On Mon, Jun 2, 2014 at 6:06 AM, Alan McKinnon <[email protected]> wrote: > You log in (or boot up), the system asks for a password/key or whatever, > then unlocks the encryption used.
The more common approach is to not prompt for a password/key, but instead store it in the TPM using a trusted boot path. This is possible on Linux, but the only "distro" using it is ChromeOS as far as I'm aware (granted, there are probably more Chromebooks in desktop use these days than all the other distros combined). On Windows this is how just about everybody does it. This is far more convenient as it does not require a password when booting. If you don't trust the person who will be using the machine it is more secure against attacks by the legitimate user (typically in these situations the computer is owned by a corporation, not the end-user). On the other hand, if somebody steals your laptop they can boot it without issue. Then if they have some way to exploit the running OS they can get at the contents of the drive (though the home directory could still be encrypted using the user's password on top of full-disk encryption). For attacks by anybody other than the NSA using the TPM is potentially a lot more secure. Instead of depending on a bunch of rounds of crypto to prevent brute-forcing of a simple password you are depending on the security of the TPM. The TPM can be told to forget the key after a certain number of failed attempts to get at it. If you're worried about the NSA it seems likely that your TPM has a back door for them, but my sense is that if the NSA is THAT determined to get your data there really isn't anything you're going to be able to do about it. Rich
