ni.com is currently experiencing issues.

Support teams are actively working on the resolution.

Test System Security

cancel
Showing results for 
Search instead for 
Did you mean: 

Can I run Bitlocker with a TPM 2.0 Chip Real-Time?

I want to Bitlocker a cRIO's hard drive using the onboard TPM 2.0 chip provided in a PXIe.  I need this device to collect information and run as real-time target using the WES OS provided.  Which application does Windows Embedded Standard (WES) Operating System (OS) use for running real-time targets?  Can this be done to where when the controller is deployed, the real-time target receives information within the WES OS?

 

I see that Labview cRIO offers the WES and Ni LinuxRT embedded OS'.  I am confused as to whether the LinuxRT only runs real-time and the WES only runs as run-time or can the WES run as Real-time with bitlocker and provided TPM?

 

Can someone please explain to me better? 

 

Thank you! 🙂

0 Kudos
Message 1 of 7
(316 Views)

Based on my research, Linux is capable of utilizing the TPM 2.0 technology with LUKS partitions.  Can this be done with the NI Linux Real-Time (RT) OS, if placed on a TPM 2.0 PXIe board?  If so, how do we do that to ensure better security?

 

References:

 

1.  "Unlock Linux Unified Key Setup (LUKS) encrypted partitions with TPM 2.0", https://4sysops.com/archives/unlock-linux-unified-key-setup-luks-encrypted-partitions-with-tpm-20/#r... 

2.  Dislocker Fuse, https://github.com/Aorimn/dislocker/blob/master/man/darwin/dislocker-fuse.1 

3.  TPM2 Tools, https://tpm2-tools.readthedocs.io/en/latest/ 

4.  "Accessing Bitlocker-Encrypted Device in Linux", https://www.baeldung.com/linux/bitlocker-encrypted-device 

5. "Right way to use the TPM for full disk encryption",   https://security.stackexchange.com/questions/124338/right-way-to-use-the-tpm-for-full-disk-encryptio... 

0 Kudos
Message 2 of 7
(310 Views)

LUKS seems indeed the way to go on Linux. But it is not a 'so easy' process.

 

Also, be careful ! LinuxRT, as the stated in the name, is a real-time OS.

Whatever you do to encrypt what resides on the disk might decrease the OS performances, and you might end up with a system that may not meet your RT demands anymore.

To be tested ! Let us know ! 🙂

CLA, CTA, LV Champion
View Cyril Gambini's profile on LinkedIn
This post is made under CC BY 4.0 DEED licensing
0 Kudos
Message 3 of 7
(307 Views)

Based on the research I have read in many other's comments within forums and articles, they have stated they did not see a decline or loss of processing.  It was very minimal.  However, the trick is can I do this and utilize the TPM 2.0 on a PXIe board for better security? 

 

Can I purchase the PXIe board with a NI LinuxRT on it, rather than WES OS?

 

I do not want to deal with flashing the drive.

0 Kudos
Message 4 of 7
(305 Views)

The OS run on a controller (just to clarify it is not a board).

Controller can be bought with LinuxRT preinstalled.

Otherwise flashing an existant system is made pretty easy with MAX

 

Again, ensure that you perform extensive tests after encryption to ensure your system still runs correctly (in a timely manner).

CLA, CTA, LV Champion
View Cyril Gambini's profile on LinkedIn
This post is made under CC BY 4.0 DEED licensing
Message 5 of 7
(303 Views)

Where does the TPM 2.0 lay?

0 Kudos
Message 6 of 7
(298 Views)

I don't know if there is one, I tought you were saying there is one for sure ! Sorry for the confusion.

I guess if there is one, it is associated to the controller.

I guess you are better suited to open a support request to have the exact information !

CLA, CTA, LV Champion
View Cyril Gambini's profile on LinkedIn
This post is made under CC BY 4.0 DEED licensing
0 Kudos
Message 7 of 7
(295 Views)