| 14 Dec 2024 |
 netpleb | * Is it possible for me to supply the seeds to my TPM rather than have the TPM generate them? | 23:31:29 |
| netpleb | * Is it possible for me to supply the endorsement and platform seeds to my TPM rather than have the TPM generate them? | 23:36:25 |
| 16 Dec 2024 |
| netpleb | attempting to answer my own question here: as far as I can tell this is probably possible for a virtual/emulated TPM but is likely not straightforward. Still not sure about physical TPMs | 20:48:09 |
| 22 Dec 2024 |
|  allrealmsoflife joined the room. | 20:27:05 |
| 24 Dec 2024 |
|  karlthane joined the room. | 13:57:17 |
| karlthane left the room. | 14:03:13 |
| karlthane joined the room. | 14:09:52 |
| 25 Dec 2024 |
|  CJ joined the room. | 14:38:33 |
| 26 Dec 2024 |
|  nevoyu joined the room. | 01:41:10 |
| nevoyu left the room. | 01:41:56 |
|  elikoga changed their display name from elikoga to elikoga (@38c3 📞448{0,1}. | 15:21:39 |
| elikoga changed their display name from elikoga (@38c3 📞448{0,1} to elikoga (@38c3 📞448{0,1}). | 15:25:57 |
| elikoga changed their display name from elikoga (@38c3 📞448{0,1}) to elikoga (@38c3 📞488{0,1}). | 15:26:37 |
| 27 Dec 2024 |
|  raitobezarius changed their display name from raitobezarius to raitobezarius (DECT: 3538 / EPVPN 2681). | 07:32:18 |
| 29 Dec 2024 |
| elikoga changed their display name from elikoga (@38c3 📞488{0,1}) to elikoga (@38c3 📞488{0,1,9}). | 11:02:52 |
| 30 Dec 2024 |
| raitobezarius changed their display name from raitobezarius (DECT: 3538 / EPVPN 2681) to raitobezarius. | 16:28:21 |
| 1 Jan 2025 |
|  NixOS Moderation Botchanged room power levels. | 14:26:17 |
| 3 Jan 2025 |
| elikoga changed their display name from elikoga (@38c3 📞488{0,1,9}) to elikoga. | 10:28:02 |
| 12 Jan 2025 |
|  Rayane Nakib (ريان نقيب) joined the room. | 12:37:08 |
| Rayane Nakib (ريان نقيب) | Hello, I recently got a new laptop with a modern CPU that have a TPM chip, What can I do with it to improve the security of my system? | 12:45:10 |
| elikoga | In reply to @nakibrayane:matrix.org
Hello, I recently got a new laptop with a modern CPU that have a TPM chip, What can I do with it to improve the security of my system? https://jnsgr.uk/2024/04/nixos-secure-boot-tpm-fde/ You can use it to unlock your encrypted disk without user intervention | 14:59:17 |
| Rayane Nakib (ريان نقيب) | How is this more secure then dm-crypt with a password, If someone store my laptop, they can just assess all the data in it. | 16:30:53 |
| Rayane Nakib (ريان نقيب) | * How is this more secure then dm-crypt with a password? If someone store my laptop, they can just assess all the data in it. | 16:31:34 |
| elikoga | No? I hope you have your user account protected with a password. The tpm will not release your encryption keys if system integrity is not given. For example my laptop tpm locks if you open the chassis | 16:31:58 |
| Rayane Nakib (ريان نقيب) | So they can't just put the hard disk in another PC, My hard disk will only unlock in my laptop. And then the security of my data is protected with userspace programs (e.g. GDM, tty login), Is this correct? | 16:34:29 |
| Rayane Nakib (ريان نقيب) | And is this more secure then dm-crypt? | 16:34:38 |
| elikoga | In combination with dmcrypt it is in my opinion more secure since you don't need to input an encryption key by hand | 16:35:17 |
| elikoga | Or luks/dmcrypt not sure what the delineation is exactly | 16:35:33 |
| elikoga | In reply to @nakibrayane:matrix.org
So they can't just put the hard disk in another PC, My hard disk will only unlock in my laptop. And then the security of my data is protected with userspace programs (e.g. GDM, tty login), Is this correct? I think that's correct | 16:35:47 |
| Rayane Nakib (ريان نقيب) | But if there is a bug with GDM, they would get access to my computer, I think that dm-crypt have is more secure. | 16:37:55 |
