[ubuntu-hardened] gnome-keyring utilizing a tpm?

Kees Cook kees at ubuntu.com
Wed Apr 13 17:29:38 UTC 2011

Hi Peter,

On Tue, Apr 12, 2011 at 07:14:17PM -0700, Peter Moody wrote:
> In a conversation with a co-worker the other day, the idea came up of having
> gnome-keyring utilize the tpm on the increasing number of platforms which
> support them.  Is this a ridiculous idea? ie, is there some long-ago made
> design decision that keyrings MUST BE (rfc caps) exportable? IIRC, don't
> kwallet and gnome-keyring use the same crypto libraries (and thus, wouldn't
> kwallet benefit from something like this as well?)

I'm less familiar with kwallet, but speaking just to the gnome-keyring
idea, there is a desirable reason (for some people) to the exportability
of the keyring: sharing it between systems via UbuntuOne or a similar
cloud-storage system.

Ignoring that use-case for a moment, TPM would really only add some
additional level of protection to the gnome-keyring from offline
inspection. But since the keyring is already encrypted with the user's
login passphrase, it already has a certain level of offline inspection
protection. TPM would just add a "harder" passphrase.

(Additionally, to make the TPM secrets useful, you'd need end-to-end TPM
from the BIOS, bootloader, kernel, and package manager before it would be
particularly useful for providing secrets to decrypt the gnome keyring.)

Or perhaps I'm misunderstanding some feature of TPM. :)


Kees Cook
Ubuntu Security Team

More information about the ubuntu-hardened mailing list