Linux & TPMs

  Рет қаралды 1,609

All Systems Go!

All Systems Go!

Күн бұрын

Пікірлер: 9
@BrunoVernay
@BrunoVernay Жыл бұрын
Where do I store the key is a recurring question in security talks 🙂
@VicharB
@VicharB 10 ай бұрын
I kinda still find it hard to grasp the soup of TPM, SED, FDE & Bitlocker for Windows, i.e how do I do SED (Samsung 990 Pro) with hardware encryption (no loss of speed) and that of Bitlocker (enable/disable); my dream is to have hardware FDE (using SED feature&) on Linux; currently I have Elitebook with TPM 2.0 and OPAL option (which I didn't enable) in BIOS and I have just simply enabled DriveLock feature. Man its a mess/complicated!!!
@purpleidea
@purpleidea Жыл бұрын
What happens if my laptop motherboard dies, and I want to move my harddrive to a new computer? What happens if I want to use a bootable Fedora USB key to debug something on the main system? How do I unlock the disk?
@SmackMyKeyboard
@SmackMyKeyboard Жыл бұрын
You can just take the disk encryption key and store it separately in a safe place and just use that to unlock the LUKS partition. When using a Live USB you can just use that to unlock the disk and do whatever. When moving a disk to a new motherboard and a new TPM then (presumably) the initramfs would ask you for the disk encryption key and once the disk is unlocked it would have to re-enroll the key to the new TPM. This is basically what Windows Bitlocker does with it's "recovery key" which (as far as I can tell) is just the disk encryption key that is also in the TPM.
@snowwsquire
@snowwsquire 11 ай бұрын
@@SmackMyKeyboard You close to correct, however the passphrase and the key in the TPM are separate, you can actually add as many passphrases as you want
@snowwsquire
@snowwsquire 11 ай бұрын
And I have moved an Arch LUKS TPM-unlocked partition to another system and all I had to do was enter the the passphrase I setup
@purpleidea
@purpleidea Жыл бұрын
Honest question: Why should we trust our TPM's to store a secret? What proves the chip maker, U.S. government, or whoever else doesn't have a backdoor API or method to get them to give up our private key?
@2disbetter
@2disbetter Жыл бұрын
He answers this very question in the beginning of the talk I believe.
@snowwsquire
@snowwsquire 11 ай бұрын
If you don't trust the TPM you can just not enroll a key into the tpm
An Unified TPM Event Log for Linux
26:18
An Unified TPM Event Log for Linux
All Systems Go!
Рет қаралды 525
Kernel command line and UKI; systemd-stub and the ‘stubby’ alternative
25:13
Kernel command line and UKI; systemd-stub and the ‘stubby’ alternative
All Systems Go!
Рет қаралды 557
1, 2, 3, 4, 5, 6, 7, 8, 9 🙈⚽️
00:46
1, 2, 3, 4, 5, 6, 7, 8, 9 🙈⚽️
Celine Dept
Рет қаралды 85 МЛН
Trick-or-Treating in a Rush. Part 2
00:37
Trick-or-Treating in a Rush. Part 2
Daniel LaBelle
Рет қаралды 43 МЛН
ЗНАЛИ? ТОЛЬКО ОАЭ 🤫
00:13
ЗНАЛИ? ТОЛЬКО ОАЭ 🤫
Сам себе сушист
Рет қаралды 4,2 МЛН
У вас там какие таланты ?😂
00:19
У вас там какие таланты ?😂
Карина Хафизова
Рет қаралды 23 МЛН
House for sale in Rawalpindi 03003223701 #ParadisePropertyAdvisor #houseforsale #house #homeforsale
17:04
House for sale in Rawalpindi 03003223701 #ParadisePropertyAdvisor #houseforsale #house #homeforsale
Paradise Property Advisor
Рет қаралды 3,4 М.
systemd-repart: Building Discoverable Disk Images
33:01
systemd-repart: Building Discoverable Disk Images
All Systems Go!
Рет қаралды 576
"TPM based attestation - how can we use it for good?" - Matthew Garrett (LCA 2020)
42:21
"TPM based attestation - how can we use it for good?" - Matthew Garrett (LCA 2020)
linux.conf.au
Рет қаралды 22 М.
The Limits of General Purpose SDR devices
46:28
The Limits of General Purpose SDR devices
Offensive Wireless
Рет қаралды 210
Securing Embedded Linux Systems with TPM 2.0 - Philip Tricca, Intel
51:17
Securing Embedded Linux Systems with TPM 2.0 - Philip Tricca, Intel
The Linux Foundation
Рет қаралды 29 М.
systemd and TPM2 - Lennart Poettering, Microsoft
46:43
systemd and TPM2 - Lennart Poettering, Microsoft
The Linux Foundation
Рет қаралды 2,9 М.
Why Linus Torvalds doesn't use Ubuntu or Debian
2:43
Why Linus Torvalds doesn't use Ubuntu or Debian
TFiR
Рет қаралды 4,4 МЛН
The Problems with Linux No One Talks About (Featuring @RaidOwl)
47:28
The Problems with Linux No One Talks About (Featuring @RaidOwl)
Learn Linux TV
Рет қаралды 118 М.
Getting Started with the TPM2 Software Stack (TSS2) - Philip Tricca, Intel
40:17
Getting Started with the TPM2 Software Stack (TSS2) - Philip Tricca, Intel
The Linux Foundation
Рет қаралды 6 М.
A First Look At Zorin OS 17.2
16:36
A First Look At Zorin OS 17.2
DistroTube
Рет қаралды 49 М.
1, 2, 3, 4, 5, 6, 7, 8, 9 🙈⚽️
00:46
1, 2, 3, 4, 5, 6, 7, 8, 9 🙈⚽️
Celine Dept
Рет қаралды 85 МЛН