| 1 |
On Sun, Nov 30, 2014 at 4:41 AM, Mick <michaelkintzios@×××××.com> wrote: |
| 2 |
> |
| 3 |
> OK, but as I understand it although I can set up a passhphrase for the private |
| 4 |
> key stored by the current oligopoly of manufacturers in a TPM, I can't extract |
| 5 |
> it from the TPM. Would this mean that I will have no means of decrypting my |
| 6 |
> drive, if I lose the TPM hardware module (e.g. due to hardware failure, fire, |
| 7 |
> theft, etc.)? Access to my data will then become conditional on my having |
| 8 |
> access to this unique TPM piece of silicon and its manufacturer's installed |
| 9 |
> key, besides any private key passwd that I would have set up. |
| 10 |
|
| 11 |
I'm not an expert on TPM, but I suspect you could generate the key |
| 12 |
outside the TPM, save a copy somewhere safe, and then load the key |
| 13 |
into the TPM and secure it. |
| 14 |
|
| 15 |
> |
| 16 |
> Hmm ... I wonder if dm-crypt, LUKS and friends are a better way to achieve |
| 17 |
> data protection for Linux users, without using some manufacturer's suspect |
| 18 |
> certification credentials. |
| 19 |
|
| 20 |
Encrypting a hard drive does not require trusting any key/certificate |
| 21 |
issued by a manufacturer. |
| 22 |
|
| 23 |
The advantage of using a TPM is that you can secure the drive without |
| 24 |
requiring a boot-time key to unlock the drive. This would be |
| 25 |
particularly useful if the system runs daemons that you might want to |
| 26 |
have run without anybody logging in. Also, using LUKS/etc requires a |
| 27 |
manually-entered key which will always be limited in entropy |
| 28 |
(mitigated using multiple rounds typically). |
| 29 |
|
| 30 |
The TPM is most useful in corporate environments though, since it |
| 31 |
doesn't require the PC owner to trust the PC user to not lose the |
| 32 |
key/etc. The whole point of the TPM is to reduce the risk of somebody |
| 33 |
who has physical possession of a machine compromising its security. |
| 34 |
In the corporate environment, the system owner often doesn't have |
| 35 |
physical control over the machine, and doesn't want to tell the user |
| 36 |
the encryption key which they can then proceed to write on a post-it |
| 37 |
stuck to the laptop. Those concerns apply just as much to a linux |
| 38 |
desktop as a windows one. Sadly, only ChromeOS really seems to take |
| 39 |
advantage of these capabilities in the linux desktop world. |
| 40 |
|
| 41 |
The whole Trusted Computing thing tends to turn off a lot of the linux |
| 42 |
community, much like UEFI is associated with thinks like unrootable |
| 43 |
devices. However, when used PROPERLY they're great tools. It is |
| 44 |
wrong for a device manufacturer to prevent a device owner from rooting |
| 45 |
a device they own. On the other hand, it is a great feature for a |
| 46 |
device owner to be able to prevent somebody who steals the device from |
| 47 |
being able to root it, or to block malware. The key is to keep |
| 48 |
control in the hands of the legitimate owner. |
| 49 |
|
| 50 |
-- |
| 51 |
Rich |
Archives