26 Jan 2024 |
ElvishJerricco | so, I don't understand how that works | 23:02:36 |
raitobezarius | Yeah so my point is really only about the fact you are moving the key to another server | 23:02:41 |
| Shane on Conduit.rs ⚡️ and Fractal 🦀️ joined the room. | 23:02:30 |
ElvishJerricco | ohhhh | 23:02:50 |
ElvishJerricco | ok I forgot about that part | 23:02:57 |
raitobezarius | And you can control removing access to that encryption key remotely | 23:03:09 |
ElvishJerricco | right | 23:03:17 |
raitobezarius | And of course you have activity log etc | 23:03:19 |
raitobezarius | It becomes interesting for ONE aspect | 23:03:26 |
raitobezarius | Imagine you bind against more PCRs | 23:03:35 |
ElvishJerricco | so you basically are using the TPM just for remote attestation | 23:03:38 |
raitobezarius | And then on a reboot something change | 23:03:42 |
ElvishJerricco | which authenticates the machine to gain access to its disk decryption key | 23:03:51 |
ElvishJerricco | from a server | 23:04:00 |
raitobezarius | You can prompt yourself on your phone or something to accept/refuse that new change, etc. | 23:04:02 |
raitobezarius | In reply to @elvishjerricco:matrix.org so you basically are using the TPM just for remote attestation Correct | 23:04:09 |
ElvishJerricco | yea, that's really cool | 23:04:12 |
ElvishJerricco | I really like the idea of having it ping my phone too | 23:04:20 |
ElvishJerricco | because if I tie the secret to the phone somehow, then it's still manually authenticated | 23:04:38 |
raitobezarius | Yep, I really want this prompt mechanism | 23:05:05 |
ElvishJerricco | but it's just one convenient button press | 23:05:07 |
ElvishJerricco | yea | 23:05:12 |
ElvishJerricco | I like it | 23:05:13 |
raitobezarius | And technically you can hold the encryption key in your phone's TPM2 | 23:05:17 |
ElvishJerricco | two way remote attestation? :P | 23:05:34 |
raitobezarius | https://github.com/ANSSI-FR/ultrablue was so close :> | 23:06:04 |
raitobezarius | I am still thinking of forking it and finishing the work | 23:06:16 |
ElvishJerricco | oh yea, I forgot to look into that | 23:06:21 |
27 Jan 2024 |
| @fractivore:cyberia.club joined the room. | 00:27:43 |
| @lehmanator:gnulinux.club removed their profile picture. | 16:58:55 |