John M. Harris Jr wrote:
> To clarify a bit, the most common method of extracting a key from a TPM
> has been to simply desolder the TPM from the system and solder it onto
> another system. This works with the popular implementations.
Surely that is not a process that you want to advertise to end users!
I stay by what I wrote: a TPM, or anything with the same security model, is
not an acceptable place for a LUKS key token. Either use a plain keyfile on
a removable USB mass storage stick, or if that does not provide acceptable
security in your setup, find another solution (such as a passphrase).
Kevin Kofler
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
