27
Question About TPM Autodecrypt
(mander.xyz)
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
The data on disk doesn't get decrypted at any time. Even if they boot it, they would still need to log in somehow.
There are attacks through DMA or extracting the decryption key from RAM, but those are not going to happen by a casual laptop thief.
...or extracting the decryption key from RAM.
Moral of the story:
Always shutdown the computer when you are not using it, kids.
I see your decryption key extraction and offer you a 5 dollar wrench.
The wrench also comes with DMA (direct mechanical assault), RDMA (remote direct mechanical assault via throwing), and DDIO (deals damage if opposing) capabilities. It's a real NSA bargain!
But if the key is fully wrench-safe inside the TPM. You do not know it, you can not get convinced to give it up -- even after repeated wrench use.
Of course the recovery key that typically goes with it and you logging password is not wrench safe, so that does not protect the system fully, while getting you a matching set of broken kneecaps.
Pretty sure the NSA doesn't want the recovery key, they want the information the recovery key is protecting.
It's ok that you don't know it, just log into your computer please and we'll take care of setting a new key. Or you can have a conversation with Mr Wrench again.