| 16 Jul 2021 |
|  andi- changed the history visibility to "world_readable" from "shared". | 12:07:40 |
 @grahamc:nixos.org | nice | 12:09:15 |
| @grahamc:nixos.org | I read a few chapters of this book, "Quick Tutorial on TPM 2.0", "Platform Configuration Registers", "Solving Bigger Problems with the TPM 2.0" but I got pretty annoyed by it early on, so I didn't read super carefully. https://link.springer.com/content/pdf/10.1007%2F978-1-4302-6584-9.pdf
I watched https://av.tib.eu/media/41722, which covers the basic operations
I looked at https://wiki.archlinux.org/title/User:Diabonas/Trusted_Platform_Module#Storing_secrets_in_the_TPM step 1 to play with it for real | 12:09:21 |
|  spacesbot - keeps a log of public NixOS channels joined the room. | 12:09:23 |
| @grahamc:nixos.org | ^ recording material I looked at | 12:09:26 |
|  manveru joined the room. | 12:09:46 |
| andi- | I've found this https://kernsec.org/wiki/index.php/Linux_Kernel_Integrity | 12:09:54 |
| andi- | had a bunch of (somewhat dated) links | 12:10:00 |
| @grahamc:nixos.org | I'm still waiting for someone to confirm what I believe to be a fundamentally true security property https://developers.tpm.dev/posts/15575774 | 12:11:22 |
| @grahamc:nixos.org | just as many bots as people in here | 12:11:35 |
| andi- | I am still a bit confused by the requirement of different secrets to decrypt one secret. This is probably because TPMs support different trust roots(?) and each of the root has to match the secrets you want to decrypt? | 12:12:51 |
| @grahamc:nixos.org | yeah | 12:13:00 |
| andi- | So, why that take ownership stuff then? | 12:13:12 |
| @grahamc:nixos.org | you can create a hierarchy of keys which reveal different amounts of data | 12:13:20 |
| andi- | Shouldn't I rather specify the root somehow? | 12:13:21 |
