WEBVTT 00:00.000 --> 00:09.320 Yes, hello, my name is Martin Lindere, I'll be talking a little bit about hardware back 00:09.320 --> 00:15.400 SSH keys today, so we'll be taking a bit to look at how TPMs work, how SSH agent works 00:15.400 --> 00:19.960 and my sort of hacks around those things. 00:19.960 --> 00:24.800 My name is Martin Lindere and I said, my nickname is FoxPROM, I've been doing open-source software 00:24.800 --> 00:30.280 development for almost a decade now, we're little over, and then after all per since 2016 00:30.280 --> 00:35.480 and I'm also part of the board of HAKERIUM, which is also HAKERSpace. 00:35.480 --> 00:40.240 When I don't do open-source stuff in my free time, I work at Norwegian State Broadcaster, 00:40.240 --> 00:43.760 mostly doing sort of infrastructure DevOps stocks. 00:43.760 --> 00:48.680 My main interest is usable security tooling, so I've also been writing a bunch of 00:48.840 --> 00:54.840 security tooling as the CTL and some other TPM things. 00:54.840 --> 01:01.560 So why do we care about hardware back to keys, why are these things important to us? 01:01.560 --> 01:04.760 So the main thing we care about is key compromises. 01:04.760 --> 01:11.040 The reason for that is that if RKs or our tokens are leaked, somebody else can impersonate 01:11.040 --> 01:16.640 us, get access to our servers or something else, and this is not limited to SH keys, 01:16.640 --> 01:21.040 it's going to happen to access tokens, cookies, anything that's on your hard drive, that 01:21.040 --> 01:23.040 you're not protected. 01:23.040 --> 01:29.720 And the way to demonstrate this actual problem, there's a board group page, reach last 01:29.720 --> 01:34.320 year, where somebody got access to an SH key and managed to hack some servers based off 01:34.320 --> 01:38.520 from private access to some CI systems. 01:38.520 --> 01:43.720 You also had GitHub.com, there are say host keys leaked, which meant that you can impersonate 01:43.800 --> 01:48.720 the github.com SH server, because that's how we trust them. 01:48.720 --> 01:56.200 And sort of how do we usually go about protecting our keys or SH keys? 01:56.200 --> 02:01.520 Well, we could be using ubiquies, which are cool need devices that probably a bunch of us 02:01.520 --> 02:08.080 have, but my main issue with them is that you're expensive, a bunch of people, you need 02:08.080 --> 02:15.080 to, that's only 100 euros, people think that's a lot of money for sort of hardware tokens. 02:15.080 --> 02:20.320 So clearly we sort of can do better, like we have something in our machines that everybody 02:20.320 --> 02:26.520 can use today to protect the keys, and they're called trusted platform modules. 02:26.520 --> 02:33.200 So these things have sort of been widely distributed and used in machines for the past decade. 02:33.200 --> 02:37.600 They are secure crypto processors, so they do key generation, they do sort of signing 02:37.600 --> 02:43.600 at station, they come into variants, at the screen TPM, which is sort of a separate hardware 02:43.600 --> 02:49.200 device on the motherboards, and then you have the firmware TPM, sort of FTPMs, which are implemented 02:49.200 --> 02:53.000 as part of their CPU or your CPU secure the processor. 02:53.000 --> 02:59.600 Intel has not SGX, but Intel and me, I think it's implemented, and we have the AMD trust 02:59.600 --> 03:03.000 some stuff that implemented TPM as well. 03:04.000 --> 03:08.400 TPMs give you a couple of features, you get platform integrity, which I'll show quickly, 03:08.400 --> 03:13.000 and they also have hierarchies and keys, and you also get some at the station features 03:13.000 --> 03:18.000 to make sure that you're talking with an authentic device, or you're able to sort of differentiate 03:18.000 --> 03:20.000 between separate hardware devices. 03:20.000 --> 03:27.000 The platform integrity comes most in the form of PC outlet registers, and each of these registers 03:27.000 --> 03:33.000 has just one part of your operating system during boot, during runtime, and you can sort 03:33.000 --> 03:37.000 of make keys and stuff, only open if these has just matches. 03:37.000 --> 03:42.000 If you're curious about these numbers, and what do mean the API group has sort of a list 03:42.000 --> 03:47.000 of all of the different registers, and what they hash during boot chain. 03:47.000 --> 03:50.000 You can also do keys and key generation. 03:50.000 --> 03:56.000 TPMs are sort of not that powerful devices, so we need the way to sort of make keys 03:56.000 --> 03:59.000 out actually like storing them on the TPMs. 03:59.000 --> 04:05.000 So what we have is three different hierarchies seeds in the TPM, which runs through a key derivation 04:05.000 --> 04:10.000 function, and these allows us to make sort of a bunch of keys on a low-powered device 04:10.000 --> 04:13.000 without really having to store them anywhere. 04:13.000 --> 04:19.000 The hierarchies are as follows, you have no key, which is the session key, that's unique 04:19.000 --> 04:20.000 per boot. 04:20.000 --> 04:25.000 You add owner key, which is the owner hierarchy, which is unique for the device owner. 04:25.000 --> 04:29.000 So anything you make under owner hierarchy, you reset it when the device can be 04:29.000 --> 04:34.000 the owner, and all of the keys below that hierarchy is well used as. 04:34.000 --> 04:39.000 You also have the endorsement hierarchy, which is for the lifetime device, which allows it 04:39.000 --> 04:44.000 in the click chain, back to the device, back to some manufacturer, and you can make a 04:44.000 --> 04:47.000 search on that. 04:47.000 --> 04:52.000 So the shell keys are keys that we can make on TPM, we can then take them out of the TPM 04:52.000 --> 04:58.000 to prevent it from storing them, and then they're securely packaged, and can only be 04:58.000 --> 05:01.000 decrypted by the TPM itself. 05:01.000 --> 05:07.000 The way this works with the TPM to token, is how to create some, this is the endorsement hierarchy, 05:07.000 --> 05:14.000 we make a context, we create a new key, below this primary context, we load the key, 05:14.000 --> 05:21.000 we can make some message, and then we can sign this message with our key, 05:21.000 --> 05:26.000 and then we can verify this signature, that's sort of the basic things about it. 05:26.000 --> 05:33.000 We also have TPM policies, which can restrict our usage with some with different TPM values 05:33.000 --> 05:34.000 and system state. 05:34.000 --> 05:39.000 This is now sort of being implemented in system D, called PCR Rock. 05:39.000 --> 05:45.000 So yeah, TPM's store devices, not a little bit of a limited cryptography, 05:45.000 --> 05:50.000 and that's the main thing, not quantum resistant yet, which is a little bit of an issue, 05:50.000 --> 05:54.000 and they're not really that much of friendly tooling on built around them. 05:54.000 --> 05:58.000 There are some not natively supported by OpenSSH. 05:58.000 --> 06:02.000 So how do we make them supported by the state? 06:02.000 --> 06:06.000 We do this through the SSH agent interface. 06:06.000 --> 06:12.000 So the agent interface can hold a private keys for SSH, it has sort of a fairly simple, unique socket, 06:12.000 --> 06:19.000 API you can use, it catches passwords, and you can offload key operations to the agent. 06:19.000 --> 06:22.000 The way this works is that we make an SSH agent. 06:22.000 --> 06:28.000 We add some ED251MN key, and we can list the key. 06:28.000 --> 06:33.000 Further when we want to use this key, if we actually specify the public key instead of the private key, 06:33.000 --> 06:39.000 in the configuration and the SSH command-line interface, 06:39.000 --> 06:47.000 the SSH will actually go and fetch the key across to SSH agent instead of doing the key operations itself. 06:47.000 --> 06:51.000 And you can also use that SSH around. 06:51.000 --> 06:59.000 So this is agent.com, is implemented fairly well by Go library under CryptoSH agent. 06:59.000 --> 07:05.000 It's part of the extended OpenSource library, Stang library for Go, 07:05.000 --> 07:12.000 and sort of does all the things we need, it does key signatures, key listing, and can interact with all of these things. 07:12.000 --> 07:18.000 So I start hacking on SSH TPM agent, one half years ago. 07:18.000 --> 07:23.000 It's an agent that does TPM keys for the simple. 07:23.000 --> 07:28.000 So yeah, it's supposed to teach key generation of RSA 248, 07:28.000 --> 07:33.000 and then list mainly P256 and P358 keys. 07:33.000 --> 07:37.000 You can also do things that are important existing OpenSource H keys, 07:37.000 --> 07:43.000 dealing them to TPM, and this is using the Google Gold Library called Go TPM, 07:43.000 --> 07:57.000 which is a native implementation, it doesn't rely on the existing C libraries for the TPM. 07:57.000 --> 08:03.000 So the way the agent works is that we specify some socket location, 08:04.000 --> 08:06.000 then we start the agent. 08:06.000 --> 08:11.000 We can then do the normal SSH TPM key, Kegan Tendration, 08:11.000 --> 08:16.000 because mirroring the existing usability of SSH is practical. 08:16.000 --> 08:20.000 If you want to help people use it, instead of reinventing something new. 08:20.000 --> 08:24.000 And then we can then add the key to our agent. 08:24.000 --> 08:28.000 We then export the SSH audit socket to our agent, 08:28.000 --> 08:31.000 then we just list it as usual. 08:31.000 --> 08:34.000 So it just interacts with SSH as you would expect. 08:34.000 --> 08:40.000 We can also make an SSH key by default from normal OpenSource H, 08:40.000 --> 08:44.000 and then you can use the dash dash import one to sort of take existing key 08:44.000 --> 08:50.000 and see it to our TPM, which allows our machine to be on the one that unlocks the blob. 08:50.000 --> 08:56.000 So, right. 08:56.000 --> 09:05.000 So, the way this works is that we can run the SSH TPM agent. 09:05.000 --> 09:14.000 We then do a key Kegan of some EDD cell key. 09:14.000 --> 09:19.000 We don't give a password because we don't care that much about it. 09:19.000 --> 09:23.000 And then we have a new key, which is here. 09:23.000 --> 09:26.000 So, this is sort of a secure blob. 09:26.000 --> 09:28.000 You can't really do anything with it. 09:28.000 --> 09:34.000 And then we can sign and then we need to load it into our agent. 09:34.000 --> 09:38.000 And then the SSH command line in the face is going to detect that key. 09:38.000 --> 09:42.000 And then if we sign it, 09:43.000 --> 09:48.000 that's why it's signed. 09:48.000 --> 09:52.000 We can write a signature with the normal SSH key again, that's why. 09:52.000 --> 09:55.000 And it's going to use the TPM backed key instead. 09:55.000 --> 10:00.000 And then if you do it a no check validate thing, 10:00.000 --> 10:05.000 it's going to say it's a good signature. 10:05.000 --> 10:09.000 You can also, so the key generation here is sort of gives you key as unique. 10:09.000 --> 10:13.000 But you can also make keys from that different hierarchies. 10:13.000 --> 10:18.000 So, here we can reload the assigning key from only hierarchy. 10:18.000 --> 10:21.000 And then when we call back on the SSH, 10:21.000 --> 10:24.000 we get the hard code on the hierarchy keys. 10:24.000 --> 10:30.000 The cool thing here is that this is a unique per device in this case. 10:30.000 --> 10:33.000 So, if even if you do a complete reinstall, under the same command, 10:33.000 --> 10:38.000 you'll get those keys back. 10:38.000 --> 10:41.000 Yes, and this is actually called for like host keys, 10:41.000 --> 10:43.000 because when you come extract them from the device, 10:43.000 --> 10:46.000 you come like take them away, use manual device, 10:46.000 --> 10:48.000 and then make people impersonate. 10:48.000 --> 10:53.000 You have to have live access to the device and sort of some of around things. 10:53.000 --> 10:55.000 We're going to also do remote key wrapping. 10:55.000 --> 11:00.000 So, imagine you are some company that has SSH keys, 11:00.000 --> 11:02.000 and you want to provision them to your client machines. 11:02.000 --> 11:05.000 On the client, we can make, and that's okay, 11:05.000 --> 11:08.000 which is one of the hierarchy keys. 11:08.000 --> 11:11.000 We can then, on the remote side, 11:11.000 --> 11:15.000 we can make us a self-on-new key, an ECDSH key. 11:15.000 --> 11:19.000 We can then wrap this key from our client machines 11:19.000 --> 11:22.000 with the key we just generated. 11:22.000 --> 11:24.000 On the client, we can import that key, 11:24.000 --> 11:28.000 and this only that client that can actually use that key. 11:28.000 --> 11:33.000 And that's useful if you want to do remote provisioning. 11:34.000 --> 11:37.000 Yes, it also has host keys worked. 11:37.000 --> 11:42.000 So, here we do the dash A, which does the normal SSH host key, 11:42.000 --> 11:44.000 key generation that you expect. 11:44.000 --> 11:48.000 I then have a shortcut to install some system D service files, 11:48.000 --> 11:53.000 and then make in them do SSH-D configuration file. 11:53.000 --> 11:56.000 If we then start to socket, 11:56.000 --> 11:58.000 and then restart SSH-D, 11:58.000 --> 12:02.000 we then have a small binary that lists out the keys we need, 12:02.000 --> 12:05.000 or curious about, and if we do a key scan, 12:05.000 --> 12:09.000 we have the key delivered from the SSH client. 12:09.000 --> 12:13.000 And this is useful because then you come to an export key, 12:13.000 --> 12:17.000 or you come to an impersonation of the device itself. 12:17.000 --> 12:20.000 Yes. 12:20.000 --> 12:27.000 We also have some other sort of cool features, 12:27.000 --> 12:30.000 so we have, yes. 12:30.000 --> 12:33.000 So, MC presented the utility key, 12:33.000 --> 12:35.000 which I have a unit of here. 12:35.000 --> 12:39.000 So, let's imagine we have a utility key here, 12:39.000 --> 12:42.000 and then we start another SD agent. 12:42.000 --> 12:44.000 So, one of the sort of the main things is 12:44.000 --> 12:47.000 if you have multiple different agents with different keys, 12:47.000 --> 12:49.000 you need to sort of juggle around socket files. 12:49.000 --> 12:52.000 So, I have a proxy support in the agent, 12:52.000 --> 12:57.000 so we can give RTPM agent access to the utility key, 12:57.000 --> 13:02.000 and socket, and then we need to dash L. 13:02.000 --> 13:06.000 It's going to load up to the utility key, 13:06.000 --> 13:09.000 and then, 13:09.000 --> 13:11.000 new, 13:11.000 --> 13:15.000 exciting. 13:15.000 --> 13:17.000 No. 13:27.000 --> 13:31.000 Rolling center app. 13:31.000 --> 13:32.000 Slow. 13:32.000 --> 13:33.000 Ah, there we go. 13:33.000 --> 13:35.000 And then we have the T key, 13:35.000 --> 13:39.000 and if we do now model key, 13:39.000 --> 13:42.000 and we add it to the agent we have, 13:42.000 --> 13:46.000 you're now going to see that both shows you the TPM agent key, 13:46.000 --> 13:48.000 and the utility key itself, 13:48.000 --> 13:50.000 and you can sort of use this one socket, 13:50.000 --> 13:53.000 an agent sort of a proxy to different agents, 13:53.000 --> 13:56.000 instead of sort of juggling sockets. 13:57.000 --> 13:58.000 Well, 13:58.000 --> 14:02.000 all of this is made possible with sort of the TPM 2.0 keys key file, 14:02.000 --> 14:03.000 key file spec, 14:03.000 --> 14:05.000 it's written by James Potomly, 14:05.000 --> 14:07.000 currently not standardized, 14:07.000 --> 14:09.000 but it's sort of an ASN1 specification 14:09.000 --> 14:12.000 for how to sort of deal with TPM keys. 14:12.000 --> 14:14.000 So, I did a bunch of work on this, 14:14.000 --> 14:15.000 or a bunch of work, 14:15.000 --> 14:17.000 that I implemented this in though, 14:17.000 --> 14:20.000 and it has several support cases, 14:20.000 --> 14:21.000 so the linear steering supports it, 14:21.000 --> 14:23.000 and the OpenSalt TPM project supports it, 14:23.000 --> 14:27.000 and it's basically an ASN1 format for TPM keys. 14:27.000 --> 14:29.000 It's supports loadable, 14:29.000 --> 14:31.000 importable, seal keys, 14:31.000 --> 14:35.000 and you can sort of do different things with TPM keys. 14:35.000 --> 14:37.000 So, I wrote library for that, 14:37.000 --> 14:39.000 so you can use it in your go stuff, 14:39.000 --> 14:40.000 if you do go, 14:40.000 --> 14:42.000 and then it interacts with OpenSalt, 14:42.000 --> 14:45.000 so you can do the TPM 2 provided from OpenSalt, 14:45.000 --> 14:48.000 do some key that you want to create, 14:48.000 --> 14:51.000 and then TPM key again is going to understand that key, 14:51.000 --> 14:54.000 which is quite useful. 14:54.000 --> 15:00.000 So, one of the interesting parts stories isn't secure. 15:00.000 --> 15:03.000 So, let's see, 15:03.000 --> 15:05.000 I had problems with the internet today, 15:05.000 --> 15:07.000 so we'll see if this actually works. 15:07.000 --> 15:12.000 So, this is my gift up account. 15:12.000 --> 15:18.000 I'm going to prove to, 15:18.000 --> 15:21.000 if I have, again, there's no agents. 15:21.000 --> 15:24.000 So, I'm going to set into my gift up accounts, 15:24.000 --> 15:26.000 and I should deny that, 15:26.000 --> 15:28.000 permission to deny it, awesome. 15:28.000 --> 15:31.000 So, don't create a new TPM key. 15:31.000 --> 15:34.000 What's a secure password? 15:34.000 --> 15:38.000 One, two, three, four. 15:38.000 --> 15:40.000 And we do this again. 15:40.000 --> 15:41.000 One, two, three, four. 15:41.000 --> 15:42.000 Awesome. 15:42.000 --> 15:43.000 We have now made a key. 15:43.000 --> 15:47.000 So, we're going to do the TPM key. 15:48.000 --> 15:51.000 We're going to do a new key. 15:55.000 --> 15:59.000 And this is the part where I should have found my... 16:07.000 --> 16:11.000 I should have put it in my pocket, but I didn't. 16:12.000 --> 16:14.000 Ooh. 16:14.000 --> 16:17.000 This is a cure. I promise you. 16:27.000 --> 16:29.000 Use a cure key. 16:29.000 --> 16:31.000 Push the key. 16:31.000 --> 16:33.000 There, it's added. 16:33.000 --> 16:36.000 So, now we do TPM add of the TPM key. 16:36.000 --> 16:39.000 We SSH to get.com. 16:40.000 --> 16:41.000 Oops. 16:41.000 --> 16:43.000 And you work? 16:43.000 --> 16:45.000 One, two, three, four. 16:45.000 --> 16:46.000 It works. 16:46.000 --> 16:48.000 We have access to my gift up account. 16:48.000 --> 16:51.000 And if anybody's curious, 16:51.000 --> 16:53.000 that's the key. 16:53.000 --> 16:57.000 I'll give you three, four seconds to type it out 16:57.000 --> 16:59.000 or copy it or something. 16:59.000 --> 17:03.000 Is there? 17:03.000 --> 17:06.000 And if you're curious, I've done this before. 17:06.000 --> 17:09.000 It's a key from August 1st, 24th. 17:09.000 --> 17:11.000 Here's the QR code. 17:11.000 --> 17:12.000 That's a password. 17:12.000 --> 17:14.000 It's still there. 17:14.000 --> 17:16.000 It hasn't been accessed for half a year. 17:16.000 --> 17:18.000 And I've done this three times. 17:18.000 --> 17:21.000 So, this works. 17:21.000 --> 17:22.000 Or it works. 17:22.000 --> 17:24.000 It's approval secure in some way. 17:24.000 --> 17:25.000 Maybe. 17:27.000 --> 17:28.000 Some improvements. 17:28.000 --> 17:31.000 I would like to do some more TPM policy stuff. 17:31.000 --> 17:33.000 It's a bit, if you don't TPM policy, 17:33.000 --> 17:35.000 it's a bit finicky with how PCR locks and stuff works. 17:35.000 --> 17:38.000 So, I want to do some integration to our system DPCR lock. 17:38.000 --> 17:41.000 I want that unlock support because I want the sandbox, 17:41.000 --> 17:43.000 some of the parsing system stuff we do. 17:43.000 --> 17:46.000 That turns out it's a bit hard when you call external binaries. 17:46.000 --> 17:51.000 I was also supposed to do a 1.0.0.0 release before this talk. 17:51.000 --> 17:53.000 But I got to start playing games instead. 17:53.000 --> 17:56.000 So, that was for planning on my end. 17:56.000 --> 17:58.000 And if anybody thinks this is interesting, 17:58.000 --> 17:59.000 it has some feature requests. 17:59.000 --> 18:02.000 Feel free to give me a future request. 18:03.000 --> 18:05.000 I also don't talk at all systems ago. 18:05.000 --> 18:07.000 So, if you think TPM's are cool, 18:07.000 --> 18:09.000 but you also care about the station, 18:09.000 --> 18:12.000 or having some from certificate or authority things. 18:12.000 --> 18:15.000 I talked about that part in September. 18:15.000 --> 18:18.000 Which is basically sort of how do you provision shortly, 18:18.000 --> 18:21.000 as I say certificate, bound to the TPM. 18:25.000 --> 18:27.000 So, that was my talk. 18:27.000 --> 18:29.000 Thank you very much for having me. 18:29.000 --> 18:31.000 And probably time for some questions. 18:32.000 --> 18:33.000 Thank you. 18:39.000 --> 18:41.000 Several minutes for questions. 18:41.000 --> 18:42.000 Cool. 18:44.000 --> 18:45.000 Perfect. 18:45.000 --> 18:48.000 Can you just limit the accessibility of the Japanese somehow, 18:48.000 --> 18:51.000 to a content of set up? 18:51.000 --> 18:53.000 I really do a specific content. 18:53.000 --> 18:56.000 I am excited about that. 18:56.000 --> 18:58.000 I don't know. 18:58.000 --> 19:02.000 I think there is a TPM resource manager, 19:02.000 --> 19:06.000 which should make some of the TPMs up invisible for some processes. 19:06.000 --> 19:08.000 So, it's a hot reloads TPM state, 19:08.000 --> 19:10.000 but I'm not quite sure how that works. 19:10.000 --> 19:12.000 Some bit unsure. 19:18.000 --> 19:23.000 So, the TPM doesn't really store keys. 19:23.000 --> 19:25.000 It has three seeds. 19:25.000 --> 19:27.000 And then does hierarchy, 19:27.000 --> 19:29.000 key iteration function instead. 19:29.000 --> 19:31.000 So, you can make as many keys as you want. 19:31.000 --> 19:35.000 The actual question, though, is how many keys can you load at the same time? 19:35.000 --> 19:38.000 And when I did the whole, the hierarchy's key stuff, 19:38.000 --> 19:43.000 I loaded the RCA key and the ECD's key at the same time. 19:43.000 --> 19:45.000 Turns out the TPM doesn't really like that, 19:45.000 --> 19:48.000 because it has limited memory and starts giving me weird errors. 19:48.000 --> 19:50.000 So, I need to figure out that part out. 19:50.000 --> 19:52.000 So, we can make as many keys as you want. 19:52.000 --> 19:55.000 And the second you sort of rotate one of the seeds. 19:55.000 --> 20:00.000 Those keys are unusable by the TPM or your machine. 20:00.000 --> 20:02.000 Yes? 20:02.000 --> 20:04.000 Yeah. 20:04.000 --> 20:06.000 When you say the TPM has the limit, 20:06.000 --> 20:21.000 it's a super, super small and low power device. 20:21.000 --> 20:23.000 So, you can't really store everything. 20:23.000 --> 20:26.000 So, what you do instead is that you can just load a couple of keys. 20:26.000 --> 20:28.000 But everything you load, you can encrypt it on TPM, 20:28.000 --> 20:30.000 and then take it out and only that TPM, 20:30.000 --> 20:32.000 but the seeds can be encrypted. 20:32.000 --> 20:37.000 Yeah. 20:37.000 --> 20:41.000 And if that's some sort of, I forget how it's, 20:41.000 --> 20:44.000 but it's some AS encryption with some key iteration stuff. 20:44.000 --> 20:46.000 So, if you manage to break it, 20:46.000 --> 20:47.000 a bunch of other things to broken. 20:47.000 --> 20:50.000 But it's sort of a protection of the secret key material, 20:50.000 --> 20:55.000 which with secret stuff being derived from the hierarchy stuff. 20:55.000 --> 20:56.000 I just bit. 20:56.000 --> 20:57.000 Yeah. 20:57.000 --> 21:00.000 No, no. 21:00.000 --> 21:03.000 It's only unsealable by the TPM. 21:03.000 --> 21:07.000 But if you manage to break the cryptography that TPM used to seal it, 21:07.000 --> 21:08.000 then it's fine. 21:08.000 --> 21:11.000 Yeah. 21:11.000 --> 21:13.000 Where is it? 21:14.000 --> 21:16.000 Before you said that to you, 21:16.000 --> 21:18.000 you might confuse it. 21:18.000 --> 21:19.000 Yeah. 21:19.000 --> 21:20.000 And when the same moment, 21:20.000 --> 21:21.000 you could be the same. 21:21.000 --> 21:22.000 Yeah. 21:22.000 --> 21:25.000 So, someone stole my laptop. 21:25.000 --> 21:27.000 In theory, they can do that. 21:27.000 --> 21:29.000 So, if you do, like, sell off your laptop, 21:29.000 --> 21:32.000 you should, like, rotate TPM hierarchies seeds. 21:32.000 --> 21:34.000 And then they can, at maybe recover some of the, 21:34.000 --> 21:36.000 like, the state, the stateful keys, 21:36.000 --> 21:39.000 like the whole piece from the endorsement stuff. 21:39.000 --> 21:41.000 So, you just don't want to risk, 21:41.000 --> 21:44.000 rotate the seeds when you give away your laptop. 21:44.000 --> 21:46.000 Good recommendation. 21:51.000 --> 21:54.000 I decided to write, like, stand along by the way, 21:54.000 --> 21:57.000 instead of developing, for example, 21:57.000 --> 21:59.000 because they sell library for a TPMs, 21:59.000 --> 22:01.000 and instead of working. 22:01.000 --> 22:05.000 So, probably, TPMs 11 is a bad idea. 22:05.000 --> 22:09.000 Externally loading so names into your secure sort of process, 22:09.000 --> 22:10.000 not great. 22:10.000 --> 22:12.000 As they have just had secure dishes, 22:12.000 --> 22:13.000 because of that. 22:13.000 --> 22:15.000 So, doing an agent or a simple interface, 22:15.000 --> 22:19.000 which agent is better idea than loading external code, 22:19.000 --> 22:21.000 and then sort of using those interface functions. 22:21.000 --> 22:24.000 So, because if you want to use PKS-S11, 22:24.000 --> 22:26.000 that's a bunch of things already supporting it, 22:26.000 --> 22:27.000 but the tool chain is terrible. 22:27.000 --> 22:29.000 So, you have to do, like, 20, 22:29.000 --> 22:31.000 no 10 commands, I think, to make one key, 22:31.000 --> 22:34.000 instead of SSH TPM key again. 22:34.000 --> 22:37.000 So, it's, it's, it's a bit more usable approach. 22:37.000 --> 22:38.000 Yeah. 22:39.000 --> 22:44.000 Is your host case stuff using the owner case, or is that? 22:44.000 --> 22:45.000 You can decide. 22:45.000 --> 22:46.000 Okay. 22:46.000 --> 22:49.000 The default is that it creates something you have to load, 22:49.000 --> 22:51.000 but the hierarchy key stuff needs to be, 22:51.000 --> 22:54.000 a bit better integrated to properly work with host keys. 22:54.000 --> 22:57.000 But in theory, it's, you can, you can choose yourself. 22:57.000 --> 23:00.000 Make some keys, or do the hierarchy key instead. 23:00.000 --> 23:05.000 Yes? 23:05.000 --> 23:07.000 Can you come close to me now? 23:07.000 --> 23:10.000 I assume, uh, 23:10.000 --> 23:13.000 if I just crash the end of one row, 23:13.000 --> 23:15.000 so there is, 23:15.000 --> 23:18.000 so there is somebody in Sweden using this, 23:18.000 --> 23:20.000 extensively at work, or something, 23:20.000 --> 23:23.000 and if they do 100 signatures, 23:23.000 --> 23:26.000 one of those signatures to fail with a very weird error. 23:26.000 --> 23:27.000 I'm not quite sure why, 23:27.000 --> 23:29.000 and I haven't managed to reproduce it, 23:29.000 --> 23:31.000 even though I tried to do 1000 signatures, 23:31.000 --> 23:33.000 I can't really reproduce it up lightly. 23:33.000 --> 23:36.000 So, that might be a kernel issue, 23:36.000 --> 23:39.000 because I've seen some of the meta people having issues, 23:39.000 --> 23:41.000 some of the transient issues with the TPM, 23:41.000 --> 23:42.000 some of the kernel, 23:42.000 --> 23:44.000 but it also might be the goal I'm really doing, 23:44.000 --> 23:45.000 something we are just, 23:45.000 --> 23:48.000 but I'm having to really manage to figure out part-out. 23:54.000 --> 23:57.000 I don't think there's more questions? 23:57.000 --> 23:59.000 Yeah, I think the time is up as well. 23:59.000 --> 24:00.000 Yeah, thank you. 24:00.000 --> 24:01.000 Thank you. 24:01.000 --> 24:02.000 Thank you.