Linux & TPMs

Поделиться
HTML-код
  • Опубликовано: 12 сен 2023
  • media.ccc.de/v/all-systems-go...
    Let's get you up to speed on Trusted Platform Modules (TPM 2.0) and Linux. Specifically, the various additions to basic Linux userspace, i.e. systemd in our goal to make measured boot a default on Linux.
    Lennart Poettering
    cfp.all-systems-go.io/all-sys...
    #asg2023
  • НаукаНаука

Комментарии • 9

  • @VicharB
    @VicharB 6 месяцев назад

    I kinda still find it hard to grasp the soup of TPM, SED, FDE & Bitlocker for Windows, i.e how do I do SED (Samsung 990 Pro) with hardware encryption (no loss of speed) and that of Bitlocker (enable/disable); my dream is to have hardware FDE (using SED feature&) on Linux; currently I have Elitebook with TPM 2.0 and OPAL option (which I didn't enable) in BIOS and I have just simply enabled DriveLock feature. Man its a mess/complicated!!!

  • @BrunoVernay
    @BrunoVernay 10 месяцев назад +1

    Where do I store the key is a recurring question in security talks 🙂

  • @purpleidea
    @purpleidea 10 месяцев назад

    What happens if my laptop motherboard dies, and I want to move my harddrive to a new computer? What happens if I want to use a bootable Fedora USB key to debug something on the main system? How do I unlock the disk?

    • @SmackMyKeyboard
      @SmackMyKeyboard 10 месяцев назад +4

      You can just take the disk encryption key and store it separately in a safe place and just use that to unlock the LUKS partition. When using a Live USB you can just use that to unlock the disk and do whatever. When moving a disk to a new motherboard and a new TPM then (presumably) the initramfs would ask you for the disk encryption key and once the disk is unlocked it would have to re-enroll the key to the new TPM. This is basically what Windows Bitlocker does with it's "recovery key" which (as far as I can tell) is just the disk encryption key that is also in the TPM.

    • @snowwsquire
      @snowwsquire 8 месяцев назад

      @@SmackMyKeyboard You close to correct, however the passphrase and the key in the TPM are separate, you can actually add as many passphrases as you want

    • @snowwsquire
      @snowwsquire 8 месяцев назад +1

      And I have moved an Arch LUKS TPM-unlocked partition to another system and all I had to do was enter the the passphrase I setup

  • @purpleidea
    @purpleidea 10 месяцев назад +1

    Honest question:
    Why should we trust our TPM's to store a secret? What proves the chip maker, U.S. government, or whoever else doesn't have a backdoor API or method to get them to give up our private key?

    • @2disbetter
      @2disbetter 10 месяцев назад +1

      He answers this very question in the beginning of the talk I believe.

    • @snowwsquire
      @snowwsquire 8 месяцев назад

      If you don't trust the TPM you can just not enroll a key into the tpm

Следующие
Автовоспроизведение
An Unified TPM Event Log for Linux26:18An Unified TPM Event Log for Linux
An Unified TPM Event Log for LinuxAll Systems Go!
Просмотров 454
Kernel command line and UKI; systemd-stub and the ‘stubby’ alternative25:13Kernel command line and UKI; systemd-stub and the ‘stubby’ alternative
Kernel command line and UKI; systemd-stub and the ‘stubby’ alternativeAll Systems Go!
Просмотров 460
mkosi: Building Bespoke Operating System Images36:15mkosi: Building Bespoke Operating System Images
mkosi: Building Bespoke Operating System ImagesAll Systems Go!
Просмотров 1,2 тыс.
TEKKEN 8 - Heihachi Mishima Trailer02:47TEKKEN 8 — Heihachi Mishima Trailer
TEKKEN 8 - Heihachi Mishima TrailerBandai Namco Entertainment America
Просмотров 2 млн
Rob’s Love Island Tell All05:42Rob’s Love Island Tell All
Rob’s Love Island Tell AllCall Her Daddy
Просмотров 431 тыс.
£50 vs £1000 Race Across The Country32:04£50 vs £1000 Race Across The Country
£50 vs £1000 Race Across The CountryStephen Tries
Просмотров 814 тыс.
I'm Going To The Olympics.11:08I'm Going To The Olympics.
I'm Going To The Olympics.Jake Paul
Просмотров 944 тыс.
systemd and TPM2 - Lennart Poettering, Microsoft46:43systemd and TPM2 - Lennart Poettering, Microsoft
systemd and TPM2 - Lennart Poettering, MicrosoftThe Linux Foundation
Просмотров 2,6 тыс.
TPM (Trusted Platform Module) - Computerphile13:11TPM (Trusted Platform Module) - Computerphile
TPM (Trusted Platform Module) - ComputerphileComputerphile
Просмотров 220 тыс.
Thoughts on MicroOS, immutable distros and distrobox use cases45:12Thoughts on MicroOS, immutable distros and distrobox use cases
Thoughts on MicroOS, immutable distros and distrobox use casesLanius
Просмотров 565
Linux New User Guide: 10 Things I Wish I Knew23:31Linux New User Guide: 10 Things I Wish I Knew
Linux New User Guide: 10 Things I Wish I KnewLearn Linux TV
Просмотров 434 тыс.
Unified Kernel Images (UKIs)47:17Unified Kernel Images (UKIs)
Unified Kernel Images (UKIs)All Systems Go!
Просмотров 2,6 тыс.
antlir2: Deterministic image builds with buck223:21antlir2: Deterministic image builds with buck2
antlir2: Deterministic image builds with buck2All Systems Go!
Просмотров 730
Microsoft Azure Boost: Image-based Linux powering the Azure fleet. Wait, what? Really?! Yes!25:45Microsoft Azure Boost: Image-based Linux powering the Azure fleet. Wait, what? Really?! Yes!
Microsoft Azure Boost: Image-based Linux powering the Azure fleet. Wait, what? Really?! Yes!All Systems Go!
Просмотров 987
A/B partitioning - let's talk about the dirty RW files25:46A/B partitioning - let's talk about the dirty RW files
A/B partitioning - let's talk about the dirty RW filesAll Systems Go!
Просмотров 264
Linux from Scratch2:35:42Linux from Scratch
Linux from ScratchTitus Tech Talk
Просмотров 114 тыс.
Собираем комп за 500 000 рублей!6:44:35Собираем комп за 500 000 рублей!
Собираем комп за 500 000 рублей!SoLiD_Live
Просмотров 28 тыс.
ВАЖНО! Не проверяйте на своем iPhone после установки на экран!00:19ВАЖНО! Не проверяйте на своем iPhone после установки на экран!
ВАЖНО! Не проверяйте на своем iPhone после установки на экран!ГЛАЗУРЬ СТЕКЛО для iPhone и аксессуары OTU
Просмотров 6 млн
Невероятная находка!😱 ( @vitaskhr Подписывайтесь на него )00:39Невероятная находка!😱 ( @vitaskhr Подписывайтесь на него )
Невероятная находка!😱 ( @vitaskhr Подписывайтесь на него )EpicShortsRussia
Просмотров 59 тыс.
Удивила! Маленькая, НО мощная колонка JBL за 4500 Рублей! - JBL GO 4. Сравнение с JBL GO 323:48Удивила! Маленькая, НО мощная колонка JBL за 4500 Рублей! – JBL GO 4. Сравнение с JBL GO 3
Удивила! Маленькая, НО мощная колонка JBL за 4500 Рублей! - JBL GO 4. Сравнение с JBL GO 3РОМАНЫЧ
Просмотров 29 тыс.
Aura 879dsp новинка и хит00:48Aura 879dsp новинка и хит
Aura 879dsp новинка и хитKS Customs
Просмотров 198 тыс.
Xiaomi Band 9, что нового у топового фитнес браслета? Сравнение с Band 8.10:56Xiaomi Band 9, что нового у топового фитнес браслета? Сравнение с Band 8.
Xiaomi Band 9, что нового у топового фитнес браслета? Сравнение с Band 8.ЧайнаИнспект
Просмотров 20 тыс.
Самые крутые школьные гаджеты00:49Самые крутые школьные гаджеты
Самые крутые школьные гаджетыveloloh
Просмотров 553 тыс.
Я КУПИЛ РАСКЛАДУШКУ С ИСКУССТВЕННЫМ ИНТЕЛЛЕКТОМ!13:12Я КУПИЛ РАСКЛАДУШКУ С ИСКУССТВЕННЫМ ИНТЕЛЛЕКТОМ!
Я КУПИЛ РАСКЛАДУШКУ С ИСКУССТВЕННЫМ ИНТЕЛЛЕКТОМ!Игорь Линк
Просмотров 212 тыс.