[ltp] TCPA on Thinkpads

[Pam Huntley]

>> The software that comes with it is essentially an
>> encryption/decryption stack, so you can do things like encrypt
>> portions of your hard drive.
>
>Sounds interesting. Will the Linux driver also work on my "old" A30?

Yes, if your A30 includes a TCPA chip, the GPL'd Linux driver will allow
you to access the chip.  The chip is the same for the T23s on up.
However, I don't think it's an after-the-fact add-on, as it is a
daughtercard on the motherboard.

One thing to note is that I believe that the chip itself does not actually
do much encryption/decryption - most of the algorithms are in the software
stack, which is actually not part of the driver.  My understanding is that
the chip mostly does generation of private keys, and has a hardware random
number generator, and that the actual encryption/decryption algorithms are
in the accompanying software.   Of course, I didn't design the thing, or
write the software to go with it, so I could be wrong, but that's what it
seems to me after asking around.

The GPL'd driver available for Linux is just that - a hardware driver.  It
doesn't have an implementation of the encryption/decryption algorithms.
However, there are open source projects that implement the
encryption/decryption algorithms, and one of them even talks about how to
encrypt a file system.

Here's one I thought was neat, and could probably be used in conjunction
with the TCPA:
http://www.kerneli.org/howto/index.php
They talk about the Linux CryptoAPI, and how to use the loopback device to
encrypt your hardfile.  It would have to be modified to work with TCPA
(generating and storing the keys), but it probably wouldn't take much.

/me goes off to play with crypto....  :-)

Pam