this post was submitted on 25 Jun 2026
51 points (98.1% liked)
Linux
14168 readers
367 users here now
A community for everything relating to the GNU/Linux operating system (except the memes!)
Also, check out:
Original icon base courtesy of lewing@isc.tamu.edu and The GIMP
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Yes using TPM protected TSS2 keys would tie them to your actual machine since only that TPM can internally decrypt them and use them without then being accessible outside. The TPM could be a discrete chip or a software/virtual one.
For instance OpenSSL has an engine/provider for tpm2-tss however I think the software using the keys needs to be engine-aware.