Announcement

Collapse
No announcement yet.

Linux 6.10 Adding TPM Bus Encryption & Integrity Protection

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Linux 6.10 Adding TPM Bus Encryption & Integrity Protection

    Phoronix: Linux 6.10 Adding TPM Bus Encryption & Integrity Protection

    Linux 6.10 is introducing support for Trusted Platform Module (TPM2) encryption and integrity protections to prevent active/passive interposers from compromising them. This follows a recent security demonstration of TPM key recovery from Microsoft Windows BitLocker being demonstrated. TPM sniffing attacks have also been demonstrated against Linux systems too, thus the additional protections be made with Linux 6.10 to better secure TPM2 modules...

    Linux 6.10 Adding TPM Bus Encryption & Integrity Protection - Phoronix
    https://www.phoronix.com/news/Linux-610-TPM-Encrypt-Integrity
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    is this part of suse's work to bring tpm fde with btrfs snapshots?

    Comment

    • #3
      Originally posted by Jedibeeftrix View Post
      is this part of suse's work to bring tpm fde with btrfs snapshots?
      Sorry have you got some pointers about that? I don't understand what you mean. Btrfs snapshots work perfectly with fde as it stands today, if the encryption keys were stored in the TPM that wouldn't change anything as far as btrfs is concerned.

      Comment

      • #4
        Systemd-boot and Full Disk Encryption with TPM and FIDO2
        https://microos.opensuse.org/blog/2023-12-20-sdboot-fde/
        Systemd-boot and Full Disk Encryption in Tumbleweed and MicroOS


        pre-req's:
        systemd 256 - pcrlock
        yast - sdbootutil
        grub - bls

        Comment

        • #5
          So I assume TPMs actually supported encrypted exchange over the BUS all along and it just wasn't implemented ?

          Comment

          • #6
            Originally posted by AdelKS View Post
            So I assume TPMs actually supported encrypted exchange over the BUS all along and it just wasn't implemented ?
            Correction: BitLocker doesn't use it. systemd-cryptenroll for instance uses it for quite some time already.

            I'm not actually sure what this merge request is all about, could be a transparent parameter encryption mode.
            Last edited by brent; 11 May 2024, 08:43 AM.

            Comment

            • #7
              Originally posted by brent View Post

              Correction: BitLocker doesn't use it. systemd-cryptenroll for instance uses it for quite some time already.

              I'm not actually sure what this merge request is all about, could be a transparent parameter encryption mode.
              I think kernel-space also uses the TPM for some things.

              Comment

              • #8
                Imagine saving your password on the same device you encrypted, it's just destined to fail.

                Originally posted by EphemeralEft View Post
                I think kernel-space also uses the TPM for some things.
                I don't think so, I have TPM disabled in BIOS and everything still works as intended.

                Comment

                • #9
                  Originally posted by Anux View Post
                  I don't think so, I have TPM disabled in BIOS and everything still works as intended.
                  I’m not saying the kernel needs a TPM, but if a TPM is present then it uses it.

                  Comment

                  Previous template Next
                  Working...
                  X