On Tuesday, December 10, 2019 12:05:52 PM MST Przemek Klosowski via devel wrote: > On 12/10/19 1:04 PM, Kevin Kofler wrote: > > > Przemek Klosowski via devel wrote: > > > >> 3) Multiple keys allow creating backup keys, preventing the data loss > >> scenario Kevin is worried about. Of course this assumes that the UX for > >> creating backup keys exists, and that people actually do that---but it's > >> possible in principle. > > > > The backup key is useless in that scenario if you cannot export it to > > another TPM, and isn't preventing such an export the whole point of the > > TPM technology? > > > Of course, the primary private key cannot be extracted from the original > TPM. The easiest key recovery scheme would have two encrypted copies of > the media encryption keys, one encrypted with the TPM-secured key and > another encrypted with the backup/recovery key that you keep in a > separate 'enterprise' key backup system. Here's one paper describing TPM > key backup/recovery: > > https://www.infineon.com/dgdl/Infineon-TPM_Key_Backup_and_Recovery-AP-v01_00 > -EN.pdf?fileId=db3a304412b407950112b41656d7203a To clarify a bit, the most common method of extracting a key from a TPM has been to simply desolder the TPM from the system and solder it onto another system. This works with the popular implementations. -- John M. Harris, Jr. Splentity _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
