TPM isn’t an encryption algorithm.
TPM just holds the decryption key (in my case the LUKS decryption key) and hands it to the CPU if all checks pass for convenience. No key is stored in the storage in plaintext. TPM isn’t the most secure thing but at least its better than nothing at all.
The point is to have the system automatically unlock without the need for a boot password. This provides decent security if secure boot is enabled, but requires very little from the user. It isn’t a stopper for high threats, but a simple theft will mean the data is safe. It also ensures that if the drive is separated from the host machine, it is useless without a copy of they key. It doesn’t stop all threats, but stops a lot of them, and all of the most common.
Oh ok so the use case here is if this casual linux user asking this question has only their harddrive stolen from their pc or their laptop in their home or apartment or workplace, not their whole pc.
Mhm that seems likely.
I guess this maybe makes sense if youre running like a server room, but chances are low thats the actual context of this question.
Why would you run PopOS on a large operation’s servers?
While i am personally also not a huge fan of TPM for FDE it is still a valid use. Why? In order to access data on the disk you would still need to bypass the login screen which is non trivial.
Also another use case is encrypting the drive so when you sell it or dispose of it you do not need to worry about wiping it at least once to get rid of all data.
TPM has its weaknesses but pls don’t talk down to someone who wants to use it when you do not understand his use case.
It should stop issues with full device theft as well, if done correctly, because if secure boot isn’t on and working, it will refuse to give the key. Which means, if it was setup correctly, the computer cannot be accessed without know the users name and password. This is the general accepted stack for Microsoft’s BitLocker. It becomes completely transparent to the user, but puts a decent blocker to access in cases of theft. There are ways around it like freezing RAM or packet sniffing an external TPM, but those are high level attacks.
If the TPM is not integrated in the CPU and rather a separate Chip on the MB, the communication can be easily sniffed since it’s not encrypted. See here https://youtu.be/wTl4vEednkQ?si=26A0NK-cVtP3uKgk
Shown how cheap it is i would not say it is high level.
Nobody thinks it needs to be involved. They want it involved so the drive is automatically unlocked at boot, but inaccessible if someone removes it from the machine to try and bypass login (and in the future, if someone tries tampering). Especially useful in machines you want useable without being physically present.
It’s not cajoling anything, it’s a built in feature you configure, although Ubuntu currently goes out of their way to remove the support from some tools.
TPM isn’t an encryption algorithm. TPM just holds the decryption key (in my case the LUKS decryption key) and hands it to the CPU if all checks pass for convenience. No key is stored in the storage in plaintext. TPM isn’t the most secure thing but at least its better than nothing at all.
Sure but you dont need to use TPM at all to use LUKS.
You can store the encryption key on the harddrive, in the LUKS partition layer.
Like thats the default of how LUKS works.
Im really confused why people think TPM needs to be involved in anyway when using LUKS.
Generally speaking you have to go out of your way to correctly cajole TPM v1 or v2 to actually correctly interface with LUKS.
The point is to have the system automatically unlock without the need for a boot password. This provides decent security if secure boot is enabled, but requires very little from the user. It isn’t a stopper for high threats, but a simple theft will mean the data is safe. It also ensures that if the drive is separated from the host machine, it is useless without a copy of they key. It doesn’t stop all threats, but stops a lot of them, and all of the most common.
Oh ok so the use case here is if this casual linux user asking this question has only their harddrive stolen from their pc or their laptop in their home or apartment or workplace, not their whole pc.
Mhm that seems likely.
I guess this maybe makes sense if youre running like a server room, but chances are low thats the actual context of this question.
Why would you run PopOS on a large operation’s servers?
While i am personally also not a huge fan of TPM for FDE it is still a valid use. Why? In order to access data on the disk you would still need to bypass the login screen which is non trivial. Also another use case is encrypting the drive so when you sell it or dispose of it you do not need to worry about wiping it at least once to get rid of all data.
TPM has its weaknesses but pls don’t talk down to someone who wants to use it when you do not understand his use case.
It should stop issues with full device theft as well, if done correctly, because if secure boot isn’t on and working, it will refuse to give the key. Which means, if it was setup correctly, the computer cannot be accessed without know the users name and password. This is the general accepted stack for Microsoft’s BitLocker. It becomes completely transparent to the user, but puts a decent blocker to access in cases of theft. There are ways around it like freezing RAM or packet sniffing an external TPM, but those are high level attacks.
If the TPM is not integrated in the CPU and rather a separate Chip on the MB, the communication can be easily sniffed since it’s not encrypted. See here https://youtu.be/wTl4vEednkQ?si=26A0NK-cVtP3uKgk
Shown how cheap it is i would not say it is high level.
Removed by mod
Thx for your answer tho. I liked reading it.
Nobody thinks it needs to be involved. They want it involved so the drive is automatically unlocked at boot, but inaccessible if someone removes it from the machine to try and bypass login (and in the future, if someone tries tampering). Especially useful in machines you want useable without being physically present.
It’s not cajoling anything, it’s a built in feature you configure, although Ubuntu currently goes out of their way to remove the support from some tools.
Again, you dont need to use TPM to have a LUKS encrypted partition unlock automatically on boot.
You can just do this via the standard drive management included with PopOS.
What? Are you drunk? You’re saying some nonsense right there.
Leaving keys accessible from any live distro. Keys in the TPM are not.
Because it’s convenient
Its not though, it requires a ton of extra work to set up, isn’t necessary, doesn’t allow you to do anything you can’t do without it.
You didn’t even know what it was how exactly do you know how much work it is to implement? Its about to be built into the Ubuntu installer.
That’s false. It allows you to not need a password to unlock the volume at boot.
They correctly point out elsewhere that you could just store the unlock on an unencrypted portion of drive itself.
Yes, I know.