[ubuntu-hardened] gnome-keyring utilizing a tpm?
ubuntu at hda3.com
Wed Apr 13 18:23:51 UTC 2011
On Wed, Apr 13, 2011 at 10:29 AM, Kees Cook <kees at ubuntu.com> wrote:
> Hi Peter,
> On Tue, Apr 12, 2011 at 07:14:17PM -0700, Peter Moody wrote:
> > In a conversation with a co-worker the other day, the idea came up of
> > gnome-keyring utilize the tpm on the increasing number of platforms which
> > support them. Is this a ridiculous idea? ie, is there some long-ago made
> > design decision that keyrings MUST BE (rfc caps) exportable? IIRC, don't
> > kwallet and gnome-keyring use the same crypto libraries (and thus,
> > kwallet benefit from something like this as well?)
> I'm less familiar with kwallet, but speaking just to the gnome-keyring
> idea, there is a desirable reason (for some people) to the exportability
> of the keyring: sharing it between systems via UbuntuOne or a similar
> cloud-storage system.
> Ignoring that use-case for a moment, TPM would really only add some
> additional level of protection to the gnome-keyring from offline
> inspection. But since the keyring is already encrypted with the user's
> login passphrase, it already has a certain level of offline inspection
> protection. TPM would just add a "harder" passphrase.
> (Additionally, to make the TPM secrets useful, you'd need end-to-end TPM
> from the BIOS, bootloader, kernel, and package manager before it would be
> particularly useful for providing secrets to decrypt the gnome keyring.)
I'm no tcg expert, but think you're thinking of sealing secrets on the tpm
and I'm just looking to be able to bind data. I think the former would
require the full trusted boot while the latter does not.
Or perhaps I'm misunderstanding some feature of TPM. :)
> Kees Cook
> Ubuntu Security Team
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ubuntu-hardened