On Sun, Nov 30, 2014 at 4:41 AM, Mick <michaelkintz...@gmail.com> wrote: > > OK, but as I understand it although I can set up a passhphrase for the private > key stored by the current oligopoly of manufacturers in a TPM, I can't extract > it from the TPM. Would this mean that I will have no means of decrypting my > drive, if I lose the TPM hardware module (e.g. due to hardware failure, fire, > theft, etc.)? Access to my data will then become conditional on my having > access to this unique TPM piece of silicon and its manufacturer's installed > key, besides any private key passwd that I would have set up.
I'm not an expert on TPM, but I suspect you could generate the key outside the TPM, save a copy somewhere safe, and then load the key into the TPM and secure it. > > Hmm ... I wonder if dm-crypt, LUKS and friends are a better way to achieve > data protection for Linux users, without using some manufacturer's suspect > certification credentials. Encrypting a hard drive does not require trusting any key/certificate issued by a manufacturer. The advantage of using a TPM is that you can secure the drive without requiring a boot-time key to unlock the drive. This would be particularly useful if the system runs daemons that you might want to have run without anybody logging in. Also, using LUKS/etc requires a manually-entered key which will always be limited in entropy (mitigated using multiple rounds typically). The TPM is most useful in corporate environments though, since it doesn't require the PC owner to trust the PC user to not lose the key/etc. The whole point of the TPM is to reduce the risk of somebody who has physical possession of a machine compromising its security. In the corporate environment, the system owner often doesn't have physical control over the machine, and doesn't want to tell the user the encryption key which they can then proceed to write on a post-it stuck to the laptop. Those concerns apply just as much to a linux desktop as a windows one. Sadly, only ChromeOS really seems to take advantage of these capabilities in the linux desktop world. The whole Trusted Computing thing tends to turn off a lot of the linux community, much like UEFI is associated with thinks like unrootable devices. However, when used PROPERLY they're great tools. It is wrong for a device manufacturer to prevent a device owner from rooting a device they own. On the other hand, it is a great feature for a device owner to be able to prevent somebody who steals the device from being able to root it, or to block malware. The key is to keep control in the hands of the legitimate owner. -- Rich