https://raymii.org/s/tutorials/Put_your_SSH_keys_in_your_TPM_chip.html
Article
-
Tutorial for storing SSH private keys in the TPM so they can’t be extracted
-
Uses tpm2-pkcs11 and ssh-agent integration on Linux
-
Keys stay resident in hardware; signing happens inside the chip
Discussion
-
tptacek: marginal win vs short-lived certs + phishing-proof IdP for fleet use
-
TPM reliability concerns raised: BIOS updates can wipe keys on consumer boards
-
macOS Secure Enclave noted as a cleaner alternative requiring no third-party tools
-
Core objection: keys can’t be stolen but can be instantly used by local malware
Discuss on HN