Hardware Reference
In-Depth Information
You can only enter the code once. If you try it again, the program will extend PCR9 again
using the now incorrect PCR state as input into the next. Now, let's seal our GPG secret
key ring:
tpm_sealdata -p 9 -i secring.gpg -o secring.gpg.tpm -z -l
debug
You can remove
-l debug
if you wish and the command will silently complete. Let's
test decryption:
tpm_unsealdata -i secring.gpg.tpm -o deleteme -z
It should silently complete on success. You can now delete the temporary file
deleteme
and the original
secring.gpg
. You did make an encrypted backup, right? You'll prob-
ably want to delete the file in a more secure fashion. The secure remove tool
srm
does
just that and overwrites the file numerous times before deleting. To install use the follow-
ing command:
sudo apt-get install secure-delete
Then use just as you would
rm
.
Note
Bunnie Huang and Sean Cross (also known as
xobs
) presented a talk at the
30th Chaos
Communication Congress
(
30C3
) on hacking SD cards. Your SD or eMMC includes a
small microcontroller that manages the attached flash memory. This microcontroller is
perfectly situated to act as a Man-in-the-Middle attacker and manipulate the data you store
on the device. For example, the microcontroller could keep a backup copy of your data
since it would report to your computer a storage capacity of 8GB, but actually it contains
a 16 GB flash chip. More information can be found on Bunnie's blog at
ht-
