You type in a passphrase, that gets turned into an encrypted key, that gets passed to the TPM to be decrypted with a TPM-bound key, you get the actual key back. You can't perform the second chunk of this without the actual TPM being involved, so while you can perform the first chunk in parallel you're still then rate-limited by the speed of the TPM.
Power management, mobile and firmware developer on Linux. Security developer at nvidia. Ex-biologist. Content here should not be interpreted as the opinion of my employer. Also on Mastodon and Bluesky.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Re: systemd-cryptenroll
Date: 2023-04-18 07:40 am (UTC)