On Friday, December 6, 2019 5:14:24 PM MST Kevin Kofler wrote: > Marius Schwarz wrote: > > > "Figure out intersection with current work to use the TPM to allow > > booting to GDM without entering the password." > > > > Means, if someone steals the device, he can boot a system. > > > And conversely, if you move the hard disk to another computer, you can no > longer read it. And if your motherboard breaks down, instant data loss. > > In addition, I do not trust the TPM or any other Treacherous Computing > component. > > If you want to rely on a hardware key, it should at least be on a removable > USB token (a keyfile on a plain mass-storage USB stick is enough!), not > hard-wired into the computer like the TPM.
Agreed. What many people don't realize is that a TPM isn't some special security device. It's essentially a specialized storage device, that only stores keys, with a few extensions to use those keys. On many vendors, the TPM includes a key that CANNOT BE REMOVED, which belongs to Microsoft or an OEM. -- John M. Harris, Jr. Splentity _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
