[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TPM support status ?

From: Michael Gorven
Subject: Re: TPM support status ?
Date: Wed, 19 Aug 2009 22:13:40 +0200
User-agent: Mutt/1.5.18 (2008-05-17)

On Wed, Aug 19, 2009 at 08:48:13PM +0200, Vladimir 'phcoder' Serbinenko wrote:
Since the BIOS can be "easily" replaced, it cannot be trusted, hence you
can't build a chain of trust starting from your BIOS. It is a "little"
more difficult to replace a TPM, even more if it's holding a shared
secret. :)
Write wire? Concrete around the chip? Concrete is more resistant than
silicon as last studies have shown.

99% of people with this use case are not going to put their BIOS chip in concrete. Configuring a TPM chip a lot easier.

I keep trusting it because
the TPM tells me it hasn't been altered on my computer by nasty people.

Suppose even that TPM or XYZ can ensure software isn't tampered at
all. Attacker can alter your hardware instead. It just changes the way
your computer is attacked, not the result. As a matter of fact
hardware attacks are now more widespread in these considerations.

Yes -- the whole point is to make it more difficult and require more resources.

TPM claims to e.g. protect your hd encryption keys. But what a hacker
would do is to boot computer, wait that it retrieves the keys and then
execute cold boot attack (in most cases it's enough to just cool RAM
down and reboot with a USB key which will dump the memory). I don't
spend my time on implementing a "security" which increases hacking
cost by $15, claims to be unbreakable and can be used for evil
purposes (in which case it's more difficult to crack)

Uh, wait! There's something I don't understand there. What's the point
in puting the whole secret in the TPM? It's like writing your passphrase
on a paper and put it under your keyboard. A clever implementation would
be using the ownership capabilities of the TPM so that the secret can be
protected by system integrity _and_ password.
Then I wait that you enter you password and leave machine unattended
and execute my cold boot attack. If you never left machine unattended
you don't need a chip to ensure the integrity.

That's a completely different issue which you don't have a solution to either.

PGP Key ID 6612FE85

Attachment: signature.asc
Description: Digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]