Could someone explain to me exactly what this feature is? (www.phoronix.com)

submitted 4 months ago* (last edited 4 months ago) by Kalcifer@sh.itjust.works to c/cybersecurity@sh.itjust.works

6 comments fedilink hide all child comments

The article says the following:

Linux 6.10 is introducing support for Trusted Platform Module (TPM2) encryption and integrity protections to prevent active/passive interposers from compromising them. This follows a recent security demonstration of TPM key recovery from Microsoft Windows BitLocker being demonstrated. TPM sniffing attacks have also been demonstrated against Linux systems too, thus the additional protections be made with Linux 6.10 to better secure TPM2 modules.

I'm a little confused with this article. Is it talking about implementing TPM parameter encryption? If so, does this mean that the TPM bus prior to kernel v6.10 was unencrypted? Will this kernel feature still require a patch to be made to software like systemd-cryptenroll? Are the sniffing attacks that it's talking about examples of MITM attacks like this? Does windows encrypt the TPM bus?

you are viewing a single comment's thread
view the rest of the comments

[-] Kalcifer@sh.itjust.works 1 points 4 months ago

Manufacturing and boot processes have to be modified to make sure nothing leaks out and everything stays put.

Meaning that software like systemd-crytpenroll would need to be updated to support this? I suppose what I'm trying to ask is this: As a user, if I want to set up full disk encryption using a TPM (1.2 or 2.0?) module, would I need to do anything different/novel during installation if I wanted to ensure that the bus is encrypted? And, if so, what would I need to do?

this post was submitted on 30 May 2024

19 points (100.0% liked)

Cybersecurity

5502 readers

198 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social