Re: [RFC PATCH 0/2] TPM derived keys

From: James Bottomley
Date: Tue May 14 2024 - 11:30:50 EST

Next message: Sean Christopherson: "Re: [PATCH 04/17] KVM: x86: Move synthetic PFERR_* sanity checks to SVM's #NPF handler"
Previous message: Ignat Korchagin: "Re: [RFC PATCH 0/2] TPM derived keys"
In reply to: Jarkko Sakkinen: "Re: [RFC PATCH 0/2] TPM derived keys"
Next in thread: Ignat Korchagin: "Re: [RFC PATCH 0/2] TPM derived keys"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2024-05-14 at 14:11 +0100, Ignat Korchagin wrote:
> * if someone steals one of the disks - we don't want them to see it
> has encrypted data (no LUKS header)

What is the use case that makes this important? In usual operation
over the network, the fact that we're setting up encryption is easily
identifiable to any packet sniffer (DHE key exchanges are fairly easy
to fingerprint), but security relies on the fact that even knowing that
we're setting up encryption, the attacker can't gain access to it. The
fact that we are setting up encryption isn't seen as a useful thing to
conceal, so why is it important for your encrypted disk use case?

James

Next message: Sean Christopherson: "Re: [PATCH 04/17] KVM: x86: Move synthetic PFERR_* sanity checks to SVM's #NPF handler"
Previous message: Ignat Korchagin: "Re: [RFC PATCH 0/2] TPM derived keys"
In reply to: Jarkko Sakkinen: "Re: [RFC PATCH 0/2] TPM derived keys"
Next in thread: Ignat Korchagin: "Re: [RFC PATCH 0/2] TPM derived keys"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]