[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A _good_ and valid use for TPM

From: Robert Millan
Subject: Re: A _good_ and valid use for TPM
Date: Fri, 27 Feb 2009 20:59:20 +0100
User-agent: Mutt/1.5.18 (2008-05-17)

On Sun, Feb 22, 2009 at 03:14:07AM +0200, Alex Besogonov wrote:
> Jan Alsenz wrote:
>>>> Yeah, but an attacker could patch that out too.
>>> Not if we first measure the MBR. It can be done without any
>>> TPM-specific code in the MBR if I'm not very mistaken.
>> Could you elaborate on that?
>> E.g. where do you measure the MBR from?
> MBR is automatically measured by the TPM module, it requires no  
> intervention from GRUB.

Well, that is true, but for GRUB to measure all of its own stages
it gets quite complicated.  Overall, from a technical POV it looks
like a lousy approach.  It makes a lot more sense to simply have the
firmware load GRUB as an executable image and measure that IMO.

You can do that easily when you're in a legacy-free environment.

Robert Millan

  The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and
  how) you may access your data; but nobody's threatening your freedom: we
  still allow you to remove your data and not access it at all."

reply via email to

[Prev in Thread] Current Thread [Next in Thread]