[Discuss] Boston Linux Meeting Wednesday, February 21, 2018 - Secure Keystores with TPM 2.0

Eric Chadbourne sillystring at protonmail.com
Sat Feb 17 12:15:54 EST 2018


This looks fascinating.

- Eric

On Fri, Feb 16, 2018 at 3:08 PM, Jerry Feldman <gaf at blu.org> wrote:

> When: February 21, 2018 7:00PM (6:30PM for Q&A) Topic: Secure Keystores with TPM 2.0 Moderators: James Bottomley , Distinguished Engineer , IBM Research Location: MIT Building E-51, Room 145 ** Note room change Summary: Using TPM 2.0 As a Secure Keystore on your Laptop Abstract: For decades, all laptops have come with a TPM. Now with Microsoft forcing the transition to the next generation, Linux faces a challenge in that all the previous TPM 1.2 tools don't work with 2.0. Having to create new tools for TPM 2.0 also provides the opportunity to integrate the TPM more closely into our current crypto systems and thus give Linux the advantage of TPM resident and therefore secure private keys. This talks will provide the current state of play in using TPM 2.0 in place of crypto sticks and USB keys for secure key handling; including the algorithm agility of TPM 2.0 which finally provides a support for Elliptic Curve keys which have become the default recently. This talk will provide an overview of current TSS (Trusted computing group Software Stack) for TPM 2.0 implementation on Linux, including a discussion of the two distinct Intel and IBM stacks with their relative strengths and weaknesses. We will then move on to integration of the TSS into existing crypto system implementations that allow using TPM resident keys to be used with common tools like openssl, gnutls, gpg, openssh and gnome-keyring. We will report on the current state of that integration including demonstrations of how it works and future plans. The ultimate goal is to enable the seamless use of TPM resident keys in all places where encrypted private keys are currently used, thus increasing greatly the security posture of a standard Linux desktop. Bio James Bottomley is a Distinguished Engineer at IBM Research where he works on Cloud and Container technology. He is also Linux Kernel maintainer of the SCSI subsystem. He has been a Director on the Board of the Linux Foundation and Chair of its Technical Advisory Board. He went to university at Cambridge for both his undergraduate and doctoral degrees after which he joined AT&T Bell labs to work on Distributed Lock Manager technology for clustering. In 2000 he helped found SteelEye Technology, a High availability company for Linux and Windows, becoming Vice President and CTO. He joined Novell in 2008 as a Distinguished Engineer at Novell's SUSE Labs, Parallels (later Odin) in 2011 as CTO of Server Virtualization and IBM Research in 2016. For further information and directions please consult the BLU Web site http://www.blu.org Parking: MIT lots require permits after hours. All Cambridge parking meters use Passport by Phone: https://www.cambridgema.gov/traffic/Parking/paybyphone This is active on all Cambridge metered parking spaces. Meters are free after 8PM For further information and directions please consult the BLU Web site http://www.blu.org -- Jerry Feldman  Boston Linux and Unix PGP key id:3BC1EB90 PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66 C0AF 7CEA 30FC 3BC1 EB90 _______________________________________________ Announce mailing list Announce at blu.org http://lists.blu.org/mailman/listinfo/announce _______________________________________________ Discuss mailing list Discuss at blu.org http://lists.blu.org/mailman/listinfo/discuss @blu.org>


More information about the Discuss mailing list