Difference between revisions of "Security notes / Unsorted"

From Helpful
Jump to: navigation, search
m (TPM)
m (What does TPM not protect?)
Line 136: Line 136:
 
<!--
 
<!--
  
In general, TPM can be seen to protect BIOS contents and boot contents (which is great to have), and little else.
+
In general, TPM can be seen to protect BIOS contents and boot contents (which is great to have).
  
 
Because you can protect boot, it can also make the boot part of full drive encryption more secure, which is also great.
 
Because you can protect boot, it can also make the boot part of full drive encryption more secure, which is also great.
  
 +
But realize that is basically ends there.
  
But realize that this is all it does.
 
  
It basically does not protect against ''anything'' while your computer is running.
+
It does not protect against ''anything'' while your computer is running. {{verify}}
  
 
Any exploit aimed at a running system (which is most exploits) can get just as much of your data as before.
 
Any exploit aimed at a running system (which is most exploits) can get just as much of your data as before.
(Including the keys in the TPM that are marked migratable, which some uses will require)
+
 
 +
The way the TPM stores keys means you can't move keys out -- except the ones marked migratable, which various uses will require.
  
  
Line 181: Line 182:
  
 
-->
 
-->
 
 
 
  
 
===Use and criticism, strengths and weaknesses===
 
===Use and criticism, strengths and weaknesses===

Revision as of 22:27, 23 July 2021

Security related stuff.

Practical


Theory


Unsorted

This article/section is a stub — probably a pile of half-sorted notes, is not well-checked so may have incorrect bits. (Feel free to ignore, fix, or tell me)


TPM

This article/section is a stub — probably a pile of half-sorted notes, is not well-checked so may have incorrect bits. (Feel free to ignore, fix, or tell me)

What?

Trusted Platform Module, TPM, is a hardware component, and part of the Trusted Computing design.

The TPM is the hardware part of that, a module that can be plugged into PC motherboards and laptops, and may be built into laptops (fairly common in business laptops).


"Can't detect TPM device"

Means the BIOS knows that you can plug in a TPM module, and is looking for it (being told to or always does), and doesn't find one.

Either tell it not to look for one (if you can), plug one in, or ignore this message. It's often under a header named something like 'Trusted Computing'

Some BIOSes will always look for it(verify), in which case you can just ignore the message.


More acronyms

What does TPM not protect?

Use and criticism, strengths and weaknesses

This article/section is a stub — probably a pile of half-sorted notes, is not well-checked so may have incorrect bits. (Feel free to ignore, fix, or tell me)

See also

Nonce

Challenge/response

JSON Web Signature, Encryption, Tokens

This article/section is a stub — probably a pile of half-sorted notes, is not well-checked so may have incorrect bits. (Feel free to ignore, fix, or tell me)

JSON Web Signature (JWS)

Signing arbitrary data.

See also:


JSON Web Encryption (JWE)

Syntax for the exchange of encrypted data, and sending it in Base64 within JSON.

See also:


JSON Web Tokens (JWT)

JWT is aimed at sending verifiable claims, building on JWS or JWE

Signed using a shared secret, or a public/private key.

Typically used between identity provider and a service provider, in an SSO-like way.

See also:


-->