On Wed, Feb 27, 2013 at 9:30 PM, Zaolin <zaolin@xxxxxxxxxxxxx> wrote: > Hi, > > TPM support is hard.... I am working at the company which created the trusted grub, tpmmananger and tpm infineon kernel driver. > All of you guys want to use the TPM software stack named TrouSers. This idea is really bad beacause it is an incomplete and broken tss. Not sure what trousers has to do with this, but how is it broken or incomplete? We don't support the more obscure stuff like DAA, but that shouldn't affect a disk encryption solution. > There are also some known problems with Trusted Boot Systems: > > * Consistent resealing after changes with PCR pre calculation. <-- It is really big shit. Unfortunately reconstructing the event log is an app-specific thing right now, since there's no way I know of to append to the ACPI event log. tpm-luks supports trustedgrub out of the box but also allows you to support any other trust chain you'd like. > * Multi User support > * Migration, this means backup abillity. > * Key Store of TrouSers Using nvram instead of a tpm key should help work around these issues. Kent > > Regards Zaolin > > > > > > > > > > > > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
