this post was submitted on 29 Oct 2024
35 points (97.3% liked)

Privacy

32083 readers
370 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I honestly haven't found any good reading material other then the arch wiki which indeed vaguely outlines pros and cons, and I was wondering if the only significant advantage Is that you dont have go type your password in... Which ita a big advantage if you dont mind cold boot attacks ... Also automatic login Is handy if you dont mind privacy at all ... What do you think?

top 13 comments
sorted by: hot top controversial new old
[–] hunger 26 points 3 weeks ago (2 children)

A TPM is a very slow and dumb chip: It can hash data somebody sends to it and it can encrypt and decrypt data slowly. That's basically it. There is no privacy concern there that I can see. That chip can not read or write memory nor talk to the network.

Together with early boot code in the firmware/bootloader/initrd and later user space that chip can do quite a few cool things.

That code will use the TPM to measure data (create a hash) it loads before transfering control over and then unlock secrets only if the measurements match expected values. There is no way to extract that key on any system with different measurements (like a different computer, or even a different OS on the same computer). I find that pretty interesting and would love to use that, but most distributions do not offer that functionality yet :-(

Using the TPM to unlock the disks is just as secure as leaving the booted computer somewhere. If you trust the machine to not let random people log in, then TPM-based unlocking is fine. If you do not: Stay away.

Extracting the keys locked to an TPM is supposed to be impossible, so you do not need to worry about somebody stealing your keys. That alone makes TPMs very interesting... your own little FIDO tocken build right intomyour machine:-)

[–] [email protected] 3 points 3 weeks ago

Extracting the keys locked to an TPM is supposed to be impossible, so you do not need to worry about somebody stealing your keys.

TPM sniffing

[–] [email protected] 2 points 3 weeks ago (1 children)

Extracting the key from a TPM is actually trivial but immense time consuming.

Basically this with probably more modern chips and therefore even smaller cells. https://youtu.be/lhbSD1Jba0Q

Also sniffing is a thing since the communication between CPU und TPM is not encrypted.

[–] hunger 1 points 3 weeks ago

Yes, I should not have said "impossible": nothing is ever impossible to breach. All you can donis to make a breach more expensive to accomplish.

Those separate tpm chips are getting rare... most of the time they are build into the CPU (or firmware) nowadays. That makes sniffing harder, but probably opens other attack vectors.

Anyway: Using a TPM chip makes it more expensive to extract your keys than not using such a chip. So yoj win by using one.

[–] [email protected] 8 points 3 weeks ago (1 children)

I don't care about TPM at all on my personal systems.

[–] [email protected] 2 points 2 weeks ago

Especially if you're like me and want to be able to boot the SSD on any conputer in case of failure.

[–] [email protected] 6 points 3 weeks ago* (last edited 3 weeks ago)

I wouldn't say using TPM compromises your privacy or security. It can act as an additional layer of protection where your PC boots only when your basic settings are unaltered. You can still have FDE with password and TPM if TPM sniffing is your concern.

Still, I don't use it because I like my stuff accessible and not locked when I dual boot.

[–] [email protected] 5 points 3 weeks ago

Anti-libre hardware

[–] [email protected] 4 points 3 weeks ago

I was usimg TPM on my Arch laptop, but then I swizched to a fido device - nitrokey.

[–] [email protected] 3 points 3 weeks ago

In the context of Full Disk Encryption, to this day I don't understand why I'd use it over just typing my password at boot

[–] [email protected] 2 points 3 weeks ago

TPM is not only used by the system encryption. But no i do not use it for it. Not because of privacy, cause of security reasons.

[–] [email protected] 2 points 3 weeks ago

Together with secure boot and your own signing keys, it could be a good way to en/decrypt the a dm-verity secured read-only rootfs. But for the home partition I would probably still want to enter my own decryption key, maybe via systemd-homed. From there you can update the kernel/initramfs and read-only rootfs image and sign them for the next boot.

This is complicated to set up. Otherwise maybe use TPM as a 2FA, so you still have to enter a pin?

[–] [email protected] 1 points 3 weeks ago* (last edited 3 weeks ago)

Would like to, but never figured out how to get the TPM 1.2 chip in my X230 to work with cryptsetup. Everything seems to be written for TPM 2.0 only.