LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 05-24-2011, 08:26 AM   #1
ysatxh
LQ Newbie
 
Registered: May 2011
Posts: 5

Rep: Reputation: Disabled
Trying to understand Trusted Computing? TPM module ..


My goal is to eventually implement TPM in my linux machine, and be able to have a spot on the hard disk that is encrypted.

So far I am working with TPM on windows, it was more straight forward to install so i am trying to figure it out on this platform first.

I understand key wrapping, sealing/unsealing, what i don't understand is when i initialize the TPM, what does that do for me? i know bit locker will work with TPM and give you more functionality, but what does it do when i initialize it?

so far my thought is that TPM does nothing, and you have to write programs that communicate with it to do the encryption you want. is this correct? or when I initialize the TPM, is there some way i can encrypt a folder with files in it right away?

any random input is appreciated.
 
Old 05-24-2011, 11:42 AM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
Trusted Computing has been discussed here in LQ-Sec a few times in the past at length. My first suggestion would be to search for the term in this forum as the existing posts will provide you with a lot of information, especially in regards to what trusted computing is and isn't. Wikipedia also has a pretty good article on the subject, last time I checked.

Quote:
or when I initialize the TPM, is there some way i can encrypt a folder with files in it right away?
This sounds more like file/folder encryption where the drive volume is encrypted than trusted computing. Perhaps you could clarify what you are trying to do?
 
Old 05-24-2011, 12:26 PM   #3
ysatxh
LQ Newbie
 
Registered: May 2011
Posts: 5

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Noway2 View Post
Trusted Computing has been discussed here in LQ-Sec a few times in the past at length. My first suggestion would be to search for the term in this forum as the existing posts will provide you with a lot of information, especially in regards to what trusted computing is and isn't. Wikipedia also has a pretty good article on the subject, last time I checked.


This sounds more like file/folder encryption where the drive volume is encrypted than trusted computing. Perhaps you could clarify what you are trying to do?
Thanks for the response Noway2,

I have searched and have been reading articles online for the past week, I still just don't get it, which is why i resorted to my post.

Basically, I enable/initiate TPM. what did i just do? nothing changes on the computer, I can still pull the hard drive out and look at files from a different PC. I don't understand what it is supposed to do, and am assuming it only works in conjunction with other software that has access to it?

The windows help just tells you how to initiate it, how to change ownership password, et cetera. the same with Wiki and everything else online, it's so vague and there are no real world examples, except for bitlocker. Bitlocker is useful, but now i am trying to figure out what the equivelent is in linux, I know trousers will let me manage the TPM module, but i just want to encrypt the hard drive so i cannot take files off of it.

also I read you could seal data by taking note of what hardware/software packages are on the OS, and if they change (ie someone puts a different video card in your system or malacious software) it won't let you view the files. Does TPM do this? how does it do this?
 
Old 05-24-2011, 03:18 PM   #4
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
The main concept that I see behind trusted computing is that it takes code signing and encryption to a new level. In TC, the hardware contains the private key and will only execute code that has been signed with the public key, the private key is used to effectively decrypt it. On the positive side, TC could go a long way towards ensuring that only valid software is run on a system and that it hasn't been altered, say by malware for example. On the negative side, it could be used to lock out all but certain proprietary vendors, think Apple's app store for example. If this is the sort of thing you are after, I believe that some vendors have made hardware to support this function, however, it is pretty uncommon.

A much more practical situation, at least with today's standards is to encrypt your hard drive. This can be done several ways and is widely supported in Linux today. Some methods such as dm-crypt and other non free tools such as true crypt. Of course this doesn't protect or prevent the alteration of software.
 
Old 05-24-2011, 03:56 PM   #5
ysatxh
LQ Newbie
 
Registered: May 2011
Posts: 5

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Noway2 View Post
The main concept that I see behind trusted computing is that it takes code signing and encryption to a new level. In TC, the hardware contains the private key and will only execute code that has been signed with the public key, the private key is used to effectively decrypt it. On the positive side, TC could go a long way towards ensuring that only valid software is run on a system and that it hasn't been altered, say by malware for example. On the negative side, it could be used to lock out all but certain proprietary vendors, think Apple's app store for example. If this is the sort of thing you are after, I believe that some vendors have made hardware to support this function, however, it is pretty uncommon.

A much more practical situation, at least with today's standards is to encrypt your hard drive. This can be done several ways and is widely supported in Linux today. Some methods such as dm-crypt and other non free tools such as true crypt. Of course this doesn't protect or prevent the alteration of software.
There are lots of good encryption alternatives, bitlocker (windows) can be used without TPM, and does an awesome job if someone steals your hard drive. TrueCrypt is similar for Linux. I think encrypted hard drives are probably the best, since there is little software interference; But I like the idea of sealing. I have read all of the Trusted computing propoganda, and agree that it could eventually be scary for the consumer; however i have a motherboard with TPM built in at work and am trying to figure out what all i can do with it. All of the write ups online just tell you how to install it, not really any examples.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Linux and the Trusted Platform Module (TPM) LXer Syndicated Linux News 1 09-28-2009 03:00 PM
Trusted Computing shotokan General 13 01-27-2007 06:14 AM
Trusted Computing Platform: Here it is folks mrapathy General 22 12-07-2006 08:41 PM
Trusted Computing, Linux and the Internet pentalive General 7 07-17-2005 11:53 AM
trusted computing tincat2 General 13 12-06-2003 05:15 AM


All times are GMT -5. The time now is 03:47 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration