Just installed updates from Pacman, not even touching the AUR. Now when I reboot machine, this happens. It just reboots itself and the cycle repeats itself. Any solutions?
this post was submitted on 21 Dec 2025
41 points (93.6% liked)
Arch Linux
9327 readers
26 users here now
The beloved lightweight distro
founded 6 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
TPM is a marketing gimmick disguised as a security feature to sell more hardware and force AI adoption. Disabling it is your civic duty. Disabling it can also boost speeds!
TPM is not a marketing gimmick, it's a legitimate security feature that helps combat modern types of viruses.
Microsoft is a shit company that used TPM nonsense to justify a wave of forced obsolescence, but that does not mean that TPM is inherently bad at all, it is not.
Disabling it can boost some speeds, yes, but that statement is true of disabling any feature that runs code... Because the device is doing less. Closing programs does the same thing, but then programs aren't running.... So.
TPM has nothing to do with AI adoption, again that's Microsoft being a shit company.
The spirit of your anger is valid but it's misdirected. Don't trash TPM because we want people to understand that it's a good thing to have if you can enable it for your use case and want to accept any trade offs. Threats evolve and security evolves with it; TPM is part of that.
Advocating against TPM is analogous to being anti-vax.
Vaccines work and are tested rigorously.
TPMs are not even close to that and UEFI implementations using them are then even worse and often next to disfunctional if used for any other case then "I use the pre-installed MS keys with a MS product", up to bricking devices. And they are this bad by design.
So no. The comparison between advocating against an often low quality product used in combination with an even worse implementation accessing it, just because Microsoft pushed for that shit as a marketing gimmick (thus verndors often only test that subset of the functionality properly) and anti-vaxxers is actually insane.
TPMs are exceptionally effective at preventing the threats they are designed to mitigate, when used correctly.
A TPM is a device specific hardware security module (HSM). HSMs are a key component of modern enterprise security. You might think that's far removed from your PC at home, but it's a difference of scale, not of kind.
Anti-vaxxers don't understand the science behind how vaccines work and they dislike how vaccines are implemented, in their perception of society.
If you dislike TPMs on face value it's because you also don't understand the science behind how it works and you dislike how it's implemented, into your perception of society.
Microsoft is a PoS company for mandating TPM compatibility as a baseline for their OS to function. It's a security feature, and not one that's important enough at this juncture to be REQUIRED for an everyday consumer device. It has trade offs. It can be argued that the trade offs aren't worth it at this juncture.
But, as I said, TPM is not inherently bad. It's inherently good, in fact - but shitty implementation is shitty.
You speak about the design of TPMs. I speak about the actual reality of mediocre and sometimes defective hardware and the even worse and often defective software implementations (often already on the bios/UEFI level) used in conjunction.
Sadly that's not even close to the same thing, in parts because a certain "PoS company" plays a huge part in it.
Or to stick with your picture: Your argument is as sane as supporting any vaccine, no matter its effectiveness, because vaccines in general are a very good thing. Fortunately there are national health offices evaluating effectiveness and benefit/drawback comparisons for vaccines. Unfortunately the "same" evaluation for hardware is done by big tech under the premise of how to make the most money.
No, i don't "dislike" anything. I simply talked about practical reality instead of theoretic ideal.
I feel like you would not believe the real amount of shitty enterprise security were the pinnacle of TPM use is requiring active Secure Boot (with pre-installed MS keys of course) and managing their Office365 licensing...
Sure, bad implementation is bad. Hardware, software - whether lazy, ignorant, malicious, negligent, whatever. It's bad, and we agree on that.
My analogous argument is NOT that you should SUPPORT any vaccine no matter what, it is that you should not oppose ALL vaccines because they can be dangerous to some.
The original guy I replied to was like "it's your civic duty to disable TPM" and went on an unhinged rant about how it's about forcing AI integration or something. Completely ridiculous claims that show a completely ignorant and emotionally charged opinion that I equate to an anti vax type of line of reasoning.
Repeatedly I've criticized bad implementation of TPMs and specified that they're effective only when used correctly.
Sounds like you and I agree on pretty much all points but you're getting wrapped around the axle on an analogy that I made to highlight the absurdity of a different person's statement, and then you're straw manning it to boot.
The reality is that there's a need for TPMs in systems these days as we get more and more reliant on devices to do literally everything for us, and bad actors find new ways to threaten the baskets we put all our eggs in. We should very much so criticize bad conduct and highlight what is bad, but not poison the well on the technology itself. That doesn't help. The conversation has nuance and watering it down to "TPM bad because Microsoft" completely misses the mark.
No one listen to this person
That's what Microsoft is using it for now, but not what it does.
You are confusing "what it should do" with "what it does". Vendors are trying to save money like everyone else and will regularly provide defective hardware or software implementations that were never properly tested for any actual functionality beyond said "MS marketing gimmick"
It works on my Linux install. Will halt boot if kernal changes or nvidia driver changes and you have not approved the mee keys.
"It works on my system" vs. "I bricked my device because the basic functionality to replace the pre-installed keys was broken or some idiot vendor had signed his hardware with that MS key" is still bad, even when it runs for the vast majority only using their system with pre-installed keys (those are not actually the ones needing the security and it really is just a marketing gimmick) while just a small minority aiming for security gets screwed by shitty implementations.
The intent makes sense, it is a trust chain to ensure the system will only boot if it is not tempered with. We have it on android also, to prevent malicious Kernel and OS changes. Microsoft holding the keys signing is the shit part.