[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TPM support status ?

From: Duboucher Thomas
Subject: Re: TPM support status ?
Date: Wed, 19 Aug 2009 22:37:39 +0200
User-agent: Thunderbird (Windows/20090605)

Hash: SHA1

Vladimir 'phcoder' Serbinenko a écrit :
> There is a point in keeping them - remote atestation. Why do I need
> manufacturer to sign my key?

No, the endorsement key pair is not used in remote attestation. Only to
generate one time key pairs for ownership operations.
The signature proves that the key was generated within the manufacturer
infrastructure, and not by someone else using a fraudulent key
generator. If the TPM is enabled to, you can reset the endorsement key
pair and generate a new one (you can also create temporary pairs iirc);
the only thing you'll be missing will be the manufacturer's signature
(but you can use yours if you wishes to).

>>> By using this key you can prove manufacturer that you use the key he
>>> burned in device it controls which opens the bad doors.
>> Well, like in any security system, you suppose the system itself is
>> secure ... which is not always the case, intentionnaly or not.
> Even if you're in an insecure prison you're still in a prison.

Where will we go if we start thinking every security system is flawed. :|

>> It's not against my words. I was telling that a malicious manufacturer
>> can use a TPM to build a system where the BIOS is less likely to be
>> modified. And if on top of this he uses this to protect the operating
>> system ... These are use cases of TPM that _we_ don't want to see.
> Unfortunately it's the cases it's designed for.

No, it was designed as an hardware-based security for data, not
exclusively for going against the end-user.

>>> If you have tokens why do you care if attacker has your passphrase.
>>> And just the keyboard input can contain a lot of valuable data itself.
>>> Why do you suppose that attacker can stole the laptop but not the token?
>> I'm not making any supposition, I'm making all of them. And I'm trying
>> to reduce the different schemes an attacker could use. There is _always_
>> a way to steal the secret. At least let's make it less likely to happen.
> Without threat model we're speaking placebo.

Stoned Bootkit?
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla -


reply via email to

[Prev in Thread] Current Thread [Next in Thread]