January 5, 2026
Now with extra encryption glitter
Decorative Cryptography
Security bling or real armor? The crowd drags “end‑to‑end” claims
TLDR: Linux adds extra checks and encryption to the TPM wire to curb snooping, but commenters say it can’t fix early boot weaknesses and reads like “security makeup.” The thread spirals into end‑to‑end skepticism (hello, iMessage), hardware nostalgia, and reposter‑bot drama, making the stakes clear: trust the ends, or nothing matters.
A new Linux feature promises to lock down the chat between your computer and its tiny security chip (the TPM) with extra message signing and encryption, aiming to stop wire‑tapping and tampering. But the community smelled vibes of “decorative cryptography”—pretty math that can’t fix deeper boot‑time problems—because the kernel only arrives after the firmware party has already started. The article’s wink, “All encryption is end‑to‑end, if you’re not picky about the ends,” instantly became a meme, with bjackman cheering the spicy coinage “threat model gerrymandering.” Others pulled Apple into the courtroom: mmoustafa compared this to iMessage’s “encrypted” chats while on‑device scanning still phones home, arguing that end‑to‑end is only as honest as the endpoints. Hardware nostalgics chimed in, like tucnak sighing that IBM POWER9 had fancy key features years ago and modern CPUs… still don’t. Meanwhile, ragebol wanted Lord of the Rings magic—“keys hidden in decorations”—and got Linux bus math instead. And of course, meta‑drama: Foxboron accused reposter bots of stirring the pot. Some readers love the extra TPM protections and cite docs like tpm‑security.rst; others call it crypto lipstick on a shaky boot model. The verdict: useful, but not the silver bullet fans crave.
Key Points
- •TCG_TPM2_HMAC adds HMAC-authenticated and encrypted sessions to protect TPM 2.0 bus communications against snooping and interposer attacks.
- •The feature operates at the kernel stage, so it cannot protect firmware or boot loader measurements made before the kernel boots.
- •The article uses the STRIDE model to identify relevant bus threats: spoofing, tampering, information disclosure, and denial of service.
- •Attackers may access the TPM bus via hardware probing or by compromising a controller such as a BMC.
- •Enabling TCG_TPM2_HMAC selects crypto dependencies (ECDH, AES-CFB, SHA-256) and introduces encryption overhead to kernel–TPM transactions; trusted keys use encrypted sessions to protect secrets.