Re: TPM support status ?

[Vladimir 'phcoder' Serbinenko]

> I can imagine a world with computers you can access from free and from
> whom you can boot with your USB pen-drive (or trust the installed OS, or
> whatever you want). But this world is still far away from here ... :|
TPM doesn't protect your computer from being stolen and HD wiped.
>> replace your computer's BIOS (they can use a standard chip rather than a
>> horrible hack discovered by black hats)... This choice might be a good
>> one to use in airplane cockpits.
> No! No! No! and No! Coreboot is not an CRTM, and then you can't speak
> about chain of trust if you are starting it with Coreboot ... It is
> already very difficult to consider the TPM as a CRTM since there are
> design flaws.
Yes! Yes! Yes! Yes! Yes! Yes! Yes! Yes! Yes! Yes! Yes! Yes! Yes! Yes!
Yes! Yes! Yes! Yes!
Coreboot is perfect for my use for *****.
Did I bring any argument in last 2 lines?
> Also, you are not owning a computer by using a chain of trust. You are
> only sure that the software you trust on your computer haven't been
> tampered. And you can keep trusting them, even if they have a backdoor
> you weren't aware of! ;)
>
That's what open source is here for. You just said it yourself that
you can easier trust open source than closed source and TPM doesn't
change that.

>> - Lock down via proprietary crypto chip (TPM).  Different software can
>> happen if "attacker" figured out how to break into your TPM, which is
>> actually quite possibly easier, not harder, than replacing hardware
>> because the TPMs are closed systems that don't disclose their design and
>> flaws...
> Wow! Software hacked TPM? Software breaking into TPM? I must be missing
> something. :|
It's possible that using some kind of obscure power control sequence
you can reset tpm to its boot state and then nicely ask it to do
whatever you want.
> Every technology has its design and its implementation, and also its
> design flaws and implementation flaws. Remember Debian and OpenSSL.
> Well, if a chip has a design flaw, it is more expensive to change it;
> however, people that will truly require it will also be able to. ;)
>
TPM claims to e.g. protect your hd encryption keys. But what a hacker
would do is to boot computer, wait that it retrieves the keys and then
execute cold boot attack (in most cases it's enough to just cool RAM
down and reboot with a USB key which will dump the memory). I don't
spend my time on implementing a "security" which increases hacking
cost by $15, claims to be unbreakable and can be used for evil
purposes (in which case it's more difficult to crack)
>> attestation, flawed, as soon as your RAM becomes unpredictable.  Not in
>> a convenient way, but it should definitely be possible..)  Also, none of
>> the airplane arguments really apply to small, non-life-critical systems.
> Airplane manufacter aren't using ordinary computer ...
So what?
Example stays an interesting one and their computers probably have
some kind of protection.
> This chain of trust is useful for people that have to work with a
> computer and data in an untrusted environnement, and that's how and what
> it was designed for.
Then this design is fundamentaly flawed. You just can't trust hardware
in untrusted environment.
Claiming to achieve impossible is an advantage proprietary security
suites have over free ones.

-- 
Regards
Vladimir 'phcoder' Serbinenko

Personal git repository: http://repo.or.cz/w/grub2/phcoder.git