Am 14.05.21 um 08:46 schrieb Raja Saha: > Hi, > > I was reading about Debian UEFI and secure boot. If tpm isn't secured > at boot, will that make tpm less secure than key pair where user puts a > strong password?
Technically, secure boot and TPM are 2 different things. You can use secure boot without TPM. If you want to use a TPM protected gpg key, you must *not* set a TPM owner password! When you set a TPM owner password, the GnuPG command keytotpm will not work! I think this is not a big deal, because the TPM protected key has its own password when you create it. Maybe in the future we can set a TPM owner password and use GnuPG with TPM protected keys, but now you canĀ“t set a TPM password and use GnuPG with it, unfortunately. But I think, this is not a real risk. First the gpg key has its own password and second, an attacker is never able to retrieve the they key from the TPM. regards _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
