Am Mittwoch, den 14.02.2018, 19:18 +0100 schrieb Môshe van der Sterre:
> On 02/14/2018 02:21 PM, Benjamin Drung wrote:
> > If the UEFI is as secure as storing an unencrypted file on a hard
> > drive, I am satisfied. Or do you have a better idea where to store
> > the
> > SSH keys for a diskless system that boots via network?
> I assume it would be best to use TPM for this (if your systems have
> TPM chips), it is designed for use-cases like this. Searching for
> "tpm ssh keys" gives a decent amount of results. Mostly targeted at
> user keys instead of server keys, so this might need some tinkering
> to get working.

I check our systems. They just have TPM headers, but no TPM chips
according to the user manual. The directory /sys/class/tpm/ is either
empty or not existing. Adding TPM chips to all servers is no too
expensive (to much man power required). So sadly, this is no option for

Benjamin Drung
System Developer
Debian & Ubuntu Developer

ProfitBricks GmbH
Greifswalder Str. 207
D - 10405 Berlin


Sitz der Gesellschaft: Berlin
Registergericht: Amtsgericht Charlottenburg, HRB 125506 B
Geschäftsführer: Achim Weiss, Matthias Steinberg
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to
More majordomo info at

Reply via email to