home.social

#tpm2 — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #tpm2, aggregated by home.social.

  1. @lug_nuernberg Great Meme 🫶 #TPM2 was a child once - for a better understanding, may I add this great animation to your thread? I think it's worth viewing ❤️

    youtu.be/mLoIcdIu_Kk?si=YULJHV
    #trustedcomputing #tcpa

  2. Okay I think I have a better handle on the workflow now. There's 4 hierarchies of trust and you only care about the storage one for my purposes. You can deterministically derive a parent key that's unique to your application based on non confidential secrets. Then from there you can start adding child keys, which when loaded into the module under the parent context can be used to wrap-encrypt your actual key used for decrypting whatever from disk. I'm not quite sure if or why the additional child key is needed but it makes sense you would have some additional indirection beyond the deterministic root key.

    There's places to put in particular stuff like a pin or password so you can tie in a user there or just hard code it (or omit, in some cases?).

    Anyways, I suppose all this is to achieve that if someone tries to decrypt your stuff with a different TPM it won't work.

    I do wonder if you could use the determined root key public certificate to enrol a device as trusted and so long as the server sent you whatever encrypted using the public key it knwlew you'd only get access to it without hardware changes. Though that gets tricky, probably where the attestation/vendor truest hierarchy comes in.

    #TPM #TPM2

  3. Oh, the tragedy of a software developer in #LA who can't upgrade to Windows 11 due to the elusive TPM 2.0. 😱 Who knew Microsoft's upgrade notifications could be so clingy? 💻 But fear not, because we're all DYING to hear more from this 'wannabe writer' about his Windows woes. 🙄
    idiallo.com/byte-size/cant-upd #Windows11 #TPM2.0 #SoftwareDeveloper #UpgradeWoes #MicrosoftNotifications #HackerNews #ngated

  4. Friday, before the start of the week-end I received the @frameworkcomputer #framework12 laptops for my parents.
    They will be installed with #Linux of course.

    As they won’t be delivered before some time, I ’m playing a bit with them. One have been installed with #fedora #silverblue, the other one with #aeondesktop.

    So far I like what I’ve seen with the #gnome desktop:
    * When the screen is rotated, the keyboard is disabled.
    * When in tablet mode, the screen orientation follow the device orientation.
    * The power draw in sleep mode looks ok.
    * BIOS/UEFI update are supported with #lvfs.

    But I also have some issues:
    * The virtual keyboard in tablet mode, is only in qwerty, even if the system is configured with another layout.
    * When the virtual keyboard appears, some windows content is not moved above the keyboard, which might make it difficult to see what one is typing.
    * On the Aeon install I had to `sdbootutil --ask-pin update-predictions` after installation to have the #tpm2 unlock working.

    #computing #framework

  5. @sesivany yeah, it is lacking. But hardware tokens like Yubikey are still somehow supported. Much worse is support of key protected by chip. That is like non-existent on . Even though every Red Hatter has laptop with it's support. Why do you need token, when your device has secure storage built-in?

  6. Today I enabled #secureboot and it took me 2 hours. It created an endless boot loop that rebooted before the bios was available. Had to flash my bios to get it working again. Now everything works. Secure boot and #TPM2

    After that I installed a #linux distro (#ubuntu ) with support for secure boot.

    Now I can keep using Linux as my daily driver and boot into windows to play a round of #battlefield6 with my buddy. And I can cancel geforce now (only used it for a couple of days).

  7. How to Enable TPM 2.0 on Windows 10 PC

    Keep your PC secure and game-ready! Our easy, step-by-step guide shows you how to enable TPM 2.0 without the stress. Protect your system and enjoy smoother gaming today.

    #Izoate #Windows #Technology #Game #TPM2 #Windows10 #PCGaming

    izoate.com/blog/how-to-enable-

  8. Tak jsem konečně upravil šifrování disků na svých počítačích.
    Do teď jsem zamykal heslo root file systému do #tpm2 vlastním scriptem popsaným zde:
    skorpil.cz/en/project/42/mkini

    To řešení je už 5 let staré a překonané. Ale stále funkční. Dneska už to umí #systemd nativně. Porušil jsem pravidlo "nešťourej do něčeho co funguje" a přenastavil jsem šifrování na všech počítačích. Dneska je to fakt super pohodlné nastavení.

    Nechcete nějakou minipřednášku o šifrování disků pomocí TPM2 na #LinuxDays ? Zaměřeno na #Arch, jiné distribuce tolik vyzkoušené nemám. Ona jedna přednáška byla už na tom loňském, tak nevím jestli je to potřeba. 🤷

  9. DICE und EA haben die offiziellen #Hardware-#Anforderungen für #Battlefield6 veröffentlicht. Mindestens eine RTX 2060 und 16 GB RAM werden benötigt. Interessant: #TPM2.0 ist Pflicht, eine #SSD hingegen nicht. winfuture.de/news,153266.html?

  10. #Watching a #MentalOutlaw video that mentions the TPM 2.0 module in the official hardware requirements for Windows 11;

    tube.archworks.co/w/7e5mfUDxPT

    As you might have guessed, I have thoughts.

    TL;DR You don't need to buy a TPM module, or new hardware that has one. Keep your existing PC and replace MS Widows with a reputable GNU/Linux OS. It'll keep working for years with guaranteed software updates, and no viruses, and it'll probably run faster,

    (1/?)

    #MicroSoft #Windows #Windows11 #TPM #TPM2

  11. Jetzt hat #Microsoft damit begonnen, aktiv gegen die Umgehung von #TPM2.0 bei der Installation von #Windows11 vorzugehen. So wird das Tool #flyby11 vom Defender blockiert. Der #Bypass funktioniert dennoch. winfuture.de/news,148600.html?

  12. Jetzt hat #Microsoft damit begonnen, aktiv gegen die Umgehung von #TPM2.0 bei der Installation von #Windows11 vorzugehen. So wird das Tool #flyby11 vom Defender blockiert. Der #Bypass funktioniert dennoch. winfuture.de/news,148600.html?

  13. Jetzt hat #Microsoft damit begonnen, aktiv gegen die Umgehung von #TPM2.0 bei der Installation von #Windows11 vorzugehen. So wird das Tool #flyby11 vom Defender blockiert. Der #Bypass funktioniert dennoch. winfuture.de/news,148600.html?

  14. Jetzt hat #Microsoft damit begonnen, aktiv gegen die Umgehung von #TPM2.0 bei der Installation von #Windows11 vorzugehen. So wird das Tool #flyby11 vom Defender blockiert. Der #Bypass funktioniert dennoch. winfuture.de/news,148600.html?

  15. Jetzt hat #Microsoft damit begonnen, aktiv gegen die Umgehung von #TPM2.0 bei der Installation von #Windows11 vorzugehen. So wird das Tool #flyby11 vom Defender blockiert. Der #Bypass funktioniert dennoch. winfuture.de/news,148600.html?

  16. Day 8 of #100DaysOfHomelab : Sorted out #backups for a few services, restarted #qbittorrent via #docker this time. I tried to auto boot my #LUKS drive via #TPM2 key have to figure it out now.

  17. Mein neuer Artikel im #FedoraMagazine beschreibt wie du deine #LUKS Partition alternativ zum Passwort mit einem #TPM2 chip oder #FIDO #U2F hardware security token entschlüsseln kannst. Auf #Fedora bietet sich dazu #systemd #cryptenroll an.

    fedoramagazine.org/use-systemd [englisch]

  18. Mein neuer Artikel im #FedoraMagazine beschreibt wie du deine #LUKS Partition alternativ zum Passwort mit einem #TPM2 chip oder #FIDO #U2F hardware security token entschlüsseln kannst. Auf #Fedora bietet sich dazu #systemd #cryptenroll an.

    fedoramagazine.org/use-systemd [englisch]

  19. Mein neuer Artikel im #FedoraMagazine beschreibt wie du deine #LUKS Partition alternativ zum Passwort mit einem #TPM2 chip oder #FIDO #U2F hardware security token entschlüsseln kannst. Auf #Fedora bietet sich dazu #systemd #cryptenroll an.

    fedoramagazine.org/use-systemd [englisch]

  20. Mein neuer Artikel im #FedoraMagazine beschreibt wie du deine #LUKS Partition alternativ zum Passwort mit einem #TPM2 chip oder #FIDO #U2F hardware security token entschlüsseln kannst. Auf #Fedora bietet sich dazu #systemd #cryptenroll an.

    fedoramagazine.org/use-systemd [englisch]

  21. Mein neuer Artikel im #FedoraMagazine beschreibt wie du deine #LUKS Partition alternativ zum Passwort mit einem #TPM2 chip oder #FIDO #U2F hardware security token entschlüsseln kannst. Auf #Fedora bietet sich dazu #systemd #cryptenroll an.

    fedoramagazine.org/use-systemd [englisch]

  22. ```This article shows how to use [#systemd #cryptenroll together with] either a #TPM2 chip or a #FIDO #U2F security key as an alternative factor to the passphrase when unlocking your [#Linux] #LUKS partitions. ```

    fedoramagazine.org/use-systemd #encryption #fedora

  23. ```This article shows how to use [#systemd #cryptenroll together with] either a #TPM2 chip or a #FIDO #U2F security key as an alternative factor to the passphrase when unlocking your [#Linux] #LUKS partitions. ```

    fedoramagazine.org/use-systemd #encryption #fedora

  24. ```This article shows how to use [#systemd #cryptenroll together with] either a #TPM2 chip or a #FIDO #U2F security key as an alternative factor to the passphrase when unlocking your [#Linux] #LUKS partitions. ```

    fedoramagazine.org/use-systemd #encryption #fedora

  25. ```This article shows how to use [#systemd #cryptenroll together with] either a #TPM2 chip or a #FIDO #U2F security key as an alternative factor to the passphrase when unlocking your [#Linux] #LUKS partitions. ```

    fedoramagazine.org/use-systemd #encryption #fedora

  26. ```This article shows how to use [#systemd #cryptenroll together with] either a #TPM2 chip or a #FIDO #U2F security key as an alternative factor to the passphrase when unlocking your [#Linux] #LUKS partitions. ```

    fedoramagazine.org/use-systemd #encryption #fedora

  27. (1/2)

    #Linux #DiskEncryption I want to check that I'm thinking about this in a way that makes sense. Context is a laptop with a #LUKS partition.

    I see a lot of how-to articles floating around about using #tpm2 for LUKS decryption on device boot.
    I understand that this gives convenience over a separate passphrase for decryption and still prevents:

    An adversary from removing the hard drive when your machine is off and decrypting it (because the adversary won't have the TPM to decrypt).
    An adversary from modifying anything in the secure boot chain and accessing a decrypted drive (because the device will then refuse to boot and decrypt the LUKS partition).

  28. Time to start using mastodon seriously. I'd like to follow eff, fsf, and fsfe but cannot catch up with their rich toots. Thinking about following someone who follow and boosts them and toots < 5 a day. Most interested in #DRM, #TPM2, #rightstorepair, freedom to #root. Any suggestions pls?

  29. Time to start using mastodon seriously. I'd like to follow eff, fsf, and fsfe but cannot catch up with their rich toots. Thinking about following someone who follow and boosts them and toots < 5 a day. Most interested in #DRM, #TPM2, #rightstorepair, freedom to #root. Any suggestions pls?