Protecting against rogue devices in openSUSE with Full Disk Encryption openSUSE have now multiple ways to configure a Full Disk Encryption (FDE) installation...
TPM unlocking FDE is complicated for me. I fully understand measured boot and support it, but it seems less secure to me than manually unlocking the disk.
Once the disk is unlocked and you’re put onto the display manager, I feel like there are many more vulnerabilities that could be exploited to gain access to your data.
With manually entering the disk password, the data is locked. You either need to brute force it or use the XKCD wrench method.
So I feel TPM+Pin is the best for security. Unfortunately Aeon, which is based on OpenSUSE and implements TPM, doesn’t support TPM+Pin. I think it’s mainly due to how poor and widespread TPM support is. It could lock you out entirely.
What makes TPM+pin safer than just having a normal LUKS password? I would think it would be the same amount of security just with more chance of data loss if your computer gets damaged
TPM is used for measured boot. Measured boot can check various parts of the system to ensure they are the expected values haven’t been tampered with. You don’t want a part of the system to be replaced with malware and not realize it.
If it detects something changed, it won’t release its secret. It may signal to you that something malicious was done or something benign that the OS updated didn’t account for.
As I understand it the TPM is for people who have physical access. It prevents them from cloning your disk.
I think with an adequately long password (or an adequately resource-intensive encryption algorithm) you can secure your disk enough to prevent unauthorized access. But the TPM would prevent them from removing your hard-drive and shunting it into a super-computer (so all password attempts wouldn’t need to be on the crummy 10-year old laptop CPU) so a TPM + password is more secure.
I’ve read the arguments and trust the people who know far more than I do about this, but… I just find it difficult to think of “unlocks automatically” as more safe than “is locked until I enter my password”. I’m open for it, but it just feels strange to me.
TPM unlocking FDE is complicated for me. I fully understand measured boot and support it, but it seems less secure to me than manually unlocking the disk.
Once the disk is unlocked and you’re put onto the display manager, I feel like there are many more vulnerabilities that could be exploited to gain access to your data.
With manually entering the disk password, the data is locked. You either need to brute force it or use the XKCD wrench method.
So I feel TPM+Pin is the best for security. Unfortunately Aeon, which is based on OpenSUSE and implements TPM, doesn’t support TPM+Pin. I think it’s mainly due to how poor and widespread TPM support is. It could lock you out entirely.
What makes TPM+pin safer than just having a normal LUKS password? I would think it would be the same amount of security just with more chance of data loss if your computer gets damaged
TPM is used for measured boot. Measured boot can check various parts of the system to ensure they are the expected values haven’t been tampered with. You don’t want a part of the system to be replaced with malware and not realize it.
If it detects something changed, it won’t release its secret. It may signal to you that something malicious was done or something benign that the OS updated didn’t account for.
Interesting, how do you recover from that and get your data back?
A recovery code. I did a test install of Aeon and was given the code: dhnhlgc-fbndjbni-ufrkcfnk-nfebvtut-ftkkiiur-tijidtub-hujnucgu-erduhije
64 digits, but only alphabetical and a certain subset (16/26) due to weirdness of keyboard layouts.
Yep, you need a pin for your TPM to be safe. Here’s a proof of concept of someone unlocking Linux systems without TPM pin.
https://oddlama.org/blog/bypassing-disk-encryption-with-tpm2-unlock/
As I understand it the TPM is for people who have physical access. It prevents them from cloning your disk.
I think with an adequately long password (or an adequately resource-intensive encryption algorithm) you can secure your disk enough to prevent unauthorized access. But the TPM would prevent them from removing your hard-drive and shunting it into a super-computer (so all password attempts wouldn’t need to be on the crummy 10-year old laptop CPU) so a TPM + password is more secure.
I’ve read the arguments and trust the people who know far more than I do about this, but… I just find it difficult to think of “unlocks automatically” as more safe than “is locked until I enter my password”. I’m open for it, but it just feels strange to me.