On Sunday 30 Nov 2014 03:21:16 Rich Freeman wrote: > On Sat, Nov 29, 2014 at 6:44 PM, Mick <michaelkintz...@gmail.com> wrote:
Thanks Rich, > > Also, what happens if the TPM chip, or the whole MoBo blows up? Will I > > ever be able to access my data using another PC? > > Only if you encrypted it. A TPM chip doesn't do much more than except > store and retrieve data, and digitally sign things. It just tends to > be used in a way that greatly limits the ability of arbitrary > processes to access the data stored on the chip. > > With Linux you're basically completely in control. You choose to > encrypt your drive and store the key in the TPM, and you instruct the > TPM to only hand it over under the conditions you specify, such as a > particular bootloader, kernel, and initramfs (or something like that - > I've never implemented it myself). If somebody tries to boot your > system with some other kernel/bootloader/initramfs then the TPM will > not have the valid signature chain and it will refuse to divulge your > full-disk encryption key. I imagine that you could generate the key > outside the TPM and keep a copy of it somewhere and load it into the > TPM, so that if you mess up you can just mount it manually. OK, but as I understand it although I can set up a passhphrase for the private key stored by the current oligopoly of manufacturers in a TPM, I can't extract it from the TPM. Would this mean that I will have no means of decrypting my drive, if I lose the TPM hardware module (e.g. due to hardware failure, fire, theft, etc.)? Access to my data will then become conditional on my having access to this unique TPM piece of silicon and its manufacturer's installed key, besides any private key passwd that I would have set up. Have I got this wrong, or is it that the TPM private key is merely the CA root certificate's key and I won't need this, unless I am creating/revoking user keys? Is there a way of using the user key separately and offline (on different hardware) without verification by the CA root certificate? Hmm ... I wonder if dm-crypt, LUKS and friends are a better way to achieve data protection for Linux users, without using some manufacturer's suspect certification credentials. I guess as long as I don't *have* to use Trusted Computing™, I won't care too much if it is on the MoBo. -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.