[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TPM support status ?

From: Vladimir 'phcoder' Serbinenko
Subject: Re: TPM support status ?
Date: Wed, 19 Aug 2009 22:22:53 +0200

On Wed, Aug 19, 2009 at 10:13 PM, Duboucher Thomas<address@hidden> wrote:
> Hash: SHA1
> Vladimir 'phcoder' Serbinenko a écrit :
>> Could you please avoid using abbreviations. It's already hard to read
>> TPM specs because of their twisted terminology. If EKP is the key
>> stored in the TPM then manufacturer can keep a copy of public or
>> private key and nobody will notice.
> Sorry for the abbreviations. :|
> According to the specs, the private endorsement key must not come out of
> the TPM. Also, the pair has to be signed by the "manufacturer". If the
> manufacturer is not trutworthy, he can squirt the keys and then have a
> local copy of the pair. However, it's no use keeping this key since its
> only use is to generate AIK (one-time key pairs that are used to
> comunicate using HMAC).
There is a point in keeping them - remote atestation. Why do I need
manufacturer to sign my key?
>> By using this key you can prove manufacturer that you use the key he
>> burned in device it controls which opens the bad doors.
> Well, like in any security system, you suppose the system itself is
> secure ... which is not always the case, intentionnaly or not.
Even if you're in an insecure prison you're still in a prison.
> It's not against my words. I was telling that a malicious manufacturer
> can use a TPM to build a system where the BIOS is less likely to be
> modified. And if on top of this he uses this to protect the operating
> system ... These are use cases of TPM that _we_ don't want to see.
Unfortunately it's the cases it's designed for.
>> If you have tokens why do you care if attacker has your passphrase.
>> And just the keyboard input can contain a lot of valuable data itself.
>> Why do you suppose that attacker can stole the laptop but not the token?
> I'm not making any supposition, I'm making all of them. And I'm trying
> to reduce the different schemes an attacker could use. There is _always_
> a way to steal the secret. At least let's make it less likely to happen.
Without threat model we're speaking placebo.

Vladimir 'phcoder' Serbinenko

Personal git repository:

reply via email to

[Prev in Thread] Current Thread [Next in Thread]