@quixoticgeek But why? TPM backed FDE is pretty nice, and much more gnarly to set up by hand.

@dequbed snap is fucking awful.

And tying fde to Tpm means if your device fails you can't take the disk out, and put it in another device and access your data. Also the fact people seem to see TPM as a way of avoiding a password. Means that if you have the device you can just boot up and it decrypts.

@quixoticgeek It's still LUKS, isn't it? So you can still have a backup passphrase and I would assume the Ubuntu installer will default to making you add one.
And yes, TPM *is* a way to avoid a password and still do FDE, that's the upside of it. I seem to miss your point there?

@dequbed so with A TPM and FDE with no passphrase if I turn on the device it auto decrypts yes? With out any user input. Meaning I could decrypt your device just by turning it on ?

@quixoticgeek I mean yes, but FDE is only meant to protect you against offline attacks, i.e. if somebody steals or clones your hard drive they can't just edit your /etc/shadow and log in. That's still the case.

@dequbed yes. But if someone steals your device and the Tpm decrypts it automatically. That's not really much use. It's only encrypted at rest.

@quixoticgeek I mean if you steal my laptop you can turn it on and get to my login prompt. And then? That's not much help unless you also happen to be able to exploit sddm in a way that circumvents systemd-logind

@quixoticgeek And most importantly, that's the same situation as if you'd steal my laptop while it's turned on but locked. Which is IMHO much more likely ^^

@dequbed most likely is the device is left on a train... or it's stolen when off. The device isn't left powered on unattended

@quixoticgeek Hmm, sure. But then, again, you can only get as far as the login prompt. That's still really good, and if properly configured almost as safe as a password-based FDE is against almost all attack vectors (and theoretically better against some other ones)

@dequbed or any open network ports... or sniff the key off the SPI Comms to the Tpm...

@quixoticgeek Sniffing the TPM key is a valid attack vector for old TPMs, but takes a rather sophisticated/determined attacker and is also entirely prevented by parameter encryption as TPM 2.0 provides. And an open network port isn't automatically an exploitable program behind it, e.g. up-to-date OpenSSH is pretty hard to break ^^

@quixoticgeek To expand on the determined/sophisticated attacker part: It's very much a valid attack! But most people that use Ubuntu don't have enemies that care enough to mount that attack because the contents of our computers simply aren't *that* interesting. With a passphrase having a camera quietly recording your keyboard is also a valid attack vector, but similarly not worth the hassle for most. For those who need to be that careful you're right the default isn't enough. But it never was.

Follow

@dequbed I think passwordless FDE with keys in the TPM gives a false sense of security.

Sign in to participate in the conversation
(void *) social site

(void*)