TPM module - what is it used for?
-
@black3dynamite said in TPM module - what is it used for?:
I know with a Windows 10 desktop using Bitlocker, TPM makes it possible for us to not have to enter a password to boot into Windows. I do believe Hyper-V also utilize TPM has well.
Not using a password to unlock the TPM seems to make that situation almost, I'm saying almost, pointless.
-
@Dashrender said in TPM module - what is it used for?:
@black3dynamite said in TPM module - what is it used for?:
I know with a Windows 10 desktop using Bitlocker, TPM makes it possible for us to not have to enter a password to boot into Windows. I do believe Hyper-V also utilize TPM has well.
Not using a password to unlock the TPM seems to make that situation almost, I'm saying almost, pointless.
Agreed.
From system owner perspective:
Bad guy steals just hard drives, no worries. Owner safe.
Bad guy steals entire systems, big worries. TPM is useless and Owner screwed. -
@Dashrender said in TPM module - what is it used for?:
@black3dynamite said in TPM module - what is it used for?:
I know with a Windows 10 desktop using Bitlocker, TPM makes it possible for us to not have to enter a password to boot into Windows. I do believe Hyper-V also utilize TPM has well.
Not using a password to unlock the TPM seems to make that situation almost, I'm saying almost, pointless.
No, the point is to tie bitlocker to that physical hardware. That is not useless.
If you pull the drive, then you will not be able to decrypt it. It is not supposed to be the be all, end all of security.
-
@pmoncho said in TPM module - what is it used for?:
Bad guy steals just hard drives, no worries. Owner safe.
This is a big deal as this is how most people manage to make off with data.
-
@pmoncho said in TPM module - what is it used for?:
Bad guy steals entire systems, big worries. TPM is useless and Owner screwed.
Only if you choose no password, in which case you can just reword that to "bypass this feature." TPM in a mobile device is meant to be used with a password. TPM in a server it makes sense that it is optional.
-
@scottalanmiller said in TPM module - what is it used for?:
@pmoncho said in TPM module - what is it used for?:
Bad guy steals entire systems, big worries. TPM is useless and Owner screwed.
Only if you choose no password, in which case you can just reword that to "bypass this feature." TPM in a mobile device is meant to be used with a password. TPM in a server it makes sense that it is optional.
Well my original comment about almost useless was in response to a post about Windows 10 Bitlocker... A desktop is semi portable, at least compared to most servers, LOL.
-
@scottalanmiller said in TPM module - what is it used for?:
@pmoncho said in TPM module - what is it used for?:
Bad guy steals just hard drives, no worries. Owner safe.
This is a big deal as this is how most people manage to make off with data.
You hear about HD's being stolen, but not the whole unit?
-
@scottalanmiller said in TPM module - what is it used for?:
@pmoncho said in TPM module - what is it used for?:
Bad guy steals just hard drives, no worries. Owner safe.
This is a big deal as this is how most people manage to make off with data.
Should have mentioned, if the TPM module is put to use with encryption, taking the drives is useless. The need the entire system.
-
@Dashrender said in TPM module - what is it used for?:
@scottalanmiller said in TPM module - what is it used for?:
@pmoncho said in TPM module - what is it used for?:
Bad guy steals just hard drives, no worries. Owner safe.
This is a big deal as this is how most people manage to make off with data.
You hear about HD's being stolen, but not the whole unit?
I have. 2U Rack unit They bad guys didn't have a screw driver handy. Pressed the power button, pop the drives and out the door.
-
@pmoncho said in TPM module - what is it used for?:
@Dashrender said in TPM module - what is it used for?:
@scottalanmiller said in TPM module - what is it used for?:
@pmoncho said in TPM module - what is it used for?:
Bad guy steals just hard drives, no worries. Owner safe.
This is a big deal as this is how most people manage to make off with data.
You hear about HD's being stolen, but not the whole unit?
I have. 2U Rack unit They bad guys didn't have a screw driver handy. Pressed the power button, pop the drives and out the door.
LOL - stealing just to steal it sounds like - unless they were targeted...
-
@Dashrender said in TPM module - what is it used for?:
@pmoncho said in TPM module - what is it used for?:
@Dashrender said in TPM module - what is it used for?:
@scottalanmiller said in TPM module - what is it used for?:
@pmoncho said in TPM module - what is it used for?:
Bad guy steals just hard drives, no worries. Owner safe.
This is a big deal as this is how most people manage to make off with data.
You hear about HD's being stolen, but not the whole unit?
I have. 2U Rack unit They bad guys didn't have a screw driver handy. Pressed the power button, pop the drives and out the door.
LOL - stealing just to steal it sounds like - unless they were targeted...
It was a lawyers office so I believe it was.
-
OK, so it has some value in Windows.
What's the operation of TPM on linux then? -
@Pete-S said in TPM module - what is it used for?:
OK, so it has some value in Windows.
What's the operation of TPM on linux then?Same. Bitlocker is just one of the options on Windows. Linux has similar options. They were just using an example, nothing about TPM is related to Windows.
-
@Dashrender said in TPM module - what is it used for?:
@scottalanmiller said in TPM module - what is it used for?:
@pmoncho said in TPM module - what is it used for?:
Bad guy steals just hard drives, no worries. Owner safe.
This is a big deal as this is how most people manage to make off with data.
You hear about HD's being stolen, but not the whole unit?
That's the norm, yes. Anyone looking for data, that's what they do. That's always the fear in datacenters. A 2.5" drive is "easy" to steal. It is loose, and tiny, fits in a pocket or an arm pit. A server is essentially impossible to steal from any real location.
-
@scottalanmiller said in TPM module - what is it used for?:
That's the norm, yes. Anyone looking for data, that's what they do. That's always the fear in datacenters. A 2.5" drive is "easy" to steal. It is loose, and tiny, fits in a pocket or an arm pit. A server is essentially impossible to steal from any real location.
Running out of a DC with a DL380 doesn't happen. Someone bulk sells the server on eBay does.
Real encryption keeps the keys in a remote KIMP server (what you'll see for any DISA/STIG system etc).
Realistically you use a TPM for detecting supply chain attacks (validating firmware, validating boot loader, EFI VIBs etc) is what ESXi uses it for.
https://blogs.vmware.com/vsphere/2018/04/vsphere-6-7-esxi-tpm-2-0.html
-
@StorageNinja said in TPM module - what is it used for?:
Real encryption keeps the keys in a remote KIMP server (what you'll see for any DISA/STIG system etc).
I've seen shops that require a human to apply the key every time.