undefined | Better HN

0 pointsLiskni_si23d ago0 comments

I don't see how entering a passphrase into a compromised boot loader/kernel/initramfs is as safe as a measured boot with TPM providing the decryption key only if nothing seems to have been tampered with. Can you elaborate please?

0 comments

ajross23d ago

I said this elsewhere in the thread, but to repeat here:

Can you explain why securing the ssh keys on a host that was fully compromised like that is anything but theater? Fine, you can't get the key out. You can just run the command directly.

Again, there are use cases where TPMs provide value to authenticate specific devices. But they are not and never have been about "keeping secrets". Your secrets are trash once the device is compromised.

Liskni_siOP23d ago

Well I wasn't talking about ssh keys at all - that's where the misunderstanding comes from. I was simply trying to counter your claim that TPMs are never ever useful for individuals. They can be useful to individuals worried about having their boot tampered with.

I absolutely agree that they do zilch to protect your SSH keys. Hardware security keys that need physical confirmation of presence are much better for that use-case.

j / k navigate · click thread line to collapse