[ubuntu-hardened] gnome-keyring utilizing a tpm?

Kees Cook kees at ubuntu.com
Wed Apr 13 18:53:06 UTC 2011

On Wed, Apr 13, 2011 at 11:23:51AM -0700, Peter Moody wrote:
> I'm no tcg expert, but think you're thinking of sealing secrets on the tpm
> and I'm just looking to be able to bind data. I think the former would
> require the full trusted boot while the latter does not.

In this case, does it really have a benefit? Currently anything on the
D-Bus session bus can ask for a given clear-text password from the keyring.
Storing them in the TPM doesn't really make a difference in this case --
anything can still read the contents by just asking gnome-keyring for it.


Kees Cook
Ubuntu Security Team

More information about the ubuntu-hardened mailing list