[dm-crypt] LUKS disk encryption with remote boot authentication

Alex Elsayed eternaleye at gmail.com
Sat Oct 18 01:51:52 CEST 2014


Alex Elsayed wrote:

> Well, it actually _is_ entirely possible:
> 
> If your machine has a TPM (yes, big 'if', but many laptops do although
> embedded boards don't), then tpm-luks[1] uses the TPM to store the
> cryptsetup key in the TPM's nvram, such that it can only be extracted if
> everything is unmodified.

Gah, forgot my footnote.

[1] https://github.com/shpedoikal/tpm-luks

<snip>



More information about the dm-crypt mailing list