ThinOS-based thin client supports disk encryption and decryption through Trusted Platform Module (TPM) version 2.0.
Measured boot—SHA1 (Secure Hash Algorithm 1) is used to produce a hash value for ThinOS image, and
extend the integrity measurement into Platform Configuration Registers (PCR) inside TPM—TPM_PCR16. This is used to generate disk encryption or decryption
key.
Disk encryption/decryption key
Disk C with user data and Disk B with system libraries are encrypted.
Prestored KeyStub and TPM_PCR16 are used to generate disk encryption and decryption
keys through TPM. The actual implementation is based on TPM-unseal
operation.
If the key is modified, the key fails to verify the specific disk
partition. The disk partition is formatted to make the partition
valid.
After the disk partition is formatted, some user configurations, such as display settings, user certificates, wireless settings—except
the first SSID, as it is saved in NVRAM—cookie, and mirror file server
data, are lost.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\