1 |
On Mon, Jun 2, 2014 at 6:06 AM, Alan McKinnon <alan.mckinnon@×××××.com> wrote: |
2 |
> You log in (or boot up), the system asks for a password/key or whatever, |
3 |
> then unlocks the encryption used. |
4 |
|
5 |
The more common approach is to not prompt for a password/key, but |
6 |
instead store it in the TPM using a trusted boot path. This is |
7 |
possible on Linux, but the only "distro" using it is ChromeOS as far |
8 |
as I'm aware (granted, there are probably more Chromebooks in desktop |
9 |
use these days than all the other distros combined). On Windows this |
10 |
is how just about everybody does it. |
11 |
|
12 |
This is far more convenient as it does not require a password when |
13 |
booting. If you don't trust the person who will be using the machine |
14 |
it is more secure against attacks by the legitimate user (typically in |
15 |
these situations the computer is owned by a corporation, not the |
16 |
end-user). |
17 |
|
18 |
On the other hand, if somebody steals your laptop they can boot it |
19 |
without issue. Then if they have some way to exploit the running OS |
20 |
they can get at the contents of the drive (though the home directory |
21 |
could still be encrypted using the user's password on top of full-disk |
22 |
encryption). |
23 |
|
24 |
For attacks by anybody other than the NSA using the TPM is potentially |
25 |
a lot more secure. Instead of depending on a bunch of rounds of |
26 |
crypto to prevent brute-forcing of a simple password you are depending |
27 |
on the security of the TPM. The TPM can be told to forget the key |
28 |
after a certain number of failed attempts to get at it. If you're |
29 |
worried about the NSA it seems likely that your TPM has a back door |
30 |
for them, but my sense is that if the NSA is THAT determined to get |
31 |
your data there really isn't anything you're going to be able to do |
32 |
about it. |
33 |
|
34 |
Rich |