>-----Original Message----- >From: Rich Freeman <ri...@gentoo.org> >Sent: Monday, March 21, 2022 11:07 AM >To: gentoo-user@lists.gentoo.org >Subject: Re: [gentoo-user] KDE, sddm etc security. Plus LVM question. > >On Mon, Mar 21, 2022 at 12:17 PM Laurence Perkins <lperk...@openeye.net> wrote: >> >> There was the ORWL project a few years ago. Self-encrypting SSD drive with >> a TPM that would unlock it only in the presence of an encrypted RFID tag >> plus tapping in a code on the keypad, with all the sensitive bits wrapped in >> an active mesh system that would destroy the data if it detected any >> tampering. > >While I can see this being useful if for some reason you don't have support >for encryption on the software side, something like this seems like it >wouldn't actually solve the unattended boot problem, since you have to enter a >PIN. If you don't require the PIN and leave the RFID tag sitting next to the >drive all the time, then anybody can walk in and take the drive and the tag >and then read the data off the drive bypassing the OS. So it offers at best >the same protection as a LUKS passphrase entered at boot, and at worst no >protection at all. It would have the advantage that you wouldn't be able to >attack the passphrase itself as no doubt the PIN only offers limited attempts >and would be very difficult to bypass. > >The advantage of the TPM in the computer is that you can do unattended >verified boot, so the disk can only be decrypted if the OS boots normally >without tampering. Obviously you're still open to OS vulnerabilities, but the >drive itself cannot be accessed except via the OS. The TPM chip can actually >supervise the boot process. > >Still an interesting product though. I could see it being useful if you had >to run some specific OS that doesn't support disk encryption natively. > >-- >Rich > >
As I recall there were several security modes related to the battery-backed arm-based TPM, (which also had source code available, so it could probably do anything you wanted.) Having it remain unlocked and capable of rebooting unless the accelerometer showed movement I think was an option since the TPM kept monitoring even if the mains power was interrupted. And there's still the standard BIOS-level passwords and secureboot stuff to keep someone from switching the OS. As long as you use your own keys and remove the Microsoft one anyway. Any attempt to open the case would disrupt the active mesh and cause it to dump the keys, so that takes care of attacking the drive itself or the system memory. Main problem was that it was just too expensive. Could put a standard computer in a safe for far less, and the group of people who need paranoid security on the move just wasn't enough to support ongoing updates to the design. Could probably do something similar these days with one of those $3 bluepill boards and one of those new 3d printers capable of embedding metal though. LMP
