Skip to main content
Information Security

Return to Answer

clarification
Source Link
northox
northox
  • 1.4k
  • 16
  • 26

The TPM is used to seal the LUKS secret and nothing else. Once decrypted by the TPM (thei.e. the proper environment has been loaded) the secret is stored in RAM hence it can be captured by coldboot attacks.

You can look at any documentation about Bitlocker with or without a PIN depending on your setup and the same will apply to tpm-luks, e.g. wikipedia.

The PIN will have an impact on whether the attack can be done: locally vs having to remove the memory dimm and, when the system was already turned off for a long time.

There's a few projects that store the secret elsewhere (e.g. TRESOR uses the CPU) and this is what you should be looking for if you really intend protecting yourself from those.

The TPM is used to seal the LUKS secret and nothing else. Once decrypted by the TPM (the proper environment has been loaded) the secret is stored in RAM hence it can be captured by coldboot attacks.

You can look at any documentation about Bitlocker with or without a PIN depending on your setup and the same will apply to tpm-luks, e.g. wikipedia.

The PIN will have an impact on whether the attack can be done: locally vs having to remove the memory dimm and, when the system was already turned off for a long time.

There's a few projects that store the secret elsewhere (e.g. TRESOR uses the CPU) and this is what you should be looking for if you really intend protecting yourself from those.

The TPM is used to seal the LUKS secret and nothing else. Once decrypted by the TPM (i.e. the proper environment has been loaded) the secret is stored in RAM hence it can be captured by coldboot attacks.

You can look at any documentation about Bitlocker with or without a PIN depending on your setup and the same will apply to tpm-luks, e.g. wikipedia.

The PIN will have an impact on whether the attack can be done: locally vs having to remove the memory dimm and, when the system was already turned off for a long time.

There's a few projects that store the secret elsewhere (e.g. TRESOR uses the CPU) and this is what you should be looking for if you really intend protecting yourself from those.

added PIN explanation.
Source Link
northox
northox
  • 1.4k
  • 16
  • 26

The TPM is used to seal the LUKS secret and nothing else. Once decrypted by the TPM (the proper environment has been loaded) the secret is stored in RAM hence it can be captured by coldboot attacks.

You can look at any documentation about Bitlocker when usedwith or without a PIN depending on your setup and the same will apply to tpm-luks, e.g. wikipedia.

The PIN will have an impact on whether the attack can be done: locally vs having to remove the memory dimm and, when the system was already turned off for a long time.

There's a few projects that store the secret elsewhere (e.g. TRESOR uses the CPU) and this is what you should be looking for if you really intend protecting yourself from those.

The TPM is used to seal the LUKS secret and nothing else. Once decrypted by the TPM (the proper environment has been loaded) the secret is stored in RAM hence it can be captured by coldboot attacks.

You can look at any documentation about Bitlocker when used without a PIN and the same will apply to tpm-luks, e.g. wikipedia.

There's a few projects that store the secret elsewhere (e.g. TRESOR uses the CPU) and this is what you should be looking for if you really intend protecting yourself from those.

The TPM is used to seal the LUKS secret and nothing else. Once decrypted by the TPM (the proper environment has been loaded) the secret is stored in RAM hence it can be captured by coldboot attacks.

You can look at any documentation about Bitlocker with or without a PIN depending on your setup and the same will apply to tpm-luks, e.g. wikipedia.

The PIN will have an impact on whether the attack can be done: locally vs having to remove the memory dimm and, when the system was already turned off for a long time.

There's a few projects that store the secret elsewhere (e.g. TRESOR uses the CPU) and this is what you should be looking for if you really intend protecting yourself from those.

Source Link
northox
northox
  • 1.4k
  • 16
  • 26

The TPM is used to seal the LUKS secret and nothing else. Once decrypted by the TPM (the proper environment has been loaded) the secret is stored in RAM hence it can be captured by coldboot attacks.

You can look at any documentation about Bitlocker when used without a PIN and the same will apply to tpm-luks, e.g. wikipedia.

There's a few projects that store the secret elsewhere (e.g. TRESOR uses the CPU) and this is what you should be looking for if you really intend protecting yourself from those.