Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2024-06-13 05:27:54 -07:00
parent 114bcf2ca7
commit 9a039ef949
No known key found for this signature in database
GPG Key ID: 555C902A34EC968F

View File

@ -73,4 +73,4 @@ The Trusted Platform Module (TPM) is very often misunderstood, and there have be
- It is a passive chip. It does not have the capability to measure what is going on on a system - it only receive measurements given to it by the firmware, Trusted Execution Technology, bootloader, and so on. It cannot serve as a root of trust, and it cannot verify the integrity of the firmware, firmware settings, operating system status, etc on its own. - It is a passive chip. It does not have the capability to measure what is going on on a system - it only receive measurements given to it by the firmware, Trusted Execution Technology, bootloader, and so on. It cannot serve as a root of trust, and it cannot verify the integrity of the firmware, firmware settings, operating system status, etc on its own.
- It does not weaken disk encryption when used properly. The TPM provides 2 important properties: it enforces rate limiting, and it pins secrets against certain PCRs. Rate limiting is useful if the user does not have a strong encryption password, but is not strictly necessary when a diceware encryption passphrase is used. Pinning secrets against PCRs on the other hand are critical, as SRTM and DRTM technologies rely on it to be useful. The general idea is that - It does not weaken disk encryption when used properly. The TPM provides 2 important properties: it enforces rate limiting, and it pins secrets against certain PCRs. Rate limiting is useful if the user does not have a strong encryption password, but is not strictly necessary when a diceware passphrase is used. Pinning secrets against PCRs on the other hand are critical, as SRTM and DRTM technologies rely on it to be useful. The general idea is that