| ▲ | bombcar 2 hours ago | |
How is this even possible, backdoor or no? Isn't the whole point of this type of encryption that even a compromised machine can't decrypt without the passphrase? If this works it means that the key is stored unencrypted somewhere? | ||
| ▲ | majorchord an hour ago | parent | next [-] | |
Most setups only have the key stored in the TPM, so all you need to get it back is a signed/trusted bootloader. Ideally you'd want that key to be further protected with a password or some other mechanism because it's not impossible to extract TPM keys. | ||
| ▲ | andrecarini an hour ago | parent | prev [-] | |
Presumably the key is stored in the TPM | ||