Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/6/19 10:02 PM, John M. Harris Jr wrote:
On Friday, December 6, 2019 5:14:24 PM MST Kevin Kofler wrote:
Marius Schwarz wrote:

"Figure out intersection with current work to use the TPM to allow
booting to GDM without entering the password."

Means, if someone steals the device, he can boot a system.
And conversely, if you move the hard disk to another computer, you can no 
longer read it. And if your motherboard breaks down, instant data loss.

In addition, I do not trust the TPM or any other Treacherous Computing 
component.

If you want to rely on a hardware key, it should at least be on a removable
 USB token (a keyfile on a plain mass-storage USB stick is enough!), not
hard-wired into the computer like the TPM.
Agreed. What many people don't realize is that a TPM isn't some special 
security device. It's essentially a specialized storage device, that only 
stores keys, with a few extensions to use those keys. On many vendors, the TPM 
includes a key that CANNOT BE REMOVED, which belongs to Microsoft or an OEM.

I don't see why TPM is seen in such a bad light, as it is just a security tool that, in its current implementation, does not prevent third-party software like Linux. It has a potential to do that, but, like any other tool, can also be used beneficially.

Perhaps people don't have a problem with the TPM concept, but simply mistrust black-box TPM implementations?

i am sorry if all this is obvious to everyone, but this is how I understand TPM tech. I don't see a problem with the technology as described here:

1) TPM is a secure key storage device, designed to release keys only under very well specified condition, to prevent stealing of keys via physical access/removal of components. For TPM to make sense, it has to also secure the boot process, to prevent injection into the boot process after the keys are released to the OS; the OS has to boot without interruption all the way to the user authentication prompt.

2) TPM is supposed to store multiple keys, and allow adding new keys, as well as revoke them. I don't know if the OEM key is exempt from revocation on a typical TPM---I didn't think so but I could also see that they would prevent revocation for the OEM key, to prevent accidental revocation from bricking the system.

3) Multiple keys allow creating backup keys, preventing the data loss scenario Kevin is worried about. Of course this assumes that the UX for creating backup keys exists, and that people actually do that---but it's possible in principle.

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux