Yes but the TPM can only generate its own RSA key. You can't take an existing pr... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		zelly on Feb 7, 2020 \| parent \| context \| favorite \| on: ThinkPad T480 is my new main laptop which runs Fre... Yes but the TPM can only generate its own RSA key. You can't take an existing private key and store it in the TPM.

Thorrez on Feb 8, 2020 [–]

That's generally what you want. If the private key only ever existed in the TPM then you know there aren't any copies in an attacker's hands somewhere (ignoring hardware vulnerabilities). But if you copy a key into the TPM, there could have been malware that stole a copy of the key beforehand.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact