On Sunday 30 Nov 2014 03:21:16 Rich Freeman wrote:
> On Sat, Nov 29, 2014 at 6:44 PM, Mick <michaelkintz...@gmail.com> wrote:

Thanks Rich, 

> > Also, what happens if the TPM chip, or the whole MoBo blows up?  Will I
> > ever be able to access my data using another PC?
> 
> Only if you encrypted it.  A TPM chip doesn't do much more than except
> store and retrieve data, and digitally sign things.  It just tends to
> be used in a way that greatly limits the ability of arbitrary
> processes to access the data stored on the chip.
> 
> With Linux you're basically completely in control.  You choose to
> encrypt your drive and store the key in the TPM, and you instruct the
> TPM to only hand it over under the conditions you specify, such as a
> particular bootloader, kernel, and initramfs (or something like that -
> I've never implemented it myself).  If somebody tries to boot your
> system with some other kernel/bootloader/initramfs then the TPM will
> not have the valid signature chain and it will refuse to divulge your
> full-disk encryption key.  I imagine that you could generate the key
> outside the TPM and keep a copy of it somewhere and load it into the
> TPM, so that if you mess up you can just mount it manually.

OK, but as I understand it although I can set up a passhphrase for the private 
key stored by the current oligopoly of manufacturers in a TPM, I can't extract 
it from the TPM. Would this mean that I will have no means of decrypting my 
drive, if I lose the TPM hardware module (e.g. due to hardware failure, fire, 
theft, etc.)?  Access to my data will then become conditional on my having 
access to this unique TPM piece of silicon and its manufacturer's installed 
key, besides any private key passwd that I would have set up.

Have I got this wrong, or is it that the TPM private key is merely the CA root 
certificate's key and I won't need this, unless I am creating/revoking user 
keys?  Is there a way of using the user key separately and offline (on 
different hardware) without verification by the CA root certificate?

Hmm ... I wonder if dm-crypt, LUKS and friends are a better way to achieve 
data protection for Linux users, without using some manufacturer's suspect 
certification credentials.  I guess as long as I don't *have* to use Trusted 
Computing™, I won't care too much if it is on the MoBo.

-- 
Regards,
Mick

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply via email to