submitted 4 days ago by lemmyuser@programming.dev to c/linux@programming.dev

14 comments fedilink hide all child comments

I wrote a dead simple file canary tool that will install an eBPF program that drops all outgoing packets if a canary is touched. I wrote this in response to the current trend of supply chain attacks that try to harvest credentials

you are viewing a single comment's thread
view the rest of the comments

[-] Flyswat@lemmy.dbzer0.com 1 points 3 days ago

Yes using TPM protected TSS2 keys would tie them to your actual machine since only that TPM can internally decrypt them and use them without then being accessible outside. The TPM could be a discrete chip or a software/virtual one.

For instance OpenSSL has an engine/provider for tpm2-tss however I think the software using the keys needs to be engine-aware.

this post was submitted on 25 Jun 2026

56 points (98.3% liked)

Linux

14131 readers

403 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 3 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev