| 16 Jul 2021 |
|  andi- changed the history visibility to "world_readable" from "shared". | 12:07:40 |
|  spacesbot - keeps a log of public NixOS channels joined the room. | 12:09:23 |
 @grahamc:nixos.org | ^ recording material I looked at | 12:09:26 |
|  manveru joined the room. | 12:09:46 |
| andi- | I've found this https://kernsec.org/wiki/index.php/Linux_Kernel_Integrity | 12:09:54 |
| andi- | had a bunch of (somewhat dated) links | 12:10:00 |
| @grahamc:nixos.org | I'm still waiting for someone to confirm what I believe to be a fundamentally true security property https://developers.tpm.dev/posts/15575774 | 12:11:22 |
| @grahamc:nixos.org | just as many bots as people in here | 12:11:35 |
| andi- | I am still a bit confused by the requirement of different secrets to decrypt one secret. This is probably because TPMs support different trust roots(?) and each of the root has to match the secrets you want to decrypt? | 12:12:51 |
| @grahamc:nixos.org | yeah | 12:13:00 |
| andi- | So, why that take ownership stuff then? | 12:13:12 |
| @grahamc:nixos.org | you can create a hierarchy of keys which reveal different amounts of data | 12:13:20 |
| andi- | Shouldn't I rather specify the root somehow? | 12:13:21 |
| @grahamc:nixos.org | ah | 12:13:35 |
| andi- | and the root is also the part that takes the two passwords? | 12:13:37 |
| @grahamc:nixos.org | ah, no | 12:13:43 |
| @grahamc:nixos.org | heh | 12:13:45 |
| @grahamc:nixos.org | takeownership does 2 thinsg afaik:
- resets the seed which is used for all the root key calculations
- sets a password used to reset counters
| 12:14:06 |
| @grahamc:nixos.org | so you can set a policy saying increment a counter on decrypt attempt, and refuse if it goes about 10, then you need the ownership password to reset it | 12:14:51 |
| andi- | Ok, so that part is then stored in the NV RAM of the TPM? | 12:15:35 |
| @grahamc:nixos.org | yeah | 12:15:43 |
| @grahamc:nixos.org | you don't need any special credential to use the roots | 12:15:55 |
| @grahamc:nixos.org |
I am still a bit confused by the requirement of different secrets to decrypt one secret.
| 12:16:49 |
| andi- | Does the internal seed change the PCR values? I guess it shouldn't... | 12:16:54 |
| @grahamc:nixos.org | I think this is because you're maybe not ever going to decrypt it | 12:16:56 |
| @grahamc:nixos.org | but maybe you're just using it for attestation | 12:17:07 |
| @grahamc:nixos.org | I don't think the seed has anything to do with the PCR, yeah | 12:18:16 |
| @grahamc:nixos.org | Redacted or Malformed Event | 12:19:07 |
| @grahamc:nixos.org | ah here we are | 12:20:30 |
| @grahamc:nixos.org | you can get what the TPM calls a "quote" which is the PCRs signed by the TPM, in a way you can trust itis actually the PCRs and not falsified | 12:21:03 |
