Trusted platform module

[JonJ678]

Hey. I have one of these security chips on my motherboard, which is quite exciting. I've found tpm-tools, but it doesn't look like its been updated in quite a while.

So, has anyone experience with this? Hardware encryption of my hard drive sounds something worth playing with, but I'm not willing to move to windows to achieve this. I'm struggling to find a reasonable link about this beyond wikipedia.

The ideal would be encrypting the entire disk transparently or with boot password, then setting up a linux/windows dual boot as standard. Failing this encrypting partitions separately would also be good.

Essentially I know minimal amounts about computer security, but think I'd like to start learning a bit more. So anything you've got bookmarked on the tpm or personal experience would be great

Cheers

 

[JonJ678]

I'm aware of the option to encrypt it using the operating system. I believe everything except the boot partition can be encrypted this way, which is perfectly reasonable. Information on this is rather easier to find on Google though.

Despite the software option, I am still interested in uses for this module. I'm unlikely to bother running an encrypted drive permanently, but this doesn't stop me wanting to learn something new. You're quite right that software is the simpler option.

It also occurs that if the tpm approach encrypts the drive at a hardware level, dual boot systems would behave exactly as normal. This would be useful.

 

[JonJ678]

um,,, what happens if you mobo lets out the magic smoke? Is your data totally lost in that case?

Backups for the win

more often than not they're crying about how the fubar'd their entire FS.

If my file system goes down, not such a big deal. As long as it doesn't actually kill the drive its on, to the extent that dd with fdisk can't save it, I don't mind hiccups. Appreciate the warning though.

You do realise that TPM != hardware encryption, right?

Care to say what it can do then? It certainly looks like it can encrypt things without exposing the keys to ram, which is a good thing and would qualify as hardware encryption in my eyes. Linux support for it isn't looking brilliant at present, but there are hints dotted about that it might work.