On Tue, Nov 13, 2007 at 06:00:07PM +0100, Oliver Welter wrote: > I am currently playing with ecryptfs/tpm for a project and have two > small questions ;=) > > 1) General one - IIUC, eCryptfs uses an unique key per file and > 1) encrypts > this key with the mount-wide passphrase?
Yes (when mounted under passphrase mode). > 2) I just found the note about working TPM support on the > 2) announcement > page but nothing how to setup and where it is effective. I have not had time to write documentation for it yet, but we have a key module that can bind a wrapping key (FEKEK) to a PCR set. Relevant source code: src/utils/ecryptfs_generate_tpm_key.c src/key_mod/ecryptfs_key_mod_tspi.c Generate a FEKEK that is bound to a PCR set with the ecryptfs_generate_tpm_key utility, then mount with the tspi key module to use that key (specify the key uuid as a module parameter). Mike
pgppQjN6hJJpF.pgp
Description: PGP signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ eCryptfs-users mailing list eCryptfs-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ecryptfs-users
