Marius Schwarz wrote:
"Figure out intersection with current work to use the TPM to
allow
booting to GDM without entering the password."
Means, if someone steals the device, he can boot a system.
And conversely, if you move the hard disk to another computer, you can no
longer read it. And if your motherboard breaks down, instant data loss.
In addition, I do not trust the TPM or any other Treacherous Computing
component.
If you want to rely on a hardware key, it should at least be on a removable
USB token (a keyfile on a plain mass-storage USB stick is enough!), not
hard-wired into the computer like the TPM.
Kevin Kofler