top | item 45747364

(no title)

It’s also where private keys for your device to secure your data live, so it’s like nuclear power, you can make a bomb or a clean power plant.

discuss

AstralStorm|4 months ago

No, these should exist in the TPM and highly volatile memory like CPU cache. This including the decryption code. This can be achieved using mechanisms similar to what Coreboot does before RAM is initialized.

No need for the keys or decryption to touch easily intercepted and rowhammered RAM.

bigmattystyles|4 months ago

Yes, I think we’re saying the same thing. A TPM is a Secure Enclave.

codedokode|4 months ago

Why the keys for my device should be not accessible for me? The purpose of secure enclave is to prevent administrator from accessing the data.

foxyv|4 months ago

A secure enclave should allow no one to access the data inside. It's essentially a little self contained computer that can do some basic crypto operations using the stored keys. It should never disclose the keys.

beeflet|4 months ago

the private keys to secure my data live in my brain