I wondered why LUUUUKS didnt use the TPM, why do i have to put my password in… this is absolutely why.
fmstrat@lemmy.nowsci.com 9 months ago
Say it with me now: LUUUUUKS
HelloHotel@lemm.ee 9 months ago
cooopsspace@infosec.pub 9 months ago
Also yes you can, I wouldn’t recommend it though.
mlaga97@lemmy.mlaga97.space 9 months ago
What exactly is the point of full disk encryption if the system auto-unlocks on boot?
rambling_lunatic@sh.itjust.works 9 months ago
Protection against tampering, maybe?
Bad excuse, but that is the logic I’ve heard.
baseless_discourse@mander.xyz 9 months ago
LUKS is still vulnerable to this attack if you enable autodecrypt using TPM.
This attack is based on the vulnerability that the CPU and TPM communicates uses plain text. This attack is not new:
dolosgroup.io/…/from-stolen-laptop-to-inside-the-…
And apparently Linux is not doing too hot on this regard either:
secura.com/…/tpm-sniffing-attacks-against-non-bit…
phoenixz@lemmy.ca 9 months ago
Because of course
Eufalconimorph@discuss.tchncs.de 9 months ago
CPU doesn’t have any secure storage, so it can’t encrypt or authenticate comms to the TPM. The on-CPU fTPMs are the solution, the CPU then has the secure storage.
baseless_discourse@mander.xyz 9 months ago
That make sense, CPU has no place to store private keys, since that is the functionality of TPM…
Unless there is a firmware solution, which defeats the purpose of a standalone tpm.