On Sunday, December 16, 2018 at 1:03:45 PM UTC-5, Brendan Hoar wrote:
> On Sunday, December 16, 2018 at 10:44:07 AM UTC-5, Eric Duncan wrote:
> > AES hardware acceleration happens in your CPU, FYI. And usually the more
> > higher end ones.
>
> I would wager that any CPU that meets the Qubes R4 re
On Sunday, December 16, 2018 at 10:44:07 AM UTC-5, Eric Duncan wrote:
> AES hardware acceleration happens in your CPU, FYI. And usually the more
> higher end ones.
I would wager that any CPU that meets the Qubes R4 requirements (e.g. Intel
VT-d + EPT or similar AMD features) assuredly implements
TPM is basically is just a key/value storage on a chip on your motherboard. The
idea is that Secure Boot's certificate is used to gain access to the TPM to
pull out the stored keys. Then the keys are used as the key to unlock your
encrypted partition.
TPM is not used by Qubes by default.
The
On Fri, Dec 14, 2018 at 10:00:44PM -0800, John Smiley wrote:
> So Xen just sets up LUKS without the TPM even if it’s there?
>
*Fedora* sets up luks on install. Presence of TPM is irrelevant.
If you want to use TPM+luks you can do so, but not on install by
default.
--
You received this message b
Am Samstag, 15. Dezember 2018 08:22:09 UTC+1 schrieb John Smiley:
> I thought that the TPM provided hardware accelerated block encryption ciphers
> in addition to key storage. The Wikipedia page for TPM certainly makes it
> sound that way but I can find nothing indicating that LUKS uses those
>
I thought that the TPM provided hardware accelerated block encryption ciphers
in addition to key storage. The Wikipedia page for TPM certainly makes it sound
that way but I can find nothing indicating that LUKS uses those capabilities
when present.
--
You received this message because you ar
On 12/15/18 8:00 AM, John Smiley wrote:
So Xen just sets up LUKS without the TPM even if it’s there?
XEN has nothing to do with LUKS, volume unlocking is done by the ramdisk
(eg. initramfs-4.14.[...].img).
You'll have to tweak the ramdisk if you want to unlock your luks volume
with TPM. Th
So Xen just sets up LUKS without the TPM even if it’s there?
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to
On Thu, Dec 13, 2018 at 11:09:56PM -0800, John Smiley wrote:
> >From the docs:
> TPM with proper BIOS support (required for Anti Evil Maid)
>
> Is that it?
>
> Qubes does not use the TPM for disk encryption?
No, it's standard luks.
If you want to have luks+TPM you could set this up, but it isnt
>From the docs:
TPM with proper BIOS support (required for Anti Evil Maid)
Is that it?
Qubes does not use the TPM for disk encryption?
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from
10 matches
Mail list logo