Conversation
Jarkko Sakkinen
jarkko
Edited 6 months ago
Finally HMAC encryption for in-kernel TPM clients is going to a release! Has been hanging there for a long time.
LUKS2 and distributions starting to support it motivated me to rewrite the buffering code last Spring because that was my main turn-down in the original patch set, and then James took over and cleaned up the functionality and I reviewed it for few rounds until it was good enough.
With this and TPM2 sealed hard drive encryption there is a somewhat reasonable security model without having to type encryption password to a bootloader prompt (which is tedious). I.e. login and go.
A rare case of security feature also increasing user experience.
#linux #kernel #tpm #luks2
LUKS2 and distributions starting to support it motivated me to rewrite the buffering code last Spring because that was my main turn-down in the original patch set, and then James took over and cleaned up the functionality and I reviewed it for few rounds until it was good enough.
With this and TPM2 sealed hard drive encryption there is a somewhat reasonable security model without having to type encryption password to a bootloader prompt (which is tedious). I.e. login and go.
A rare case of security feature also increasing user experience.
#linux #kernel #tpm #luks2
0
0
5