[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TPM support status ?
|
From: |
Vladimir 'phcoder' Serbinenko |
|
Subject: |
Re: TPM support status ? |
|
Date: |
Wed, 19 Aug 2009 21:28:17 +0200 |
On Wed, Aug 19, 2009 at 9:16 PM, Duboucher Thomas<address@hidden> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Vladimir 'phcoder' Serbinenko a écrit :
>> But why does a third instance (manufacturer) need to trust my key?
>> Only one: he wants a control.
>
> I don't see where the TPME needs to trust the EKP in the specification.
Could you please avoid using abbreviations. It's already hard to read
TPM specs because of their twisted terminology. If EKP is the key
stored in the TPM then manufacturer can keep a copy of public or
private key and nobody will notice.
>
>>> Also, most of the time, the reset operation is disabled by the TPME.
>> This is a problem (again): you can't make TPM to behave like you want.
>
> Yep, but why would you allow reseting the EKP? You can reset everything
> else because you may need to, but it's no use reseting the EKP.
>
By using this key you can prove manufacturer that you use the key he
burned in device it controls which opens the bad doors.
>>> It _can't_ be used for other operations iirc.
>> Checking you use windows?
>
> Not the TPM, only a ***** BIOS and a ***** manufacturer (which can base
> their scheme on TPM). We saw this in the past, but we didn't needed a
> TPM for that, only human mind. :|
But TPM is designed to prevent BIOS modifications.
>> Why wouldn't he connect a hardware keylogger (price about $100,
>> reusable) or change keyboard firmware. Neither is detectable by TPM.
>
> Because sometimes the security isn't only reduced to a passphrase.
> Sometime tokens have their uses.
If you have tokens why do you care if attacker has your passphrase.
And just the keyboard input can contain a lot of valuable data itself.
Why do you suppose that attacker can stole the laptop but not the token?
>
>> I don't believe it to be wonderful in anything except giving
>> impression of security. Increase of $100 is a gain but if your data is
>> worth less than that your laptop will be stolen for hardware and not
>> data.
>
>> If this measure didn't come with the risk of losing freedom I would be
>> for its inclusion but with warnings in manual that it provides no real
>> security (I wouldn't have spend time coding it though, neither would I
>> have used it). But considering the price (freedom) I reject it.
>> You lose the freedom the moment when you go in prison cell and someone
>> is able to close it regardless whether he actualy closes it or not -
>> he has you at his mercy.
>
> Don't you think it isn't even worth working on?
If not the freedom concerns it could be fun coding. But IF.
--
Regards
Vladimir 'phcoder' Serbinenko
Personal git repository: http://repo.or.cz/w/grub2/phcoder.git
Re: TPM support status ?, Robert Millan, 2009/08/19
Re: TPM support status ?, Duboucher Thomas, 2009/08/19
- Re: TPM support status ?, Vladimir 'phcoder' Serbinenko, 2009/08/19
- Re: TPM support status ?, Duboucher Thomas, 2009/08/19
- Re: TPM support status ?, Vladimir 'phcoder' Serbinenko, 2009/08/19
- Re: TPM support status ?, Duboucher Thomas, 2009/08/19
- Re: TPM support status ?,
Vladimir 'phcoder' Serbinenko <=
- Re: TPM support status ?, Duboucher Thomas, 2009/08/19
- Re: TPM support status ?, Vladimir 'phcoder' Serbinenko, 2009/08/19
- Re: TPM support status ?, Duboucher Thomas, 2009/08/19
- Re: TPM support status ?, Michal Suchanek, 2009/08/19
- Re: TPM support status ?, Duboucher Thomas, 2009/08/19
- Re: TPM support status ?, Vladimir 'phcoder' Serbinenko, 2009/08/19
- Re: TPM support status ?, Duboucher Thomas, 2009/08/19
- Re: TPM support status ?, Michal Suchanek, 2009/08/19
Re: TPM support status ?, Vladimir 'phcoder' Serbinenko, 2009/08/19
Re: TPM support status ?, Michael Gorven, 2009/08/20