1 |
On Sun, Nov 30, 2014 at 4:41 AM, Mick <michaelkintzios@×××××.com> wrote: |
2 |
> |
3 |
> OK, but as I understand it although I can set up a passhphrase for the private |
4 |
> key stored by the current oligopoly of manufacturers in a TPM, I can't extract |
5 |
> it from the TPM. Would this mean that I will have no means of decrypting my |
6 |
> drive, if I lose the TPM hardware module (e.g. due to hardware failure, fire, |
7 |
> theft, etc.)? Access to my data will then become conditional on my having |
8 |
> access to this unique TPM piece of silicon and its manufacturer's installed |
9 |
> key, besides any private key passwd that I would have set up. |
10 |
|
11 |
I'm not an expert on TPM, but I suspect you could generate the key |
12 |
outside the TPM, save a copy somewhere safe, and then load the key |
13 |
into the TPM and secure it. |
14 |
|
15 |
> |
16 |
> Hmm ... I wonder if dm-crypt, LUKS and friends are a better way to achieve |
17 |
> data protection for Linux users, without using some manufacturer's suspect |
18 |
> certification credentials. |
19 |
|
20 |
Encrypting a hard drive does not require trusting any key/certificate |
21 |
issued by a manufacturer. |
22 |
|
23 |
The advantage of using a TPM is that you can secure the drive without |
24 |
requiring a boot-time key to unlock the drive. This would be |
25 |
particularly useful if the system runs daemons that you might want to |
26 |
have run without anybody logging in. Also, using LUKS/etc requires a |
27 |
manually-entered key which will always be limited in entropy |
28 |
(mitigated using multiple rounds typically). |
29 |
|
30 |
The TPM is most useful in corporate environments though, since it |
31 |
doesn't require the PC owner to trust the PC user to not lose the |
32 |
key/etc. The whole point of the TPM is to reduce the risk of somebody |
33 |
who has physical possession of a machine compromising its security. |
34 |
In the corporate environment, the system owner often doesn't have |
35 |
physical control over the machine, and doesn't want to tell the user |
36 |
the encryption key which they can then proceed to write on a post-it |
37 |
stuck to the laptop. Those concerns apply just as much to a linux |
38 |
desktop as a windows one. Sadly, only ChromeOS really seems to take |
39 |
advantage of these capabilities in the linux desktop world. |
40 |
|
41 |
The whole Trusted Computing thing tends to turn off a lot of the linux |
42 |
community, much like UEFI is associated with thinks like unrootable |
43 |
devices. However, when used PROPERLY they're great tools. It is |
44 |
wrong for a device manufacturer to prevent a device owner from rooting |
45 |
a device they own. On the other hand, it is a great feature for a |
46 |
device owner to be able to prevent somebody who steals the device from |
47 |
being able to root it, or to block malware. The key is to keep |
48 |
control in the hands of the legitimate owner. |
49 |
|
50 |
-- |
51 |
Rich |