Comment by bigmattystyles
4 months ago
It’s also where private keys for your device to secure your data live, so it’s like nuclear power, you can make a bomb or a clean power plant.
4 months ago
It’s also where private keys for your device to secure your data live, so it’s like nuclear power, you can make a bomb or a clean power plant.
No, these should exist in the TPM and highly volatile memory like CPU cache. This including the decryption code. This can be achieved using mechanisms similar to what Coreboot does before RAM is initialized.
No need for the keys or decryption to touch easily intercepted and rowhammered RAM.
Yes, I think we’re saying the same thing. A TPM is a Secure Enclave.
Why the keys for my device should be not accessible for me? The purpose of secure enclave is to prevent administrator from accessing the data.
A secure enclave should allow no one to access the data inside. It's essentially a little self contained computer that can do some basic crypto operations using the stored keys. It should never disclose the keys.
the private keys to secure my data live in my brain