[ubuntu-hardened] gnome-keyring utilizing a tpm?

[Peter Moody]

On Wed, Apr 13, 2011 at 10:29 AM, Kees Cook <kees at ubuntu.com> wrote:

> Hi Peter,
>
> On Tue, Apr 12, 2011 at 07:14:17PM -0700, Peter Moody wrote:
> > In a conversation with a co-worker the other day, the idea came up of
> having
> > gnome-keyring utilize the tpm on the increasing number of platforms which
> > support them.  Is this a ridiculous idea? ie, is there some long-ago made
> > design decision that keyrings MUST BE (rfc caps) exportable? IIRC, don't
> > kwallet and gnome-keyring use the same crypto libraries (and thus,
> wouldn't
> > kwallet benefit from something like this as well?)
>
> I'm less familiar with kwallet, but speaking just to the gnome-keyring
> idea, there is a desirable reason (for some people) to the exportability
> of the keyring: sharing it between systems via UbuntuOne or a similar
> cloud-storage system.
>
> Ignoring that use-case for a moment, TPM would really only add some
> additional level of protection to the gnome-keyring from offline
> inspection. But since the keyring is already encrypted with the user's
> login passphrase, it already has a certain level of offline inspection
> protection. TPM would just add a "harder" passphrase.
>
> (Additionally, to make the TPM secrets useful, you'd need end-to-end TPM
> from the BIOS, bootloader, kernel, and package manager before it would be
> particularly useful for providing secrets to decrypt the gnome keyring.)
>

I'm no tcg expert, but think you're thinking of sealing secrets on the tpm
and I'm just looking to be able to bind data. I think the former would
require the full trusted boot while the latter does not.

Or perhaps I'm misunderstanding some feature of TPM. :)
>
> -Kees
>
> --
> Kees Cook
> Ubuntu Security Team
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20110413/cdecc761/attachment.html>