[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A _good_ and valid use for TPM

From: phcoder
Subject: Re: A _good_ and valid use for TPM
Date: Sat, 21 Feb 2009 14:43:29 +0100
User-agent: Thunderbird (X11/20090105)

And in this scenario the encryption key would also be in flash. Since you can't boot unchecked software and normal linux security wouldn't allow you to read flash unless you have the root password you can't recover the key
Vladimir 'phcoder' Serbinenko
Robert Millan wrote:
On Thu, Feb 19, 2009 at 07:38:36AM -0800, Colin D Bennett wrote:
While TPM may open a door for corporations to prevent machine owners
from having control over their machines, in this instance I do not see
another way to solve Alex's problem.

There's an easy way out of this.  Simply verify data integrity from the
flash chip, and make sure nobody can write to the flash chip.

You can archieve the first by e.g. installing coreboot/GRUB there and
add some crypto support to it.

You can archieve the second by cutting the WE wire, or by dumping lots of
concrete over your board.  Yes, this is a gazillon times more secure than
a TPM.  TPMs are vulnerable to reverse engineering.

The evil part of TPM seems to be when a person buys a computer but the
computer is locked down with a key not provided to the buyer.

Precisely.  If it came with a key that is known to the buyer (e.g. printed
on paper), or with an override mechanism that is only accessible to its
legitimate buyer, there would be no problem with it.

But AFAICT there are no TPMs that do this.  It probably even violates the

reply via email to

[Prev in Thread] Current Thread [Next in Thread]