For those out of the loop, some AMD users have been suffering from stuttering issues caused by the AMD fTPM random number generator. A firmware/BIOS update appears to fix the issue for some users, but not others, leading to more bug reports being sent in. Last week, Linus Torvalds said "let's just disable the stupid fTPM hwrnd thing", and, as of today the Linux kernel has gone ahead and blanket disabled RNG use for all current AMD fTPMs.
As a follow-up to the first-on-Phoronix article last month that highlighted Linus Torvalds' frustrated views on the AMD fTPM random number generator continuing to cause problems for users even with updated firmware/BIOS, as of today the Linux kernel has gone ahead and blanket disabled RNG use for all current AMD fTPMs.
Mario summed up in that commit: tpm: Disable RNG for all AMD fTPMs
The TPM RNG functionality was previously disabled on a subset of AMD fTPM series, but reports continue to show problems on some systems causing stutter root caused to TPM RNG functionality.
Expand disabling TPM RNG use for all AMD fTPMs whether they have versions that claim to have fixed or not.
Thus over the next few days this change in behavior for modern AMD Ryzen systems will be rolling out in the next set of stable kernel point releases.
Hopefully this will lay to rest the various AMD stutter issues that continue to be reported by Linux users on recent kernel versions.
Just to add a perspective from the other side of the fence, I have a gaming laptop running Windows 11 (yes I know) where this (or a very similar) issue has been plaguing Ryzen users for at least a year and a half. The issue is that TPM per se is not causing issues if turned on, but if BitLocker encryption is on it will cause occasional audio stutters and intermittent complete system halts. The only thing that reliably helps is completely turning off Bitlocker, the TPM chip can stay on and is of course needed for W11. OEMs and AMD have been digging their heads in the sand like ostritches and they have released the odd fix that does nothing to fix the underlying issue. I can't see MS doing anything to reverse course on requirements and am getting a bit fed up with their BS lately, browsing what distro might suit me best and might pull the trigger and finally switch...
I have a Windows 11 partition and fTPM is disabled in UEFI. Windows complains that "My computer doesn't meet the requirements to update to Windows 11" on the update menu, but there's no issue.
Hard to say. It's a firmware problem so presumably it could be affecting all of them. The CPUs aren't involved. My guess given the details mentioned by Linus is that it could affect some boards and not others, depending on what else is going on in the boards' firmware at the time when the rand call to is made. In other words, there might be other bugs present in the firmware of say ASUS that trigger this, which aren't present on MSI. And then there might be bugs present in this or that particular model's firmware. It's a whackamole which is why they decided to disable it altogether.
You'll need to use a bleeding edge kernel to get this patch unless it's backported to older kernels by your distro's maintainers. I doubt this will happen for say Debian or Ubuntu. Instead, you'd have to wait for a new HWE that has this new kernel or whatever the equivalent in Debian is.
Well Linux is using rdrand in place of the fTPM one so .. from firmware to hardware. Then again even if you generate random numbers using pure software, is your CPU or firmware FOSS and without bugs (cough .. Debian OpenSSL maintainers, cough) or exploits (Ken Thompson says hi)? If not, and you assume you can't trust the firmware and hardware - all your random numbers are belong to us. Gotta draw the line somewhere, unless you're building your machine from diodes and solder. Personally, I live in a Five Eyes country so I'm alright using the hardware the NSA/GCHQ/CSIS/etc use. If I'm fucked, they're fucked.
Well Linux is using rdrand in place of the fTPM one so .. from firmware to hardware.
That depends on your distribution's setting of the CONFIG_RANDOM_TRUST_CPU compile-time configuration option and the random.trust_cpu sysctl setting. I'm not sure what the major distributions are doing with that at the moment.
Then again even if you generate random numbers using pure software, is your CPU or firmware FOSS and without bugs (cough .. Debian OpenSSL maintainers, cough ..)? If not, and you assume you can't trust the firmware and hardware - all your random numbers are belong to us.
Like you said, it is impossible to be completely safe. But using proprietary cryptographic hardware/firmware, the inner workings of which are known only to Intel, introduces a lot of risk. Especially when we know the NSA spends hundreds of millions of dollars on bribing companies to introduce backdoors into their products. At least when it's an open source cryptographic library they have to go to great lengths to create subtle bugs or broken algorithms that no one notices.
Our CPUs are certainly backdoored too, beyond RDRAND. But it's way more complicated to compromise any arbitrary cryptographic algorithm running on the CPU with a backdoor than making a flawed hardware RNG. Any individual operation making up a cryptographic algorithm can be verified to have executed properly according to the specification of the instruction set. It would be very obvious, for example, if XORing two 0s produced a 1, that something is very wrong. So a backdoor like this would have to only activate in very specific circumstances and it would be very obvious, limiting its use to specific targets. But a black box that produces random numbers is very, very difficult to verify.
Ultimately, the real solution is the dissolution of the American security state and the computer monopolies.
If I'm fucked, they're fucked.
Not if they're the only ones who know about the backdoors.
Edit: I started writing that before your edit about the "Ken Thompson hack". An element of any good backdoor would include obfuscation of its existence, of course. The issue is it is impossible to predict every possible permutation of operations that would result in discovery of the backdoor and account for them. Maybe if you had a sentient AI dynamically rewriting its own code... anyway, backdoors in tooling like compilers is very concerning. But I'm not too concerned about a Ken Thompson type attack there just because of how widely they're used, how many different environments they run in, and how scrutinized the outputted code is.