@quixoticgeek But why? TPM backed FDE is pretty nice, and much more gnarly to set up by hand.

@dequbed snap is fucking awful.

And tying fde to Tpm means if your device fails you can't take the disk out, and put it in another device and access your data. Also the fact people seem to see TPM as a way of avoiding a password. Means that if you have the device you can just boot up and it decrypts.

@quixoticgeek It's still LUKS, isn't it? So you can still have a backup passphrase and I would assume the Ubuntu installer will default to making you add one.
And yes, TPM *is* a way to avoid a password and still do FDE, that's the upside of it. I seem to miss your point there?

@dequbed so with A TPM and FDE with no passphrase if I turn on the device it auto decrypts yes? With out any user input. Meaning I could decrypt your device just by turning it on ?

@quixoticgeek I mean yes, but FDE is only meant to protect you against offline attacks, i.e. if somebody steals or clones your hard drive they can't just edit your /etc/shadow and log in. That's still the case.

@dequbed yes. But if someone steals your device and the Tpm decrypts it automatically. That's not really much use. It's only encrypted at rest.

@quixoticgeek I mean if you steal my laptop you can turn it on and get to my login prompt. And then? That's not much help unless you also happen to be able to exploit sddm in a way that circumvents systemd-logind

@quixoticgeek And most importantly, that's the same situation as if you'd steal my laptop while it's turned on but locked. Which is IMHO much more likely ^^

@dequbed most likely is the device is left on a train... or it's stolen when off. The device isn't left powered on unattended

@quixoticgeek Hmm, sure. But then, again, you can only get as far as the login prompt. That's still really good, and if properly configured almost as safe as a password-based FDE is against almost all attack vectors (and theoretically better against some other ones)

@dequbed or any open network ports... or sniff the key off the SPI Comms to the Tpm...

@quixoticgeek Sniffing the TPM key is a valid attack vector for old TPMs, but takes a rather sophisticated/determined attacker and is also entirely prevented by parameter encryption as TPM 2.0 provides. And an open network port isn't automatically an exploitable program behind it, e.g. up-to-date OpenSSH is pretty hard to break ^^

Follow

@dequbed or I could just use a passphrase for my disk encryption... sure I have to type it in every time I boot. But shit happens. Right now I have to type two passphrases to boot my laptop, then another password to login.

@quixoticgeek Oh yes, none of this is an advice for you specifically, I'm sorry if it read as that! If you want to use passphrase-based FDE absolutely more power to you. It just sounded like you had a problem with Ubuntu adding the option of a TPM-backed FDE into it's installer and I wanted to know what your issues with it were in that case ^^

Sign in to participate in the conversation
(void *) social site

(void*)