2023 06:16:16 JST Johnny Peligro

     in reply to

     • Sexy Moon
     • hazlin no plap pirate
     • framebuffer :archlinux: :gentoo: :tuxspin:
     you can roll on your own keys though
   • Embed this notice
     Sexy Moon (moon@shitposter.club)'s status on Monday, 11-Dec-2023 06:16:16 JST Sexy Moon

     in reply to

     • hazlin no plap pirate
     • Johnny Peligro
     • framebuffer :archlinux: :gentoo: :tuxspin:
     @mischievoustomato @dushman @fuzzylinuxuser @hazlin are you reading what I am typing, being able to enroll your own keys isn't a mandatory feature and a lot of boards don't let you
   • Embed this notice
     armpit licker feet smeller (tiskaan@fedi.layer02.net)'s status on Monday, 11-Dec-2023 06:16:51 JST armpit licker feet smeller

     in reply to

     • hazlin no plap pirate
     • Johnny Peligro
     @mischievoustomato @dushman @hazlin seethe is what made rms become a gnu jihadi in the first place
     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     :blobancap: :blobcattrans: :blobancap: :blobcattrans: :blobancap: :blobcattrans: (allison@hidamari.apartments)'s status on Monday, 11-Dec-2023 06:16:51 JST :blobancap: :blobcattrans: :blobancap: :blobcattrans: :blobancap: :blobcattrans:

     in reply to

     • hazlin no plap pirate
     • armpit licker feet smeller
     • Johnny Peligro
     @tiskaan @mischievoustomato @dushman @hazlin Seethe about printers, to be more specific. I would say he was entirely justified on that one tho, printers are and continue to be the devil's work.
   • Embed this notice
     Johnny Peligro (mischievoustomato@5dollah.click)'s status on Monday, 11-Dec-2023 06:16:52 JST Johnny Peligro

     in reply to

     • hazlin no plap pirate
     why do gnutards seethe so much over dumb shit
   • Embed this notice
     Sexy Moon (moon@shitposter.club)'s status on Monday, 11-Dec-2023 06:25:54 JST Sexy Moon

     in reply to

     • hazlin no plap pirate
     • Johnny Peligro
     • framebuffer :archlinux: :gentoo: :tuxspin:
     @dushman @hazlin @mischievoustomato @fuzzylinuxuser there are microsoft tablets you can't disable it on, this was their goal all along but it didn't work out for them
   • Embed this notice
     Dushman (dushman@den.raccoon.quest)'s status on Monday, 11-Dec-2023 06:25:56 JST Dushman

     in reply to

     • Sexy Moon
     • hazlin no plap pirate
     • Johnny Peligro
     • framebuffer :archlinux: :gentoo: :tuxspin:

     @fuzzylinuxuser @Moon@shitposter.club @hazlin@shortstacksran.ch @mischievoustomato@5dollah.click
     You can disable secure boot on any mobo. What do you mean?

   • Embed this notice
     framebuffer :archlinux: :gentoo: :tuxspin: (fuzzylinuxuser@den.raccoon.quest)'s status on Monday, 11-Dec-2023 06:25:57 JST framebuffer :archlinux: :gentoo: :tuxspin:

     in reply to

     • Sexy Moon
     • hazlin no plap pirate
     • Johnny Peligro

     @dushman @Moon@shitposter.club @hazlin@shortstacksran.ch @mischievoustomato@5dollah.click If there's something you can't turn off, then wouldn't it also limit user freedom?

   • Embed this notice
     Dushman (dushman@den.raccoon.quest)'s status on Monday, 11-Dec-2023 06:25:58 JST Dushman

     in reply to

     • Sexy Moon
     • hazlin no plap pirate
     • Johnny Peligro
     • framebuffer :archlinux: :gentoo: :tuxspin:

     @Moon@shitposter.club @hazlin@shortstacksran.ch @fuzzylinuxuser@den.raccoon.quest @mischievoustomato@5dollah.click
     I've seen several UEFI implementations that let you do that. Otherwise you can just disable secure boot. I wouldn't say it limits user freedom.

   • Embed this notice
     Dushman (dushman@den.raccoon.quest)'s status on Monday, 11-Dec-2023 06:25:59 JST Dushman

     in reply to

     • Sexy Moon
     • hazlin no plap pirate
     • Johnny Peligro
     • framebuffer :archlinux: :gentoo: :tuxspin:

     @Moon@shitposter.club @hazlin@shortstacksran.ch @fuzzylinuxuser@den.raccoon.quest @mischievoustomato@5dollah.click As far as I know almost no motherboards let you enroll your own signing key for secure boot.What? Mine does and it's not uncommon. It's on AMI firmware.

   • Embed this notice
     Sexy Moon (moon@shitposter.club)'s status on Monday, 11-Dec-2023 06:27:21 JST Sexy Moon

     in reply to

     • hazlin no plap pirate
     • Johnny Peligro
     • framebuffer :archlinux: :gentoo: :tuxspin:
     @dushman @hazlin @mischievoustomato @fuzzylinuxuser what's not cool is having to guess what features your UEFI motherboard does or does not have
   • Embed this notice
     Dushman (dushman@den.raccoon.quest)'s status on Monday, 11-Dec-2023 06:27:22 JST Dushman

     in reply to

     • Sexy Moon
     • hazlin no plap pirate
     • Johnny Peligro
     • framebuffer :archlinux: :gentoo: :tuxspin:

     @Moon@shitposter.club @hazlin@shortstacksran.ch @mischievoustomato@5dollah.click @fuzzylinuxuser@den.raccoon.quest
     Not my problem cuz I'd never buy an MS tablet lol

   • Embed this notice
     Sexy Moon (moon@shitposter.club)'s status on Monday, 11-Dec-2023 06:32:34 JST Sexy Moon

     in reply to

     • hazlin no plap pirate
     • Johnny Peligro
     • framebuffer :archlinux: :gentoo: :tuxspin:
     @mischievoustomato @dushman @fuzzylinuxuser @hazlin yeah their RT models, they were ARM tablets with UEFI, weird birds.
   • Embed this notice
     Johnny Peligro (mischievoustomato@5dollah.click)'s status on Monday, 11-Dec-2023 06:32:35 JST Johnny Peligro

     in reply to

     • Sexy Moon
     • hazlin no plap pirate
     • framebuffer :archlinux: :gentoo: :tuxspin:
     huh really?
   • Embed this notice
     Dushman (dushman@den.raccoon.quest)'s status on Monday, 11-Dec-2023 06:37:10 JST Dushman

     in reply to

     • Sexy Moon
     • hazlin no plap pirate
     • Johnny Peligro
     • framebuffer :archlinux: :gentoo: :tuxspin:

     @Moon@shitposter.club @mischievoustomato@5dollah.click @fuzzylinuxuser@den.raccoon.quest @hazlin@shortstacksran.ch ARM tablets with UEFINow that's cursed lol

     Sexy Moon likes this.
   • Embed this notice
     istván (istvan@noagendasocial.com)'s status on Monday, 11-Dec-2023 06:55:09 JST istván

     in reply to

     • Sexy Moon
     • hazlin no plap pirate
     • framebuffer :archlinux: :gentoo: :tuxspin:

     @Moon @dushman @fuzzylinuxuser @hazlin I'll take anything as long as it isn't UEFI.

     Even pmon2000.

     Few remember the horrors of pmon2000 and how easy it is to brick your system. Had to solder leads onto the chip itself to reflash after a build that worked fine when soft loaded bricked on flash.

     Sexy Moon likes this.
   • Embed this notice
     hazlin no plap pirate (hazlin@shortstacksran.ch)'s status on Monday, 11-Dec-2023 07:03:08 JST hazlin no plap pirate

     in reply to
     @dushman
     > useful against evil maid attacks
     
     Not all of us have the same attack surface as nobility xD
     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Dushman (dushman@den.raccoon.quest)'s status on Monday, 11-Dec-2023 07:03:09 JST Dushman

     in reply to

     • hazlin no plap pirate

     @hazlin@shortstacksran.ch
     I wouldn't say so. I mean you can disable both easy peasy on like any mobo. Secure boot can be useful against evil maid attacks if you use your own keys. The usefulness of TPM in a practical sense is questionable though.