It means malware can’t exfiltrate the SSH key from your machine and keep using it. But yes they can potentially use it while still on your machine depending on if presence confirmation or re-inputting a credential is required. But that still closes a big gap.
On a Mac secretive can also pop a notification making it more likely to passively observe such usage (not fool proof though) and the key can’t (easily, maybe with some complex exploit) be used from an app not signed by the original developer. It can also require re input of your password. That specific security probably isn’t possible on Linux though.
> It means malware can’t exfiltrate the SSH key from your machine and keep using it
Are you sure about that? Presumably the secret parts of the SSH key are being read into memory at some point, or a RCE could dump the key the same way ssh-tpm-agent does.
Don't rely on a TPM to store secrets. Use a secrets store that can be audited for use and have it generate dynamic, short lived credentials. For SSH, use SSH CAs.
>Are you sure about that? Presumably the secret parts of the SSH key are being read into memory at some point, or a RCE could dump the key the same way ssh-tpm-agent does.
This is not how ssh-tpm-agent works. It does the key signing inside the TPM so you do not have access to the key on the machine itself.
The private key never hits memory or the machine itself.
On a Mac secretive can also pop a notification making it more likely to passively observe such usage (not fool proof though) and the key can’t (easily, maybe with some complex exploit) be used from an app not signed by the original developer. It can also require re input of your password. That specific security probably isn’t possible on Linux though.