On Mon, Oct 15, 2007 at 10:23:22PM +0200, Alon Bar-Lev wrote: > This has nothing to do with TSPI... As you need passphrase to access > TSPI, right? And what do you do with this passphrase? Having a > security credentials without "something you know" somewhat make the > whole idea redundant.
TSPI seals your key to a system state, based on the PCR values of the TPM. There is no additional protection of the key (or, more accurately, of the ability to use the key) beyond the PCR values having to match. The secret key is always locked in the TPM; no matter what information is in the user's session keyring, it is useless unless the system's PCR values are set correctly. Mike
pgp7mPP512w1L.pgp
Description: PGP signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ eCryptfs-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ecryptfs-devel
