I wondered why LUUUUKS didnt use the TPM, why do i have to put my password in… this is absolutely why.
fmstrat@lemmy.nowsci.com 1 year ago
Say it with me now: LUUUUUKS
HelloHotel@lemm.ee 1 year ago
cooopsspace@infosec.pub 1 year ago
Also yes you can, I wouldn’t recommend it though.
mlaga97@lemmy.mlaga97.space 1 year ago
What exactly is the point of full disk encryption if the system auto-unlocks on boot?
rambling_lunatic@sh.itjust.works 1 year ago
Protection against tampering, maybe?
Bad excuse, but that is the logic I’ve heard.
baseless_discourse@mander.xyz 1 year ago
LUKS is still vulnerable to this attack if you enable autodecrypt using TPM.
This attack is based on the vulnerability that the CPU and TPM communicates uses plain text. This attack is not new:
dolosgroup.io/…/from-stolen-laptop-to-inside-the-…
And apparently Linux is not doing too hot on this regard either:
secura.com/…/tpm-sniffing-attacks-against-non-bit…
phoenixz@lemmy.ca 1 year ago
Because of course
Eufalconimorph@discuss.tchncs.de 1 year ago
CPU doesn’t have any secure storage, so it can’t encrypt or authenticate comms to the TPM. The on-CPU fTPMs are the solution, the CPU then has the secure storage.
baseless_discourse@mander.xyz 1 year ago
That make sense, CPU has no place to store private keys, since that is the functionality of TPM…
Unless there is a firmware solution, which defeats the purpose of a standalone tpm.