this post was submitted on 19 Feb 2024
33 points (97.1% liked)

Linux

48328 readers
641 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] Asudox@lemmy.world 5 points 9 months ago* (last edited 9 months ago) (1 children)

TPM isn't an encryption algorithm. TPM just holds the decryption key (in my case the LUKS decryption key) and hands it to the CPU if all checks pass for convenience. No key is stored in the storage in plaintext. TPM isn't the most secure thing but at least its better than nothing at all.

[–] vexikron@lemmy.zip -5 points 9 months ago (3 children)

Sure but you dont need to use TPM at all to use LUKS.

You can store the encryption key on the harddrive, in the LUKS partition layer.

Like thats the default of how LUKS works.

Im really confused why people think TPM needs to be involved in anyway when using LUKS.

Generally speaking you have to go out of your way to correctly cajole TPM v1 or v2 to actually correctly interface with LUKS.

[–] greybeard@lemmy.one 8 points 9 months ago (1 children)

The point is to have the system automatically unlock without the need for a boot password. This provides decent security if secure boot is enabled, but requires very little from the user. It isn't a stopper for high threats, but a simple theft will mean the data is safe. It also ensures that if the drive is separated from the host machine, it is useless without a copy of they key. It doesn't stop all threats, but stops a lot of them, and all of the most common.

[–] Bitrot@lemmy.sdf.org 5 points 9 months ago* (last edited 9 months ago) (1 children)

Nobody thinks it needs to be involved. They want it involved so the drive is automatically unlocked at boot, but inaccessible if someone removes it from the machine to try and bypass login (and in the future, if someone tries tampering). Especially useful in machines you want useable without being physically present.

It’s not cajoling anything, it’s a built in feature you configure, although Ubuntu currently goes out of their way to remove the support from some tools.

[–] kn33@lemmy.world 5 points 9 months ago (1 children)

Im really confused why people think TPM needs to be involved in anyway when using LUKS.

Because it's convenient

[–] vexikron@lemmy.zip -5 points 9 months ago (2 children)

Its not though, it requires a ton of extra work to set up, isn't necessary, doesn't allow you to do anything you can't do without it.

[–] Bitrot@lemmy.sdf.org 4 points 9 months ago* (last edited 9 months ago)

You didn’t even know what it was how exactly do you know how much work it is to implement? Its about to be built into the Ubuntu installer.

[–] kn33@lemmy.world 3 points 9 months ago (1 children)

doesn't allow you to do anything you can't do without it.

That's false. It allows you to not need a password to unlock the volume at boot.

[–] Bitrot@lemmy.sdf.org 2 points 9 months ago

They correctly point out elsewhere that you could just store the unlock on an unencrypted portion of drive itself.

Yes, I know.