Now it hit me what I was doing wrong in TPM2 asymmetric keys.
Introducing new key types was a wrong strategy. Instead, pre-existing ECC and RSA key types should be layered i.e., you turn "TPM2 magic switch" on and kernel generates import blob etc. dance behind the curtains.
This has numerous benefits. E.g., there can be then also "TEE magic switch" depending on platform and generally speaking this is the best for users as they don't need to overturn their configuration.
#linux #kernel #tpm
#TPM
New political poll: Chris Bishop joins preferred PM ranks; Greens, TPM lose chunk of support
The Verian poll of 1007 eligible voters was taken between November 29 and December 3. It gives National…
#NewsBeep #News #Headlines #1newsverian #bishop #chris #chunk #greens #joined #joins #latest #lose #minister #national #new #NewZealand #NZ #of #pm #political #poll #preferred #prime #ranks #released #senior #support #tonight #tpm
https://www.newsbeep.com/296189/
@kevinrns @grumpy_website it’s just because of #tpm and secure boot right? Pretty sure there is a way to bypass that now.
I think it would be great if we put endorsement certificates for sysfs.
I.e. with very little code/scripting on can then provide tools and means for remote attestation server to generate challenges (e.g. during OS installation).
#linux #kernel #tpm
I.e. with very little code/scripting on can then provide tools and means for remote attestation server to generate challenges (e.g. during OS installation).
#linux #kernel #tpm
Aus den Release-Notes des neuesten (Beta-) #UEFI-Drops für mein #MSI #B550MPROVDHWIFI: "Improved security by updating #TPM #firmware for better game compatibility"
Ja, nee, is' klar, MSI... Verstehe... Oder doch nicht?! 🤦♂️ 🤷♂️ 🤣
https://www.msi.com/Motherboard/B550M-PRO-VDH-WIFI/support#bios
Due to lack of funds and a need to edit #video (#Kdenlive), I #hacked my old non-#TPM #PC to run #Win11 (boo, hiss!)
For #retro #Win16 apps, I use #OTVDM.
And (#DOScember) to run even more ancient #MSDOS progs like they are #Win64 native (and because #NTVDMx86 is sterling, but can be a faff), I use #DosBox with this #commandline:
start /min DOSBox.exe z:\EXAMPLE.EXE -exit
More #wizardry (actually mostly #DoctorWho/#SFFH) at #CRRRRS: https://roymathur.com/podcast.html
#RemembranceoftheDaleks next.
This kernel patch embeds an extension for the TPMKey specification:
https://lore.kernel.org/linux-integrity/20251205030205.140842-3-jarkko@kernel.org/
I.e. optional 'parentName' attribute. It also populates kernel's ASN.1 definition with the full spec. It's a bottleneck in the ASN.1 format.
#linux #kernel #tpm
https://lore.kernel.org/linux-integrity/20251205030205.140842-3-jarkko@kernel.org/
I.e. optional 'parentName' attribute. It also populates kernel's ASN.1 definition with the full spec. It's a bottleneck in the ASN.1 format.
#linux #kernel #tpm
Couple of new features:
1. Creates and loads both 'loadable' and 'importable' keys from external keys.
2. tpm2sh load has now --load flag to load a generated keyedhash key as a trusted key to the kernel keyring.
#linux #kernel #tpm #rustlang
1. Creates and loads both 'loadable' and 'importable' keys from external keys.
2. tpm2sh load has now --load flag to load a generated keyedhash key as a trusted key to the kernel keyring.
#linux #kernel #tpm #rustlang
"After destroying the Māori Party by putting his ego in front of the waka and pursuing a needless leadership challenge inside te Pati Māori, Tākuta Ferris is now lecturing Labour on how to win the election?"
#BomberBradbury, 2025
Still running JT's propaganda line I see Bomber, just like you did for KDC and the Internet Party. How did that one work out for us?
(1/?)
I've been fine-tuning the policy and caching engine in tpm2sh a lot and next version will allow to:
1. View policy as an expression via 'tpm2sh memory -p <handle>'
2. Create primary keys with arbitrary policies (was not just done nothing special in it).
3. Creating, viewing and maintaining policies for persistent keys.
These sort of come as "side-effect" of just cleaning up and polishing the groundwork :-)
#linux #tpm #rustlang
1. View policy as an expression via 'tpm2sh memory -p <handle>'
2. Create primary keys with arbitrary policies (was not just done nothing special in it).
3. Creating, viewing and maintaining policies for persistent keys.
These sort of come as "side-effect" of just cleaning up and polishing the groundwork :-)
#linux #tpm #rustlang
El Fin de una Era – Microsoft Explica la Muerte de Windows 10
Microsoft finalizó oficialmente el soporte para Windows 10 el 14 de octubre de 2025, después de diez años de servicio. Esta decisión se alinea con la política de ciclo de vida de la compañía, permitiendo a Microsoft concentrar todos sus esfuerzos y recursos en el desarrollo y la seguridad de su sucesor, Windows 11.
El 14 de octubre de 2025 marcó la fecha en la que Microsoft dejó de ofrecer soporte oficial a su sistema operativo Windows 10. Esto significa que el SO ya no recibirá nuevas funciones, herramientas de solución de problemas ni, lo más importante, actualizaciones de seguridad habituales.
La razón principal detrás de esta descontinuación es la política de soporte de ciclo de vida de diez años que Microsoft aplica a sus sistemas operativos. Dado que Windows 10 fue lanzado en 2015, su periodo de soporte llegó a su fin. Al cesar el soporte, la compañía puede reenfocar sus recursos de ingeniería y desarrollo exclusivamente en la mejora y seguridad de Windows 11.
Para los usuarios que continúen utilizando Windows 10 después de la fecha límite, la principal preocupación es la vulnerabilidad de seguridad. Sin parches de seguridad regulares, cualquier nueva falla o exploit de día cero descubierto en el sistema operativo permanecerá sin solución, a menos que Microsoft decida hacer una excepción (como ocurrió con Windows XP en 2024).
Microsoft está presionando a los usuarios para que actualicen a Windows 11. Sin embargo, para aquellos que no pueden o no desean migrar, la compañía ofrece las Actualizaciones de Seguridad Extendidas (ESUs), un servicio que proporciona cobertura adicional por al menos un año (hasta octubre de 2026), aunque puede ser de pago en la mayoría de los países.
El principal obstáculo para la migración a Windows 11 son sus requisitos de hardware más estrictos, destacando la necesidad de un Trusted Platform Module (TPM), un componente que a menudo solo está presente en equipos fabricados a partir de 2016. Esto obliga a algunos usuarios con equipos más antiguos a buscar workarounds o, en su defecto, a adquirir un nuevo sistema.
#actualizaciones #arielmcorg #ciberseguridad #esu #findesoporte #infosertec #microsoft #portada #tecnologia #tpm #windows10 #windows11
I made another #blogpost 😎! It's my shortest so far, WP says 8 min 🤣.
This time I'm discussing #TPM, a topic that has been talked about since #Microsoft announced the requirement for #Windows11. But it was a question someone recently asked on a @nllgg chat that prompted me to write a piece about it now. After I wrote a long answer there, I thought: why not also share this publicly?
https://cambionn.nl/tpm-isnt-the-problem/
#Boost are appreciated!
#blog #blogging #security #datasecurity #cybersecurity #infosec
Even Hipkins took a pot shot at TPM today.
"I mean, I've seen political parties have their internal disagreements, but this is next level."
"It's unclear whether there is even a Māori Party left or whether there are multiple different factions now doing their own thing..."
I'm not sure of the wisdom of attacking a potential coalition partner, but TPM are sure making a big mess.
https://www.odt.co.nz/news/national/hipkins-fires-shots-m%C4%81ori-party-winston-peters-rnz
This screenshot shows strong evidence of:
1. OpenSSL cross-compatibility.
2. tpm2-tools cross-compatibility.
3. Linux kernel compatibility (as in trusted keys and in future also asymmetric keys).
#linux #kernel #tpm #rustlang
1. OpenSSL cross-compatibility.
2. tpm2-tools cross-compatibility.
3. Linux kernel compatibility (as in trusted keys and in future also asymmetric keys).
#linux #kernel #tpm #rustlang
I'd intended today to finally bite the bullet and nuke Windows off my gaming laptop, and stick Linux on it. I also want to play with Ubuntu 25.10's tpm-backed fde in the installer (as that might be useful in $dayjob when it leaves beta). Seems like I get to kill two birds with one stone.
However there's loads of messaging online that it might not work properly with the Nvidia graphics driver (because it puts the kernel in a *snap* package, and loads drivers in as other snaps, because that's the kind of Hell on Earth humanity deserves at this point). But there's nothing definitive I can find, bug reports with unclear resoultions, forum threads from the nightly releases, but nothing I can say for sure is accurate.
So we're going to find out. Windows is backed up, Questing Quokka ISO is on my trusty ventoy stick, join me in this thread as I lose my sanity testing the abomination Canonical have put forth....
1/Probably far too many...
#ZorinOS is a #Linux #distro for #windows and less technically aware users in mind. After the #endofwindows10 #windows10 its a great alternative for weaker perfectly good hardware left behind after the #windows11 #TPM requirement, with its new release of zorinOS is a great choice for new linux users.
#article #blogpost #opensource #software
https://nathanalvaradosite.wordpress.com/2025/11/20/zorin-os-18-for-windows-10-for-11-pcs-test/
In tpm2sh 0.15.14 TPMKey ASN.1 policy engine starts to be actually stable. I've committed into not expanding features up until key and cache management are polished and it starts to deliver results :-)
#linux #tpm #rustlang
#linux #tpm #rustlang
the next piece sliced from tpm2sh: https://crates.io/crates/tpm2-vtpm
Still in very early phases. Now my micro ecosystem has:
1. tpm2-protocol
2. tpm2-crypto (software crypto for doing TPM2 related operations like generating encrypted seeds).
3. tpm2-policy-language
4. tpm2-tpmkey
5. tpm2-vtpm
I think what I get right vs. TSS2 etc. that I'm not building a "big SDK" but instead of common sense re-usable components not enforcing architecture or policy.
#linux #rustlang #tpm
Still in very early phases. Now my micro ecosystem has:
1. tpm2-protocol
2. tpm2-crypto (software crypto for doing TPM2 related operations like generating encrypted seeds).
3. tpm2-policy-language
4. tpm2-tpmkey
5. tpm2-vtpm
I think what I get right vs. TSS2 etc. that I'm not building a "big SDK" but instead of common sense re-usable components not enforcing architecture or policy.
#linux #rustlang #tpm
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst