| 1 |
On Mon, Jun 2, 2014 at 6:06 AM, Alan McKinnon <alan.mckinnon@×××××.com> wrote: |
| 2 |
> You log in (or boot up), the system asks for a password/key or whatever, |
| 3 |
> then unlocks the encryption used. |
| 4 |
|
| 5 |
The more common approach is to not prompt for a password/key, but |
| 6 |
instead store it in the TPM using a trusted boot path. This is |
| 7 |
possible on Linux, but the only "distro" using it is ChromeOS as far |
| 8 |
as I'm aware (granted, there are probably more Chromebooks in desktop |
| 9 |
use these days than all the other distros combined). On Windows this |
| 10 |
is how just about everybody does it. |
| 11 |
|
| 12 |
This is far more convenient as it does not require a password when |
| 13 |
booting. If you don't trust the person who will be using the machine |
| 14 |
it is more secure against attacks by the legitimate user (typically in |
| 15 |
these situations the computer is owned by a corporation, not the |
| 16 |
end-user). |
| 17 |
|
| 18 |
On the other hand, if somebody steals your laptop they can boot it |
| 19 |
without issue. Then if they have some way to exploit the running OS |
| 20 |
they can get at the contents of the drive (though the home directory |
| 21 |
could still be encrypted using the user's password on top of full-disk |
| 22 |
encryption). |
| 23 |
|
| 24 |
For attacks by anybody other than the NSA using the TPM is potentially |
| 25 |
a lot more secure. Instead of depending on a bunch of rounds of |
| 26 |
crypto to prevent brute-forcing of a simple password you are depending |
| 27 |
on the security of the TPM. The TPM can be told to forget the key |
| 28 |
after a certain number of failed attempts to get at it. If you're |
| 29 |
worried about the NSA it seems likely that your TPM has a back door |
| 30 |
for them, but my sense is that if the NSA is THAT determined to get |
| 31 |
your data there really isn't anything you're going to be able to do |
| 32 |
about it. |
| 33 |
|
| 34 |
Rich |
Archives