Open jlebon opened 2 years ago
krzee
commented
2 years ago it could be useful to add info about clevis luks bind -d dev sss i didnt realize that was what i needed for adding multiple tang servers (sss as opposed to tang) until i saw https://github.com/latchset/clevis/issues/179 Docs and videos showed using sss to encrypt a file, but nothing showed to use sss to clevis luks bind including the clevis-luks-bind man page
sarroutbi
commented
1 year ago Hello @krzee, @jlebon, thank you very much for your suggestions.
IMHO, the information in README.md file is enough to clarify the usage of each of the pins.
Regarding sss: "Clevis provides a way to mix pins together to provide sophisticated unlocking policies." This clarifies how sss is the way to go for combining different pins. Apart from that, an example is provided with multiple "http" pins, but obviously, this is not exclusive for http, and using more than one similar pin (tang, for example), is possible.
Anyway, PR with proposed changes is welcome in case further clarifications need to be done
akostadinov
commented
1 year ago it is important to understand the fact that an attacker that has access to both the encrypted data and the local TPM2 chip will be able to decrypt the data.
@sarroutbi , the question is whether particular PCRs can ensure an attacker can't extract the key.
This comes from user feedback downstream in Fedora CoreOS. The TPM2 manpage includes a section about its threat model, but this is a little too nested. It also doesn't go deep enough into use cases.
Can we have a new section in the top-level README with more details about when to use TPM2 vs Tang vs combined via SSS with e.g. common scenarios/user stories. Having it in the README would also make it easier to link to it from elsewhere.