WEBVTT 00:00.000 --> 00:10.000 I think I figured out today, this is the first time I've been in the world for a long time. 00:10.000 --> 00:14.400 All right, for the next talk, we have Richard telling us everything about how we finally 00:14.400 --> 00:16.400 fixed police encryption. 00:16.400 --> 00:18.400 And welcome Richard. 00:18.400 --> 00:22.400 Thank you very much. 00:22.400 --> 00:23.400 So, teeny bit about me. 00:23.400 --> 00:28.760 I'm a distribution architect as soon as I've been doing this open sort of stuff for way too long. 00:28.760 --> 00:32.760 I think I figured out today, this is my 13th first time, the other 12th went fine. 00:32.760 --> 00:35.760 So, I guess this is all my everything's going to go wrong. 00:35.760 --> 00:40.760 And yeah, I've been working at Suse of the 10 years and I created this distribution 00:40.760 --> 00:44.760 called M, which I will talk a little bit about. 00:44.760 --> 00:51.760 And then show how we've done for this encryption with all of the system detour chain on top of that. 00:51.760 --> 00:55.760 And then talk about some of the rough edges we have left. 00:55.760 --> 01:00.760 And then the whole plan was to have a nice Q&A open-for discussion with the handheld microphone, 01:00.760 --> 01:02.760 which of course we haven't got in this room. 01:02.760 --> 01:09.760 So, I'm just going to try and figure out a way of making that work with me copying everyone's questions for the recording. 01:09.760 --> 01:13.760 So, Aeon, I have a talk about this in the digital room and stuff to mean. 01:13.760 --> 01:18.760 But basically, it's not sure it's another one of these immutable desktop concepts. 01:18.760 --> 01:23.760 Being reliable, predictable, immutable bit like microS from the server side of things. 01:23.760 --> 01:28.760 But also being really opinionated, because this is my desktop and my daily driver. 01:28.760 --> 01:34.760 So, not only very Chromebook-like experience, image-based installation, 01:34.760 --> 01:40.760 keeping it pretty minimal for everybody else, but functional, you know, all the printing and gaming development stuff 01:40.760 --> 01:42.760 should just work out of the box. 01:42.760 --> 01:47.760 This was freshly installed last week and the presentation's working without me doing anything on it. 01:47.760 --> 01:49.760 So, that's all good. 01:49.760 --> 01:54.760 And really, we don't want people having to mess around with lots of funky configuration 01:54.760 --> 01:56.760 to get the whole thing to work. 01:56.760 --> 01:59.760 And that includes also for description. 01:59.760 --> 02:07.760 So, last year July, we did release candidate 3, which was the one where we put FTE in there, 02:07.760 --> 02:09.760 and it's enabled by default. 02:09.760 --> 02:10.760 In fact, you can't turn it off. 02:10.760 --> 02:14.760 If you're installing Aeon, you are getting full description if you like it or not. 02:14.760 --> 02:17.760 By default, if your hardware supports it, 02:17.760 --> 02:20.760 it's TPM backed and automatically unlocking. 02:20.760 --> 02:26.760 And if your hardware doesn't, we have this concept of a fallback mode where you've got to put a passphrase in. 02:26.760 --> 02:32.760 And, yeah, you know, you're unlocking it sort of old fashioned lots of way every time it boots up. 02:32.760 --> 02:35.760 It's deployed calling it bare with a tool called tick. 02:35.760 --> 02:40.760 Basically, a whole new installer that I wrote, because I felt like playing around with that kind of thing. 02:40.760 --> 02:45.760 Really nothing more than it's a fancy graphical wrapper around system D-report. 02:45.760 --> 02:47.760 If system D-report is actually doing all the hard work, 02:47.760 --> 02:50.760 deploying the image, setting up the partitions, 02:50.760 --> 02:53.760 configuring the encryption, doing all the luck stuff. 02:53.760 --> 02:56.760 Everything that's remotely important gets done by system D-report. 02:56.760 --> 02:59.760 And then all of the TPM measurements. 02:59.760 --> 03:05.760 And, because this is a user style distribution, all the stitching with BTRFS subvolumes, 03:05.760 --> 03:08.760 is done by a tool we have called SDPU-U2. 03:08.760 --> 03:18.760 So, when you are deploying A on with tick, first or, in fact, any distribution of the tick, 03:18.760 --> 03:21.760 but A on is the one you're using it right now. 03:21.760 --> 03:26.760 We probably system to figure out, does it have policy authorised NV, 03:26.760 --> 03:30.760 because that's what you need to do to get it working with PCI lock. 03:30.760 --> 03:34.760 Then also checks for secure bit. 03:34.760 --> 03:40.760 And then figure out what the heck is it going to do with those two different full description modes here. 03:40.760 --> 03:45.760 Are you going to get a nice decent validated supplied boot chain, 03:45.760 --> 03:48.760 where it's actually only going to unlock if your boot chain is good, 03:48.760 --> 03:51.760 or are you just going to be shopping in a password? 03:51.760 --> 03:55.760 So, if you have a good enough beta hardware with policy author and VNGTPM, 03:55.760 --> 04:00.760 you get default mode, pretty much any other case, you get full back mode, 04:00.760 --> 04:03.760 and if you're on a machine that doesn't have good enough hardware, 04:03.760 --> 04:07.760 and you've turned off secure boot, you get full back mode with a grumpy warning, 04:07.760 --> 04:11.760 because, you know, okay, secure boot isn't great, but it's better than nothing. 04:11.760 --> 04:17.760 So, on at least people have people some concept of having some check over their boot chain 04:17.760 --> 04:19.760 when they're starting up their system. 04:19.760 --> 04:26.760 But typically speaking on a default mode, you know, I don't care with A on if secure boot is on or off. 04:26.760 --> 04:31.760 I just care whatever you've picked stays the same because I'm measuring PCR7. 04:34.760 --> 04:39.760 Like I said, tick avoid doing as much complicated work as it can itself. 04:39.760 --> 04:42.760 So, because of these two different modes, you know, 04:42.760 --> 04:47.760 because I'm doing TPM backed and traditional full description of the path raises, 04:47.760 --> 04:52.760 it means I can't use system DV parts, instant TPM pairing. 04:52.760 --> 04:57.760 So, system DV parts using a key file, so I have tick generate the key file, 04:57.760 --> 05:04.760 and then basically I just take an image, read the system DV part config from that image, 05:04.760 --> 05:07.760 and slap it on the disk, if you chose, it's part of the install. 05:07.760 --> 05:10.760 Simple, easy works. 05:10.760 --> 05:18.760 The typical system DV part config we're using is also incredibly simple, easy straightforward. 05:18.760 --> 05:22.760 Like, I'm not the large EFI partition on purpose, 05:22.760 --> 05:26.760 because I'm kind of expecting to move to UKI's one day. 05:26.760 --> 05:31.760 So, I'd rather make every of my coven, one of the reasons I'm talking about this later, 05:31.760 --> 05:35.760 like we're on RC3 as I kept on changing how big everybody's positions were. 05:35.760 --> 05:37.760 Like, this way, I'm not going to have to deal that again. 05:37.760 --> 05:40.760 I think I'm probably fine with four gig for a while, 05:40.760 --> 05:43.760 and then everything else, I just take over the entire disk, 05:43.760 --> 05:51.760 copying the blocks from the image, and encrypting that with the key file. 05:51.760 --> 05:57.760 And then, after the image is deployed, there's a little bit of stitching to be done. 05:57.760 --> 06:00.760 Of course, the image is being built in OBS. 06:00.760 --> 06:03.760 I have had some experimental ones built with MKOSI. 06:03.760 --> 06:07.760 The cover one is actually using kiwi, just because I know kiwi better. 06:07.760 --> 06:10.760 I'm going to go back to the MKOSI one soon. 06:10.760 --> 06:16.760 But either way, it's a generic image and, of course, your system isn't a generic system. 06:16.760 --> 06:18.760 So, there's a bit of stitching required, you know, 06:18.760 --> 06:23.760 correcting the FS tab to actually include the UIDs of the partition that's just deployed, 06:23.760 --> 06:26.760 correcting the command line, 06:26.760 --> 06:32.760 yeah, populated the crypto tab, that kind of stuff, 06:32.760 --> 06:38.760 and then using FD but U2 to actually put system D but in the ESP, 06:38.760 --> 06:41.760 and the Cardinals in the ID, because we're not using UKI. 06:41.760 --> 06:47.760 So, it's just putting all of that stuff in there, separated. 06:47.760 --> 06:50.760 Then, in default mode, there's a couple of extra steps, 06:50.760 --> 06:53.760 because we're doing all this TPM pairing. 06:53.760 --> 06:57.760 So, we can figure out PCR policy, which I'll talk about a bit more later, 06:57.760 --> 07:02.760 and then update those predictions for the system, and enroll it into the TPM. 07:02.760 --> 07:08.760 So, system D, SDP, U2, just reads that config, 07:08.760 --> 07:12.760 and figures out the entries for every PCR I'm interested in, 07:12.760 --> 07:18.760 and then system D cooked and roll, nicely simply pairs it all up, 07:18.760 --> 07:21.760 and away we go. 07:21.760 --> 07:25.760 And in full back mode, of course, none of that TPM stuff needed, 07:25.760 --> 07:31.760 you just have to use it for a passphrase. 07:31.760 --> 07:35.760 I decided, when I was doing this, for a TPM environment, 07:35.760 --> 07:38.760 if you're TPM break, so you'll be a measurements don't match up, 07:38.760 --> 07:42.760 you need to have a recovery key to get into the system unlock it manually, 07:42.760 --> 07:46.760 and for feedback mode as well, I also kind of figured, 07:46.760 --> 07:49.760 you know, users can be silly sometimes and forget their own passwords, 07:49.760 --> 07:53.760 so generating a recovery key for everybody in every case all the time, 07:53.760 --> 07:57.760 and then presenting it to them with a nice long string, 07:57.760 --> 08:00.760 and a nice QR code that you can store on your phone or whatever, 08:00.760 --> 08:04.760 to remember what's going on. 08:04.760 --> 08:07.760 And then last, but definitely not least, 08:07.760 --> 08:10.760 wiping that key further used for the, yeah, 08:10.760 --> 08:14.760 to get the whole thing running, so the only keys that are enrolled in the end, 08:14.760 --> 08:21.760 are your passphrase, all the recovery key, or the TPM. 08:21.760 --> 08:24.760 And that's been how every single Ion user, 08:24.760 --> 08:28.760 including myself, has been running their laptops since July, 08:28.760 --> 08:31.760 and to be honest, it's been mostly painless. 08:31.760 --> 08:35.760 It's just working, SD but you two are doing a wonderful job of every time 08:35.760 --> 08:39.760 there's a system update updating all of the predictions. 08:39.760 --> 08:43.760 Of course, we also have automatic rollbacks and failure detection, 08:43.760 --> 08:45.760 and of course, system DB, you choose a way of that too, 08:45.760 --> 08:48.760 so it'll even update the predictions when you roll back from user space, 08:48.760 --> 08:51.760 which is really nice. 08:51.760 --> 08:55.760 As I talk about in a bit, we did mess around with the PCR policy a bit, 08:55.760 --> 08:58.760 so I did have to make it a little tool to go and check everybody's machine 08:58.760 --> 09:00.760 to fix which PCR's are being checked, 09:00.760 --> 09:05.760 but besides that, it's mostly just working. 09:05.760 --> 09:09.760 But not 100% perfect. 09:09.760 --> 09:14.760 So the first thing we had issues with is this lovely recovery key. 09:14.760 --> 09:18.760 I don't know if this is just an SD but usual thing, 09:18.760 --> 09:21.760 or also if it's system decrypt enroll, 09:21.760 --> 09:26.760 but there's a whole bunch of effort taken to only use characters 09:26.760 --> 09:29.760 which are all in the same location on everybody's keyboard, 09:29.760 --> 09:30.760 which is awesome. 09:30.760 --> 09:32.760 So, you know, German keyboard, I've got a German keyboard here, 09:32.760 --> 09:34.760 but I type in English. 09:34.760 --> 09:36.760 It's great, these French whatever, 09:36.760 --> 09:39.760 the character set is ridiculously constrained, 09:39.760 --> 09:41.760 so it's just the keys that don't move around 09:41.760 --> 09:43.760 or all these different keyboard layouts. 09:43.760 --> 09:44.760 Brilliant work. 09:44.760 --> 09:46.760 Those make the string a little bit longer, 09:46.760 --> 09:48.760 because you still want to have some entropy. 09:48.760 --> 09:49.760 That's fine. 09:50.760 --> 09:52.760 But we're using dashes to separate it, 09:52.760 --> 09:56.760 and that's the one key that moves on every single keyboard layout. 09:58.760 --> 09:59.760 Again? 09:59.760 --> 10:01.760 They have no value, they do nothing. 10:07.760 --> 10:09.760 When I drop the dashes, 10:09.760 --> 10:10.760 it fails for me. 10:10.760 --> 10:11.760 I'm doing something wrong. 10:11.760 --> 10:15.760 Well, you have to use this as a new tool to do this 10:15.760 --> 10:18.760 because they will drop the dashes for you. 10:18.760 --> 10:19.760 Okay. 10:19.760 --> 10:20.760 I've been with dashes a loop. 10:20.760 --> 10:21.760 Consider that a password. 10:21.760 --> 10:22.760 Yeah. 10:22.760 --> 10:23.760 Okay. 10:23.760 --> 10:24.760 Yeah. 10:24.760 --> 10:26.760 You can type it in upper case and lower case and drop it that. 10:26.760 --> 10:27.760 So, that's awesome. 10:27.760 --> 10:28.760 Yeah. 10:28.760 --> 10:30.760 My own implementation is the problem, 10:30.760 --> 10:31.760 which is perfect. 10:31.760 --> 10:32.760 Thank you very much. 10:32.760 --> 10:33.760 Yes. 10:38.760 --> 10:41.760 Well, I was going to just use spaces or something. 10:41.760 --> 10:42.760 Yeah. 10:42.760 --> 10:45.760 The question is why don't I just use point or something. 10:45.760 --> 10:47.760 I could just use spaces. 10:47.760 --> 10:50.760 I could also just do what system these doing with the tool. 10:50.760 --> 10:51.760 So. 10:51.760 --> 10:52.760 Yeah. 10:54.760 --> 10:55.760 I know. 10:55.760 --> 10:56.760 It's a little thing. 10:56.760 --> 11:00.760 But it's the one that my users hit like so many times. 11:00.760 --> 11:02.760 It's like, if this is the biggest problem, 11:02.760 --> 11:04.760 we have really FTE is really doing well. 11:04.760 --> 11:06.760 But this is the biggest problem we have. 11:08.760 --> 11:09.760 Yeah. 11:17.760 --> 11:18.760 Okay. 11:18.760 --> 11:21.760 What the question is, why can't you just have your native keyboard layout running? 11:21.760 --> 11:23.760 I'm, you know, we're very early in the group process here. 11:23.760 --> 11:25.760 You know, like, you haven't unlocked, you haven't unlocked your disk yet. 11:25.760 --> 11:36.760 So, you've got only got what you've got in your air, your ESP. 11:36.760 --> 11:37.760 Yeah. 11:37.760 --> 11:40.760 But when you type your key, you've generated your key. 11:40.760 --> 11:43.760 So, you've stored that key in whatever keyboard layout you've done. 11:43.760 --> 11:45.760 So, that's all fine. 11:45.760 --> 11:48.760 In this case, this has been randomly generated by us. 11:48.760 --> 11:53.760 So, if there's a mismatch, then, yeah. 11:53.760 --> 11:56.760 One thing I would really, really like is multi-factor authentication. 11:56.760 --> 12:00.760 But, you know, the only option we have for that right now is TPM and PIN. 12:00.760 --> 12:02.760 And TPM and PIN is scary. 12:02.760 --> 12:06.760 Not for anything that we control and software because we don't control that. 12:06.760 --> 12:09.760 That's really what the manufacturers do. 12:09.760 --> 12:13.760 And the other problem we have had with this has been how different manufacturers 12:13.760 --> 12:16.760 with different firmware do things somewhat subtly differently. 12:16.760 --> 12:21.760 And, you know, certainly I have someone's machine that the TPM just doesn't want to respond anymore. 12:21.760 --> 12:23.760 And they do things never unlocks. 12:23.760 --> 12:25.760 So, yeah. 12:25.760 --> 12:29.760 The kind of open question is, are we really stuck with just, you know. 12:29.760 --> 12:34.760 I know exactly what we need to do for the PIN file or stuff, which is what the Chromebooks do. 12:34.760 --> 12:36.760 It's just somebody's simple like that. 12:36.760 --> 12:39.760 So, what do the Chromebooks do? 12:39.760 --> 12:45.760 They do it really nicely because the TPM basically asks the challenge to the file. 12:45.760 --> 12:49.760 The thing, the file does a regular file or stuff like what it always does. 12:49.760 --> 12:50.760 Yeah. 12:50.760 --> 12:53.760 And then the TPM gets the signature back, right? 12:53.760 --> 12:54.760 Yeah. 12:54.760 --> 12:56.760 And then it will release the encryption key to the... 12:56.760 --> 13:00.760 And that would all be in addition to all the other PCR checks that have done. 13:00.760 --> 13:04.760 So, the comment was basically doing what the Chromebooks do. 13:04.760 --> 13:08.760 So, having the TPM challenge and the photo key separately, 13:08.760 --> 13:11.760 and then unlocking the only one both part. 13:11.760 --> 13:12.760 Yeah. 13:12.760 --> 13:13.760 Yeah. 13:13.760 --> 13:14.760 Yeah. 13:14.760 --> 13:15.760 That's fine. 13:15.760 --> 13:16.760 That's good. 13:16.760 --> 13:17.760 I'd like that. 13:17.760 --> 13:18.760 And maybe I'll find time to do it. 13:18.760 --> 13:20.760 But maybe not. 13:20.760 --> 13:22.760 And so, yes. 13:22.760 --> 13:24.760 There are PCR policy. 13:24.760 --> 13:28.760 We started initially following what opens using microRFs was doing, 13:28.760 --> 13:32.760 which is PCR 04579. 13:32.760 --> 13:34.760 Well, I think I might have added. 13:34.760 --> 13:37.760 It's about 44790 for sure. 13:37.760 --> 13:42.760 Which, of course, was great apart from every time somebody did a firmware update. 13:42.760 --> 13:47.760 Then PCR 0 and no longer matched because you've just changed your firmware. 13:47.760 --> 13:49.760 And of course, with Alan, it's a desktop OS. 13:49.760 --> 13:54.760 I have FFW update there with no software, and it was running all the time. 13:54.760 --> 13:58.760 You know, reading the system decrypts at a box of a good starting point, 13:58.760 --> 14:02.760 you know, it's recommended there to not measure PCR 0 for this kind of reason. 14:02.760 --> 14:10.760 But I do always ask myself, you know, is this enough? 14:10.760 --> 14:14.760 And of course, I wrote this like three weeks ago, and now there's a nice blog post. 14:14.760 --> 14:17.760 It's telling me definitely probably not enough. 14:17.760 --> 14:21.760 You know, there is cases like potentially. 14:21.760 --> 14:26.760 You know, with a really strong way, basically the kind of potential bypass here is, you know, 14:26.760 --> 14:30.760 some very fancy person could theoretically inject a different operating system, 14:30.760 --> 14:33.760 kind of in front of your one. 14:33.760 --> 14:37.760 So, you know, potentially you could end up booting into a different environment, 14:37.760 --> 14:43.760 and you were expecting, but that environment still gets the keys unlocked, so we can still read your disk. 14:43.760 --> 14:48.760 Where is the recommendation there is to, yeah, measure PCR 15. 14:48.760 --> 14:53.760 System D has all this wonderful tooling for measuring lots of file system information, 14:53.760 --> 14:57.760 and UUIDs and recovery keys and all that stuff. 14:57.760 --> 15:00.760 And none of all that stuff only works if I'm using System D, 15:00.760 --> 15:02.760 to stop with UKIs. 15:02.760 --> 15:06.760 Is that really the one true way for, sort of, am I? 15:06.760 --> 15:09.760 Why not go on with UKIs? 15:09.760 --> 15:11.760 Yes, fine. 15:11.760 --> 15:15.760 Well, the reason we haven't used UKIs up to now with A-on is, of course, 15:15.760 --> 15:21.760 we're using BTRFS with a Susan-style fancy snapshotting and rollback. 15:21.760 --> 15:25.760 So, every update to the system creates a new BTR snapshot, 15:25.760 --> 15:31.760 the main magic with SD boot UTIL is basically creating boot entries in System D boot. 15:31.760 --> 15:35.760 So, when your system no longer boots, you can pick a different boot entry to go to... 15:35.760 --> 15:39.760 The reason to say no to UKIs, that's the reason why you want Type 1 and just, right? 15:39.760 --> 15:45.760 So, my suggestion would always, like, you can use a Type 1 SD boot, like a BLS entry, 15:45.760 --> 15:48.760 point it through UKIs, so you're basically... 15:48.760 --> 15:53.760 Yep, so the answer was, you know, you could just have a Type 1 entry put it through UKIs, 15:53.760 --> 15:58.760 but that UKIs has a command line that, you know, is signed to check, et cetera, 15:58.760 --> 16:03.760 and with our snapshots, you know, we are typically changing the snapshot by changing that command line 16:03.760 --> 16:05.760 to point to the different snapshot number, which... 16:05.760 --> 16:06.760 Yeah. 16:06.760 --> 16:07.760 Yeah. 16:07.760 --> 16:09.760 What about UTIL? 16:09.760 --> 16:10.760 What's it? 16:10.760 --> 16:11.760 I can't do this. 16:11.760 --> 16:12.760 Yeah. 16:12.760 --> 16:13.760 We've got UTKI profiles. 16:13.760 --> 16:14.760 Yeah. 16:14.760 --> 16:15.760 Yeah. 16:15.760 --> 16:19.760 I actually, I actually have an idea that I came up with while writing these slides, 16:19.760 --> 16:23.760 which would basically just be creating a directory structure, you know, 16:23.760 --> 16:28.760 on my system for each UKI version that I know the system's deployed. 16:28.760 --> 16:34.760 So, you know, UKI version 1 points to this snapshot, and that's contained in the OS, 16:34.760 --> 16:39.760 therefore when it boots find, and that means in user space I can do all the fancy rollbacks to whatever 16:39.760 --> 16:45.760 snapshot I want, and a boot time I just have a list of UKIs, which would be simple and easy. 16:45.760 --> 16:51.760 And actually, probably more sensible for our users, because most of the time when you're using that boot menu, 16:51.760 --> 16:54.760 you're only trying to recover because your kernel's messed up. 16:54.760 --> 16:59.760 So, booting to a slightly older snapshot with the same kernel is actually the worst thing. 16:59.760 --> 17:00.760 Yeah. 17:00.760 --> 17:03.760 Are you considering the potential to use snapshots? 17:03.760 --> 17:08.760 Because you can still then, against the rollback of the VM, you're creating them locally. 17:08.760 --> 17:09.760 I had... 17:09.760 --> 17:11.760 I had the connection in the USB, and we used that. 17:11.760 --> 17:13.760 So, I had no idea we could do that. 17:13.760 --> 17:14.760 That's a cool idea. 17:14.760 --> 17:17.760 The suggestion is like, why don't we use good entrances? 17:17.760 --> 17:19.760 Yeah, that's an awesome idea. 17:19.760 --> 17:20.760 I'll look into that. 17:20.760 --> 17:23.760 I mean, this is the use case for... 17:23.760 --> 17:25.760 Is this a credentials, right? 17:25.760 --> 17:28.760 Like that you've put them locked to the TVM next to the kernel. 17:28.760 --> 17:32.760 Now, in your cases, it's not going to work one to one, because you only want one kernel, 17:32.760 --> 17:35.760 but it's 500 boot menu entries after all. 17:35.760 --> 17:36.760 Yep. 17:36.760 --> 17:37.760 So, we would probably... 17:37.760 --> 17:38.760 There's a... 17:38.760 --> 17:42.760 There's an issue open already about something like this, where you... 17:43.760 --> 17:45.760 Well, no, you actually can use the global grid. 17:45.760 --> 17:48.760 And to, like, we have a directory for global credentials, you can just stuff your... 17:48.760 --> 17:50.760 No, you need the other way around. 17:50.760 --> 17:51.760 Anyway, but... 17:51.760 --> 17:52.760 Yeah, especially... 17:52.760 --> 17:53.760 Yes, the discussion is going on. 17:53.760 --> 17:55.760 We're precisely about your problem. 17:55.760 --> 17:56.760 You get a issue. 17:56.760 --> 17:57.760 Yeah. 17:57.760 --> 18:02.760 It's really easy that you take a BLS1 thing that points to the UKI. 18:02.760 --> 18:08.760 But then, also, we teach BLS101 to point to a credentials file, right? 18:08.760 --> 18:11.760 So, and then, for every boot part of our press, 18:11.760 --> 18:14.760 not sure that you have, you generate one credentials. 18:14.760 --> 18:15.760 Yeah. 18:15.760 --> 18:16.760 You have a dedicated information. 18:16.760 --> 18:20.760 And then, one BLS1 entry that goes together with the UKI. 18:20.760 --> 18:21.760 Yep. 18:21.760 --> 18:24.760 That itself is not often indicated, but that's not a problem. 18:24.760 --> 18:25.760 That's... Yeah. 18:25.760 --> 18:27.760 So, yeah, that's what that answer is. 18:27.760 --> 18:28.760 Sort it then. 18:28.760 --> 18:29.760 So... 18:29.760 --> 18:31.760 I'm expecting a patch about the new. 18:31.760 --> 18:33.760 Yes, you can definitely get a patch from it. 18:33.760 --> 18:35.760 I would definitely be looking at that. 18:35.760 --> 18:36.760 That seems to... 18:36.760 --> 18:39.760 So, that's actually my topics. 18:39.760 --> 18:42.760 So, does anybody have any questions or any more feedback? 18:42.760 --> 18:44.760 Although, I think we covered the burning topics already? 18:44.760 --> 18:45.760 Yes. 18:45.760 --> 18:47.760 So, I want to mention... 18:47.760 --> 18:50.760 Go away from always mentioning, like the non-TPM thing, 18:50.760 --> 18:52.760 as the fallback for that, for any sort of desktop systems, 18:52.760 --> 18:53.760 isn't it? 18:53.760 --> 18:56.760 Doesn't it make more sense for the PIDOS stuff to be the primary thing? 18:56.760 --> 18:58.760 And then the TPM be the add-on to that? 18:58.760 --> 19:02.760 Instead of making the focusing so much on the TPM, 19:02.760 --> 19:04.760 then, like, this fall face or whatever, we're in the fall. 19:04.760 --> 19:08.760 So, yeah, the suggestion is, like, why do the TPM is the default, 19:08.760 --> 19:12.760 and not the passphrases is the fallback? 19:12.760 --> 19:16.760 My logic with that is really, in the case of A on, 19:16.760 --> 19:19.760 you know, being partly because I'm lazy. 19:19.760 --> 19:21.760 You know, I just want my laptop to boot. 19:21.760 --> 19:23.760 I don't want to actually enter a passphrase. 19:23.760 --> 19:27.760 You know, ideally, I want to know that I'm booting, you know, 19:27.760 --> 19:29.760 the boot chain that I should be. 19:29.760 --> 19:33.760 So, I'm using FTE with TPM to really give me that verification 19:33.760 --> 19:34.760 that my system is good. 19:34.760 --> 19:39.760 And, yeah, I'm not interested in having a passphrase 19:39.760 --> 19:40.760 to unlock my machine. 19:40.760 --> 19:43.760 So, that's, you know, that's the mindset there. 19:43.760 --> 19:48.760 Yeah, I think it's, of course, a nice thing with all of this, 19:48.760 --> 19:52.760 because of stuff like the command line being validated, 19:52.760 --> 19:54.760 you know, then I know no one's going in and changing, 19:54.760 --> 19:57.760 you know, boot to bin batch and doing silly stuff like that. 19:57.760 --> 20:01.760 So, my Linux actual login passphrase is suddenly 20:01.760 --> 20:03.760 actually meaningful. 20:03.760 --> 20:05.760 So, I rely on that to do my data. 20:05.760 --> 20:08.760 So, that's, that's the mindset switch that I've done with that 20:08.760 --> 20:10.760 and that's kind of way to reflect it with that. 20:10.760 --> 20:12.760 I get, like, through the traditional way, 20:12.760 --> 20:14.760 is thinking the other way around. 20:14.760 --> 20:20.760 But, like, then if I do, then I lose all of my checking of my entire boot chain. 20:20.760 --> 20:23.760 Like, that's, that's what I want this for. 20:23.760 --> 20:25.760 Like, yeah. 20:25.760 --> 20:27.760 Yeah, so, that's the logic. 20:27.760 --> 20:28.760 Yes. 20:29.760 --> 20:34.760 If someone still, if someone stills your laptop, 20:34.760 --> 20:37.760 I'm relying on your, your Linux authentication 20:37.760 --> 20:40.760 to actually work and not be easily bypass, 20:40.760 --> 20:43.760 because you can't easily bypass it, because you can't go 20:43.760 --> 20:45.760 and do stuff like changing the same thing. 20:45.760 --> 20:47.760 So, yeah, totally different approach. 20:47.760 --> 20:48.760 I get it. 20:48.760 --> 20:51.760 I know that freaks some people out, but I'm happy with that. 20:51.760 --> 20:53.760 But with that caveat of, like, you, yeah, 20:53.760 --> 20:56.760 the command line checking really has to be good. 20:57.760 --> 20:59.760 Yeah. 20:59.760 --> 21:02.760 Any more questions? 21:02.760 --> 21:04.760 Five more minutes. 21:04.760 --> 21:07.760 Yeah, go, five more minutes. 21:07.760 --> 21:09.760 Yes. 21:09.760 --> 21:22.760 So, the suggestion is, yeah, using the camera on boot to read the QR code 21:22.760 --> 21:25.760 from your phone for the recovery key. 21:25.760 --> 21:27.760 I mean, I like that idea. 21:27.760 --> 21:30.760 I don't think I'm going to get away with putting a camera driver 21:30.760 --> 21:33.760 into a system D-boot, maybe. 21:33.760 --> 21:36.760 Yeah. 21:36.760 --> 21:38.760 Yeah. 21:38.760 --> 21:39.760 Yeah. 21:39.760 --> 21:43.760 Like, that's, that's a lot of, like, how do you show that to the user 21:43.760 --> 21:45.760 so they know where to hold the phone? 21:45.760 --> 21:47.760 Like, so then you need, then you need to, like, 21:47.760 --> 21:50.760 wail in the system D-boot. 21:50.760 --> 21:52.760 Yeah. 21:52.760 --> 21:53.760 Cool, cool. 21:53.760 --> 21:54.760 Doable. 21:54.760 --> 21:55.760 Yeah. 21:55.760 --> 21:56.760 Yeah. 21:56.760 --> 21:58.760 You think with the duty of the icon packages, then we just have to pull in 21:58.760 --> 22:00.760 the right packages from there, then we'll see. 22:00.760 --> 22:01.760 And then we'll be blown. 22:01.760 --> 22:02.760 Yeah. 22:02.760 --> 22:05.760 Because I like this, like, the other, this, the person who got the cursor in the 22:05.760 --> 22:10.760 there, means, for example, it is taking, having the user to 22:10.760 --> 22:13.760 need, how do you talk to your user, to be, you know, 22:13.760 --> 22:17.760 show me, so we, because I was talking to the, 22:17.760 --> 22:19.760 the idea is that we need to put the rules of something. 22:19.760 --> 22:20.760 That's what we need to be. 22:21.760 --> 22:23.760 And we're heading to camera. 22:23.760 --> 22:24.760 It's just more efficient. 22:24.760 --> 22:26.760 I think it's just coming. 22:35.760 --> 22:36.760 Let's go. 22:36.760 --> 22:37.760 Let's go. 22:37.760 --> 22:38.760 Yeah. 22:38.760 --> 22:40.760 It's a little exalogy. 22:40.760 --> 22:41.760 Have the camera check it your face. 22:41.760 --> 22:42.760 Yeah. 22:42.760 --> 22:43.760 Sure. 22:43.760 --> 22:46.760 One thing I wanted to mention is that, you know, 22:46.760 --> 22:48.760 we do the pilot thing, was it did the end stuff? 22:49.760 --> 22:50.760 Mm-hmm. 22:50.760 --> 22:52.760 Some of the else we can do is, like, 22:52.760 --> 22:54.760 like a TOTC thing against the TBM. 22:54.760 --> 22:55.760 Yeah. 22:55.760 --> 22:58.760 So, and that, that wouldn't make the case so much shorter. 22:58.760 --> 22:59.760 Yeah. 22:59.760 --> 23:00.760 Yeah. 23:00.760 --> 23:03.760 That would be the regular TOTB, that everybody has. 23:03.760 --> 23:04.760 Yeah. 23:04.760 --> 23:06.760 Somewhere on my tip, do was, more so than, 23:06.760 --> 23:09.760 fight over to support with TBM, at the same time, 23:09.760 --> 23:11.760 as to just TOTOTB. 23:11.760 --> 23:13.760 TOTB with that, that would, that would be, 23:13.760 --> 23:14.760 yeah. 23:14.760 --> 23:15.760 I mean, when it comes to multi-factor, 23:15.760 --> 23:17.760 I'd like to have more options than just relying on the TPM. 23:17.760 --> 23:18.760 Yeah. 23:18.760 --> 23:21.760 This isn't using as a really nice thing that our, 23:21.760 --> 23:23.760 uh, cell phone operating system should be nice, absolutely. 23:23.760 --> 23:24.760 Yeah. 23:24.760 --> 23:25.760 Yeah. 23:25.760 --> 23:27.760 By a while, the PCR, we're, like, the QR code that we currently show, 23:27.760 --> 23:29.760 um, that's a fucking text rate. 23:29.760 --> 23:30.760 Yeah. 23:30.760 --> 23:31.760 Yeah. 23:31.760 --> 23:32.760 Yeah. 23:32.760 --> 23:33.760 Yeah. 23:33.760 --> 23:34.760 It's not great. 23:34.760 --> 23:36.760 But it's better than nothing, and, yeah. 23:36.760 --> 23:37.760 Yeah. 23:37.760 --> 23:44.760 Do you support having multiple factors in combination? 23:44.760 --> 23:47.760 So five of key plus something? 23:47.760 --> 23:48.760 No. 23:48.760 --> 23:49.760 That's kind of what we're talking about. 23:49.760 --> 23:50.760 Like, I'd, yeah. 23:50.760 --> 23:51.760 Yeah. 23:51.760 --> 23:52.760 Yeah. 23:52.760 --> 23:53.760 That's interesting. 23:53.760 --> 23:54.760 There always comes up. 23:54.760 --> 23:56.760 People want to use, like, as I said, that's, like, the, 23:56.760 --> 23:57.760 some is secret charity. 23:57.760 --> 24:00.760 Um, I think that's, uh, there would be income model, actually, 24:00.760 --> 24:02.760 then, not the five or two plus TBMs, 24:02.760 --> 24:04.760 that, that's the, that's the problem that people are doing, 24:04.760 --> 24:07.760 because, um, you know, if you use as a success, 24:07.760 --> 24:09.760 and then combine this in user space, the keys, 24:09.760 --> 24:12.760 um, that you get from the digital hardware, 24:12.760 --> 24:15.760 and, um, there's all done in, in user space, right, like, um, 24:15.760 --> 24:17.760 and there's no way to do it in the TBM. 24:17.760 --> 24:18.760 Because I don't think you can. 24:18.760 --> 24:19.760 No. 24:19.760 --> 24:20.760 And that's, yeah. 24:20.760 --> 24:21.760 Yeah. 24:21.760 --> 24:25.760 So, uh, yeah, the next best thing is, like, 24:25.760 --> 24:28.760 it's much nicer than if, for the five or two TBMs stuff, 24:28.760 --> 24:30.760 um, there is no, yeah, all the calculations that 24:30.760 --> 24:32.760 are done in the TBMs, and it's by the device, 24:32.760 --> 24:34.760 and, uh, only when everything checks out, 24:34.760 --> 24:37.760 the TBM will release the volume P to you, 24:37.760 --> 24:39.760 and that's a really nice model. 24:40.760 --> 24:44.760 One last comment, as soon as the timer just might be ours, 24:44.760 --> 24:47.760 you can clear the eyes and the campaign. 24:47.760 --> 24:48.760 Yeah. 24:48.760 --> 24:51.760 You'll be able to do the device for the end and sign them, 24:51.760 --> 24:55.760 only the way the PCR stuff sign as well. 24:55.760 --> 24:58.760 That's, that's, that's, as of last week. 24:58.760 --> 25:00.760 So that's, that's, that's, that's my, yeah, 25:00.760 --> 25:01.760 on the back there for the network. 25:01.760 --> 25:02.760 Perfect. 25:02.760 --> 25:03.760 So, yeah. 25:03.760 --> 25:06.760 So, so, even if I do, I'm stuck on doing you guys, 25:06.760 --> 25:07.760 it's going to be easy. 25:07.760 --> 25:10.760 That's, awesome news. Thank you. 25:10.760 --> 25:11.760 Great. 25:11.760 --> 25:12.760 Okay. 25:12.760 --> 25:14.760 Uh, yes, I think we're all the time, so let's thank Richard.