Hello, I would like to use trousers to seal (or bind) my root partition to my TPM.
I have installed trousers and tpm-tools on a Fujitsu-Siemens ST5020 Tablet-PC (which contains an Infineon 1.1 TPM hardware). I am running on Gentoo Linux with a 2.6.21-r4 kernel. At this point, some questions appeared: 1. I found ecryptfs (http://ecryptfs.sourceforge.net) to be the only Crypto-FS, that supports a TPM currently, is that true? 2. I know, that at this point ecryptfs tpm support is not working. are there any older versions which used to work? If so, please tell me the versions of ecryptfs and trousers. 3. In this tutorial (http://trousers.sourceforge.net/tpm_keyring2/quickstart.html) setting up the TPM Keyring is shown by using a KDE-Application. I don't have X installed, and perhaps someone could explain the basic ideas behind it, so i could do this on the command line. As I said, my final goal is to seal my root partition to my TPM. I already know that certain applications and the BIOS itself can create hashes for important files and hand them over to the TPM, where they are stored in PCRs. (or does the TPM calculate the hashes itself, i'm not quite sure...) Maybe at is possible to seal the encrypted partition to these PCRs. If that doesn't work, is it perhaps possible to seal the partion to a keypair generated by and stored in the TPM? I would be really glad, if someone could spare about 5 minutes explaining all that ideas behind the surface to me. Thank you very much in advance! Ralf ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ eCryptfs-users mailing list eCryptfs-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ecryptfs-users
