Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

6 May, 2024: The networking issue during the past two days has been identified and fixed.

devel / comp.arch / Re: Writing down TPM Keys ? Moving Harddisk to other Computer ?

SubjectAuthor
* Re: Writing down TPM Keys ? Moving Harddisk to other Computer ?Anton Ertl
`- Re: Writing down TPM Keys ? Moving Harddisk to other Computer ?EricP

1
Re: Writing down TPM Keys ? Moving Harddisk to other Computer ?

<2023Feb20.084232@mips.complang.tuwien.ac.at>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=30906&group=comp.arch#30906

  copy link   Newsgroups: comp.arch
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: ant...@mips.complang.tuwien.ac.at (Anton Ertl)
Newsgroups: comp.arch
Subject: Re: Writing down TPM Keys ? Moving Harddisk to other Computer ?
Date: Mon, 20 Feb 2023 07:42:32 GMT
Organization: Institut fuer Computersprachen, Technische Universitaet Wien
Lines: 33
Message-ID: <2023Feb20.084232@mips.complang.tuwien.ac.at>
References: <2a6247c8-b8f2-4d1b-bff7-78f00ebcc211n@googlegroups.com>
Injection-Info: reader01.eternal-september.org; posting-host="5cc5eaf8bc2f7514f2ec9415022325e7";
logging-data="747860"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/kqZVeDh8ch4+6FUV/rBwy"
Cancel-Lock: sha1:Acw5i/HexTdcIZFsXKSRHG8n2o8=
X-newsreader: xrn 10.11
 by: Anton Ertl - Mon, 20 Feb 2023 07:42 UTC

Skybuck Flying <skybuckflying@gmail.com> writes:
>With software emulation in chip/bios, where are these keys physically store=
>d ???
>
>I just had a conversation with somebody on the Phone.
>
>His daughter bought a new laptop, probably with windows 11 and encrypted dr=
>ive.
>
>I was wondering:
>
>Suppose the laptop is damaged and non-operational, theoretically the harddi=
>sk could be extracted and move into another laptop.
>
>However if the drive is encrypted, TPM keys will be necessary ?!
>
>How hard is it to write down the TPM keys on a piece of paper ?!?!
>
>How hard is it to move the TPM keys to another/new computer ?!?!

I am not an expert, but AFAIK the idea behind TPMs is that they don't
allow getting the key out.

You can set a new key, but if the drive is encrypted with the old key,
this does not help and it can hurt.

My recommendation is to perform backups regularly, not just for this
reason. And don't encrypt your backup drive with the TPM of the laptop.

- anton
--
'Anyone trying for "industrial quality" ISA should avoid undefined behavior.'
Mitch Alsup, <c17fcd89-f024-40e7-a594-88a85ac10d20o@googlegroups.com>

Re: Writing down TPM Keys ? Moving Harddisk to other Computer ?

<ZNLIL.1069897$iU59.855617@fx14.iad>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=30908&group=comp.arch#30908

  copy link   Newsgroups: comp.arch
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!feed1.usenet.blueworldhosting.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx14.iad.POSTED!not-for-mail
From: ThatWoul...@thevillage.com (EricP)
User-Agent: Thunderbird 2.0.0.24 (Windows/20100228)
MIME-Version: 1.0
Newsgroups: comp.arch
Subject: Re: Writing down TPM Keys ? Moving Harddisk to other Computer ?
References: <2a6247c8-b8f2-4d1b-bff7-78f00ebcc211n@googlegroups.com> <2023Feb20.084232@mips.complang.tuwien.ac.at>
In-Reply-To: <2023Feb20.084232@mips.complang.tuwien.ac.at>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Lines: 58
Message-ID: <ZNLIL.1069897$iU59.855617@fx14.iad>
X-Complaints-To: abuse@UsenetServer.com
NNTP-Posting-Date: Mon, 20 Feb 2023 14:51:37 UTC
Date: Mon, 20 Feb 2023 09:50:59 -0500
X-Received-Bytes: 2986
 by: EricP - Mon, 20 Feb 2023 14:50 UTC

Anton Ertl wrote:
> Skybuck Flying <skybuckflying@gmail.com> writes:
>> With software emulation in chip/bios, where are these keys physically store=
>> d ???
>>
>> I just had a conversation with somebody on the Phone.
>>
>> His daughter bought a new laptop, probably with windows 11 and encrypted dr=
>> ive.
>>
>> I was wondering:
>>
>> Suppose the laptop is damaged and non-operational, theoretically the harddi=
>> sk could be extracted and move into another laptop.
>>
>> However if the drive is encrypted, TPM keys will be necessary ?!
>>
>> How hard is it to write down the TPM keys on a piece of paper ?!?!
>>
>> How hard is it to move the TPM keys to another/new computer ?!?!
>
> I am not an expert, but AFAIK the idea behind TPMs is that they don't
> allow getting the key out.
>
> You can set a new key, but if the drive is encrypted with the old key,
> this does not help and it can hurt.
>
> My recommendation is to perform backups regularly, not just for this
> reason. And don't encrypt your backup drive with the TPM of the laptop.
>
> - anton

A bit of searching finds that Windows has a 48-digit "recovery key"
(appears to be hex) which one must save in a file or on a USB or
maybe the system admin made a copy when installing the OS.

I gather that if you don't have a recovery key you are toast.

There appears to be a DOS command line tool "manage-bde"
which amongst its features allows display/saving the key.

But there are also ten tonnes of other factors,
like which Windows license do you have (OEM, Retail, Volume),
who installed the OS, how was it set up, who administers the OS,
how different is the new system hardware from the old one, etc.
which may interact.

The general impression I came away with was that if you allow
Microsoft to encrypt your data then you should get answers to these
questions before you NEED answers, because after may be too late.
(And I don't know how one could test that such a disk transplant
would work without actually moving the disk to a different machine.
And doing such a test might trigger Microsoft license restrictions.
Which means you are just taking it on faith that it will all work
in a crunch when it needs to.)

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor