| 1 |
On Sunday 30 Nov 2014 03:21:16 Rich Freeman wrote: |
| 2 |
> On Sat, Nov 29, 2014 at 6:44 PM, Mick <michaelkintzios@×××××.com> wrote: |
| 3 |
|
| 4 |
Thanks Rich, |
| 5 |
|
| 6 |
> > Also, what happens if the TPM chip, or the whole MoBo blows up? Will I |
| 7 |
> > ever be able to access my data using another PC? |
| 8 |
> |
| 9 |
> Only if you encrypted it. A TPM chip doesn't do much more than except |
| 10 |
> store and retrieve data, and digitally sign things. It just tends to |
| 11 |
> be used in a way that greatly limits the ability of arbitrary |
| 12 |
> processes to access the data stored on the chip. |
| 13 |
> |
| 14 |
> With Linux you're basically completely in control. You choose to |
| 15 |
> encrypt your drive and store the key in the TPM, and you instruct the |
| 16 |
> TPM to only hand it over under the conditions you specify, such as a |
| 17 |
> particular bootloader, kernel, and initramfs (or something like that - |
| 18 |
> I've never implemented it myself). If somebody tries to boot your |
| 19 |
> system with some other kernel/bootloader/initramfs then the TPM will |
| 20 |
> not have the valid signature chain and it will refuse to divulge your |
| 21 |
> full-disk encryption key. I imagine that you could generate the key |
| 22 |
> outside the TPM and keep a copy of it somewhere and load it into the |
| 23 |
> TPM, so that if you mess up you can just mount it manually. |
| 24 |
|
| 25 |
OK, but as I understand it although I can set up a passhphrase for the private |
| 26 |
key stored by the current oligopoly of manufacturers in a TPM, I can't extract |
| 27 |
it from the TPM. Would this mean that I will have no means of decrypting my |
| 28 |
drive, if I lose the TPM hardware module (e.g. due to hardware failure, fire, |
| 29 |
theft, etc.)? Access to my data will then become conditional on my having |
| 30 |
access to this unique TPM piece of silicon and its manufacturer's installed |
| 31 |
key, besides any private key passwd that I would have set up. |
| 32 |
|
| 33 |
Have I got this wrong, or is it that the TPM private key is merely the CA root |
| 34 |
certificate's key and I won't need this, unless I am creating/revoking user |
| 35 |
keys? Is there a way of using the user key separately and offline (on |
| 36 |
different hardware) without verification by the CA root certificate? |
| 37 |
|
| 38 |
Hmm ... I wonder if dm-crypt, LUKS and friends are a better way to achieve |
| 39 |
data protection for Linux users, without using some manufacturer's suspect |
| 40 |
certification credentials. I guess as long as I don't *have* to use Trusted |
| 41 |
Computing™, I won't care too much if it is on the MoBo. |
| 42 |
|
| 43 |
-- |
| 44 |
Regards, |
| 45 |
Mick |
Archives