1 |
On 29/11/14 19:53, Mick wrote: |
2 |
> I'm looking to buy a new PC and while looking at FM2+ MoBos I saw ASUS offers |
3 |
> one with a TPM feature. It also sells it as a separate component it seems: |
4 |
> |
5 |
> http://us.estore.asus.com/index.php?l=product_detail&p=5793 |
6 |
> |
7 |
> I recall reading in this list about it, but I am not sure if it offers any |
8 |
> benefits to me as a user, or just adds a layer of complexity without any |
9 |
> substantial benefit. |
10 |
> |
11 |
> Your views and experience with this TPM thingy? |
12 |
> |
13 |
|
14 |
one thing that is very useful is using tpm to feed random number generator |
15 |
$ time dd if=/dev/random of=/dev/null bs=1 count=100 |
16 |
100+0 records in |
17 |
100+0 records out |
18 |
100 bytes (100 B) copied, 26.7494 s, 0.0 kB/s |
19 |
|
20 |
real 0m26.751s |
21 |
user 0m0.000s |
22 |
sys 0m0.001s |
23 |
|
24 |
|
25 |
|
26 |
after starting trousers and rngd is much much much faster for real(er) |
27 |
random |
28 |
|
29 |
$ time dd if=/dev/random of=/dev/null bs=1 count=100 |
30 |
100+0 records in |
31 |
100+0 records out |
32 |
100 bytes (100 B) copied, 0.000275625 s, 363 kB/s |
33 |
|
34 |
real 0m0.001s |
35 |
user 0m0.002s |
36 |
sys 0m0.000s |
37 |
|
38 |
|
39 |
|
40 |
|
41 |
|
42 |
|
43 |
it's also a safer place to drop keys into for example for use with grub |
44 |
trustedgrub and basically does "secureboot" without the need for uefi |
45 |
you can also use it to encrypt/decrypt *if* you trust it is not backdoored |
46 |
but does mean you can use it for LUKS instead of say a GPG crypted pass |
47 |
file - or you can have the tpm crypt your password into gibberish and |
48 |
then that gibberish phrase is the real password for LUKS |