On 11/14/2013 11:13 AM, Thomas Habets wrote: > > But they are migratable. I can delete the on-disk key "backups" to try > to prevent migration, but they have been stored on disk, so the TPM > chip is no longer the sole keeper of secrets (or can be convinced to > give up the keys). Deleting files on disk is hard. Especially with > SSDs because of wear leveling.
Remember that the TPM is a key cache, not a key store. You have to load it from disk to TPM before you use it. If you delete the key on disk, it's gone. ------------------------------------------------------------------------------ DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access Free app hosting. Or install the open source package on any LAMP server. Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native! http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
