[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TPM support status ?

From: Vladimir 'phcoder' Serbinenko
Subject: Re: TPM support status ?
Date: Thu, 20 Aug 2009 12:15:42 +0200

On Thu, Aug 20, 2009 at 9:38 AM, Michael Gorven<address@hidden> wrote:
> On Wednesday 19 August 2009 22:25:00 Vladimir 'phcoder' Serbinenko wrote:
>> > 99% of people with this use case are not going to put their BIOS chip in
>> > concrete. Configuring a TPM chip a lot easier.
>> 98% of people in this case don't really care if they are secure or not.
> I said "with this use case".
It's also what I meant. Most sysadmins just need someone to blame if
it goes wrong.
>> >> Then I wait that you enter you password and leave machine unattended
>> >> and execute my cold boot attack. If you never left machine unattended
>> >> you don't need a chip to ensure the integrity.
>> >
>> > That's a completely different issue which you don't have a solution to
>> > either.
>> And which makes all the hassle around TPM worth nothing
> Cold boot attacks can be mitigated somewhat because the BIOS would be
> configured to only boot from the harddrive. The BIOS would have to be reset
> before booting from another device, but this would break the trusted path
> which means that it has to happen during the attack itself.
It just means one needs to move memory to another computer.
> Michael
> --
> PGP Key ID 1E016BE8
> _______________________________________________
> Grub-devel mailing list
> address@hidden

Vladimir 'phcoder' Serbinenko

Personal git repository:

reply via email to

[Prev in Thread] Current Thread [Next in Thread]