Conversation

Jarkko Sakkinen

Edited 6 months ago
#TPM integrity protection is almost there:

https://lore.kernel.org/linux-integrity/D0X00LTUCCC8.X8LKLJHZZRGP@kernel.org/#t

Those are my only remaining remarks for v8.

The idea is that HMAC pipe is used for communication derived from null seed (which changes each power cycle). If the integrity is compromised access to the TPM device will be denied.

I still need to figure out the negative testing. This series has been already tested when machine works as expected and the bus is not compromised.

Combined with TPM2 sealed hard drive encryption should be quite reasonable way to secure a system (of course nothing never is perfect).
1
6
7
I'll hold my pull request to next week as it is so near the finish line and I just got testing guidelines from @jejb (author of the patch set). It would be great timing given the work already happening on hard drive encryption side.
0
0
0