On 11/16/20 1:31 AM, Stakanov wrote:
In data lunedì 16 novembre 2020 06:00:21 CET, L A Walsh ha scritto:
On 2020/11/12 17:49, mike wrote:
You may be also interested to read: https://resources.infosecinstitute.com/topic/linux-tpm-encryption-initiali zing-and-using-the-tpm/
You use TPM in Linux typically to speed up HDD encryption of a SED (self encryption device e.g. Samsung SSD 860Pro, or to handle Software wise encryption with LUKS (here to speed up the calculus).
If you do not use trusted grub (a particular version of the boot manager) or
HDD SED, or LUKS for full disc encryption the error is likely due to
some firmware error of the producer (BIOS) but not a problem for you. I have a ACPI error message since 2010 on my Lenovo Laptop, never cause major issues.>
You may however look if the BIOS of the mainboard is outdated, has a new version addressing the issue. Updating the BIOS is on you own risk and you should only do this if you really need it, feel comfortable about it and have
A BIOS update, although normally easy, can bear (depending on the routine the
In data lunedì 16 novembre 2020 17:31:36 CET, mike ha scritto: performed a backup of you data. producer of the mainboard uses) the risk of "bricking" your PC.
A hint why you should have always a backup, you have it here:
https://security.stackexchange.com/questions/129006/what-happens-when-a-tp m-chip-breaks-or-fails
If you use a tpm to encrypt your data instead of the chip on the SSD then you
cannot decrypt your disk if your mainboard fails and has to be
replaced. This can be a purpose (if you WANT it to be so, because e.g. stolen SSD shall not be usable in other location. AFAIK, the security offered by a tpm is however minor, so the disadvantage might outpace the advantage.
OK thanks Mr. Walsh and Stakanov...
I am making progress in that I cleared the tpm chip....however when I try to set the passwords I get a
communications error. Seems my tscd.conf has all the options commented out. Should I enable all of them
or do I need an example conf file? Thanks so much so far.....
mike s
First of all there are the man pages. https://linux.die.net/man/5/tcsd.conf Some more information you find in this arch wiki: https://wiki.archlinux.org/index.php/Trusted_Platform_Module And Suse gives an overview here: https://www.suse.com/c/current-developments-suse-tpm-packages/ You should know what tpm you have. I actually do not know what you wish to put into work, (trusted boot, luks or SEL?) but the manual page as of above should give you the information needed.