Friday, February 16, 2018

Boston Linux Meeting Wednesday, February 21, 2018 - Secure Keystores with TPM 2.0

When: February 21, 2018 7:00PM (6:30PM for Q&A)
Topic: Secure Keystores with TPM 2.0
Moderators: James Bottomley , Distinguished Engineer , IBM Research
Location: MIT Building E-51, Room 145
** Note room change


Using TPM 2.0 As a Secure Keystore on your Laptop


For decades, all laptops have come with a TPM. Now with Microsoft
forcing the transition to the next generation, Linux faces a challenge
in that all the previous TPM 1.2 tools don't work with 2.0. Having to
create new tools for TPM 2.0 also provides the opportunity to integrate
the TPM more closely into our current crypto systems and thus give Linux
the advantage of TPM resident and therefore secure private keys. This
talks will provide the current state of play in using TPM 2.0 in place
of crypto sticks and USB keys for secure key handling; including the
algorithm agility of TPM 2.0 which finally provides a support for
Elliptic Curve keys which have become the default recently.

This talk will provide an overview of current TSS (Trusted computing
group Software Stack) for TPM 2.0 implementation on Linux, including a
discussion of the two distinct Intel and IBM stacks with their relative
strengths and weaknesses. We will then move on to integration of the TSS
into existing crypto system implementations that allow using TPM
resident keys to be used with common tools like openssl, gnutls, gpg,
openssh and gnome-keyring. We will report on the current state of that
integration including demonstrations of how it works and future plans.
The ultimate goal is to enable the seamless use of TPM resident keys in
all places where encrypted private keys are currently used, thus
increasing greatly the security posture of a standard Linux desktop.


James Bottomley is a Distinguished Engineer at IBM Research where he
works on Cloud and Container technology. He is also Linux Kernel
maintainer of the SCSI subsystem. He has been a Director on the Board of
the Linux Foundation and Chair of its Technical Advisory Board. He went
to university at Cambridge for both his undergraduate and doctoral
degrees after which he joined AT&T Bell labs to work on Distributed Lock
Manager technology for clustering. In 2000 he helped found SteelEye
Technology, a High availability company for Linux and Windows, becoming
Vice President and CTO. He joined Novell in 2008 as a Distinguished
Engineer at Novell's SUSE Labs, Parallels (later Odin) in 2011 as CTO of
Server Virtualization and IBM Research in 2016.

For further information and directions please consult the BLU Web site

MIT lots require permits after hours.
All Cambridge parking meters use Passport by Phone:
This is active on all Cambridge metered parking spaces. Meters are free
after 8PM

For further information and directions please consult the BLU Web site

Jerry Feldman <>
Boston Linux and Unix
PGP key id:3BC1EB90
PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66 C0AF 7CEA 30FC 3BC1 EB90

Announce mailing list