TPMs can be useful to you as an individual if you're trying to protect against an evil maid attack. Although I think Linux isn't quite there yet with its support for it. The systemd folks are making progress though.

▲

SAI_Peregrinus 21 hours ago | parent | next [-]

That only helps if you set a strong password as your TPM PIN. Otherwise its hardware-bound with no access control, and just as susceptible to evil maid attacks as storing the keys directly in a file.

▲

ajross 20 hours ago | parent | prev [-]

> evil maid attack

So does a pass phrase though, with significant less complexity and fragility.

Again, the linked article and responses here are making IMHO a pretty bad mistake with threat model analysis.

▲

Liskni_si 20 hours ago | parent [-]

I don't see how entering a passphrase into a compromised boot loader/kernel/initramfs is as safe as a measured boot with TPM providing the decryption key only if nothing seems to have been tampered with. Can you elaborate please?

▲

ajross 20 hours ago | parent [-]

I said this elsewhere in the thread, but to repeat here:

Can you explain why securing the ssh keys on a host that was fully compromised like that is anything but theater? Fine, you can't get the key out. You can just run the command directly.

Again, there are use cases where TPMs provide value to authenticate specific devices. But they are not and never have been about "keeping secrets". Your secrets are trash once the device is compromised.

	▲	Liskni_si 20 hours ago \| parent [-]
		Well I wasn't talking about ssh keys at all - that's where the misunderstanding comes from. I was simply trying to counter your claim that TPMs are never ever useful for individuals. They can be useful to individuals worried about having their boot tampered with. I absolutely agree that they do zilch to protect your SSH keys. Hardware security keys that need physical confirmation of presence are much better for that use-case.