Rich Freeman on 19 Oct 2014 05:44:24 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Offline apps for Chromebook

On Sat, Oct 18, 2014 at 10:52 PM, Fred Stluka <> wrote:
> Interesting.  I especially liked this excerpt about fingerprint
> scanners and facial recognition as ways to login:
>> ... We expect these devices to be covered in our
>> users' fingerprints, so a low-cost fingerprint scanner could actually
>> increase the likelihood of compromise.
>> ...
>> We were able to break into one
>> device that used facial recognition authentication software just by
>> holding it up to the user's photo.

Yeah, encryption and biometrics don't always work great together.  The
ChromeOS solution is to use your password as part of the key, which
means that the encryption key isn't stored anywhere on the device.
Brute-force is limited by the use of the TPM which only processes
maybe an attempt per second (part of the key is in the TPM, so doing a
faster brute force of the password portion requires extracting it from
the hardware).

The other approach which is more common in the Windows world is to
just encrypt the entire drive (not just each user profile), store the
key for that in the TPM, but then use a trusted boot path to secure
it.  This is a bit like remote attestation except it is local.  The
firmware hashes the bootloader and adds that to the TPM before running
it, the bootloader hashes the kernel before loading it and adds that
to the TPM before running it, etc.  Then when the program that wants
the disk encryption key asks for it the TPM checks the signature chain
and only gives up the key if it matches (I have no idea how upgrades
work - obviously there has to be some way for the trusted program to
tell the TPM to trust the new version).  So, this in theory ensures
that only the legitimate OS can read the drive contents, and then the
legitimate OS can then use whatever authentication system it wishes.
Of course, if the OS has an exploit the data of any user might be
accessible. The ChromeOS way ensures that if there is an exploit only
the data of any currently logged-on users are accessible (of course
there is always the risk of keyloggers).

In theory Linux supports all of this stuff, but I've yet to see a
distro that does so.  There is a version of grub which preserves the
signature chain in the TPM module, and Linux has support for doing so
in the kernel as well, and for accessing the other TPM functions.

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --