1 |
On Sunday 30 Nov 2014 03:21:16 Rich Freeman wrote: |
2 |
> On Sat, Nov 29, 2014 at 6:44 PM, Mick <michaelkintzios@×××××.com> wrote: |
3 |
|
4 |
Thanks Rich, |
5 |
|
6 |
> > Also, what happens if the TPM chip, or the whole MoBo blows up? Will I |
7 |
> > ever be able to access my data using another PC? |
8 |
> |
9 |
> Only if you encrypted it. A TPM chip doesn't do much more than except |
10 |
> store and retrieve data, and digitally sign things. It just tends to |
11 |
> be used in a way that greatly limits the ability of arbitrary |
12 |
> processes to access the data stored on the chip. |
13 |
> |
14 |
> With Linux you're basically completely in control. You choose to |
15 |
> encrypt your drive and store the key in the TPM, and you instruct the |
16 |
> TPM to only hand it over under the conditions you specify, such as a |
17 |
> particular bootloader, kernel, and initramfs (or something like that - |
18 |
> I've never implemented it myself). If somebody tries to boot your |
19 |
> system with some other kernel/bootloader/initramfs then the TPM will |
20 |
> not have the valid signature chain and it will refuse to divulge your |
21 |
> full-disk encryption key. I imagine that you could generate the key |
22 |
> outside the TPM and keep a copy of it somewhere and load it into the |
23 |
> TPM, so that if you mess up you can just mount it manually. |
24 |
|
25 |
OK, but as I understand it although I can set up a passhphrase for the private |
26 |
key stored by the current oligopoly of manufacturers in a TPM, I can't extract |
27 |
it from the TPM. Would this mean that I will have no means of decrypting my |
28 |
drive, if I lose the TPM hardware module (e.g. due to hardware failure, fire, |
29 |
theft, etc.)? Access to my data will then become conditional on my having |
30 |
access to this unique TPM piece of silicon and its manufacturer's installed |
31 |
key, besides any private key passwd that I would have set up. |
32 |
|
33 |
Have I got this wrong, or is it that the TPM private key is merely the CA root |
34 |
certificate's key and I won't need this, unless I am creating/revoking user |
35 |
keys? Is there a way of using the user key separately and offline (on |
36 |
different hardware) without verification by the CA root certificate? |
37 |
|
38 |
Hmm ... I wonder if dm-crypt, LUKS and friends are a better way to achieve |
39 |
data protection for Linux users, without using some manufacturer's suspect |
40 |
certification credentials. I guess as long as I don't *have* to use Trusted |
41 |
Computing™, I won't care too much if it is on the MoBo. |
42 |
|
43 |
-- |
44 |
Regards, |
45 |
Mick |