Comment by AzzyHN
I believe with software-based encryption (LUKS and the like), the decryption key ends up being stored in RAM, which will always present a risk.
And TPM-based solutions don't have this problem. Could be wrong though.
I believe with software-based encryption (LUKS and the like), the decryption key ends up being stored in RAM, which will always present a risk.
And TPM-based solutions don't have this problem. Could be wrong though.
I think most TPM based solutions still use software encryption. Most TPMs don't have the bandwidth to actually decrypt all disk data as it is read. (I think Apple devices do actually do something like this, but I don't think it is common.)
I believe when using TPM with LUKS the TPM just decrypts the master key and that is handed back to the OS and used in software. So the primary key does end up in RAM.