Linux Now Disabling TPM Bus Encryption By Default For Performance Reasons
Introduced last year in Linux 6.10 was TPM bus encryption and integration protection for Trusted Platform Module 2 (TPM2) handling. The intent was on better TPM security after a prior security demonstration showed TPM key recovery from Microsoft Windows BitLocker as well as TPM sniffing attacks. Shortly after being merged it was limited to just an x86_64 default where it had been tested the most at the time. Now more than one year later, this feature is being disabled by default in the mainline Linux kernel.
Merged today for Linux 6.18 and marked for back-porting to Linux 6.10+ (well, the Linux kernel versions since then still being maintained like Linux 6.12 LTS and Linux 6.17) is disabling the TCG_TPM2_HMAC Kconfig by default. TCG_TPM2_HMAC will still be available for those who want to use HMAC and encrypted transactions on the TPM bus but it's no longer going to be on by default for Linux x86_64 kernel builds.
With today's pull request the code has been merged to disable this option by default. Other developers were in agreement that it adds too much run-time overhead while not being enough of a benefit to default-on in the upstream kernel.
The hope is that now it's disabled by default, the Linux kernel developers can spend more time evaluating the security benefits and performance optimizations to make it worthwhile to re-enabled by default in a future Linux kernel version.
Merged today for Linux 6.18 and marked for back-porting to Linux 6.10+ (well, the Linux kernel versions since then still being maintained like Linux 6.12 LTS and Linux 6.17) is disabling the TCG_TPM2_HMAC Kconfig by default. TCG_TPM2_HMAC will still be available for those who want to use HMAC and encrypted transactions on the TPM bus but it's no longer going to be on by default for Linux x86_64 kernel builds.
With today's pull request the code has been merged to disable this option by default. Other developers were in agreement that it adds too much run-time overhead while not being enough of a benefit to default-on in the upstream kernel.
The hope is that now it's disabled by default, the Linux kernel developers can spend more time evaluating the security benefits and performance optimizations to make it worthwhile to re-enabled by default in a future Linux kernel version.