Re: TPM support status ?

[Michal Suchanek]

2009/8/20 Michael Gorven <address@hidden>:
> On Thursday 20 August 2009 09:59:42 Michal Suchanek wrote:
>> 2009/8/20 Michael Gorven <address@hidden>:
>> > On Thursday 20 August 2009 09:49:06 Michal Suchanek wrote:
>> >> 2009/8/20 Michael Gorven <address@hidden>:
>> >> > On Wednesday 19 August 2009 21:21:28 Michal Suchanek wrote:
>> >> >> Tell me one technical benefit of TPM over coreboot.
>> >> >
>> >> > Coreboot doesn't provide protected storage of secrets (e.g. harddrive
>> >> > decryption keys).
>> >>
>> >> TPM does not either at the time the BIOS is loaded. Remember, it's the
>> >> CPU what's running the BIOS, not the TPM chip.
>> >>
>> >> Only after BIOS enables TPM or coreboot enables any crypto device you
>> >> choose you get any secrets or keys.
>> >
>> > So? It's still protected storage. You can read a BIOS chip, but you can't
>> > just read the contents of a TPM chip.
>>
>> You can use decent crypto storage rather than half-broken TPM. There
>> is no advantage to using it.
>
> Like what?
>

There is hardware for secure key storage which you can put into some
card slot or USB and unlike TPM you can also remove it and store
separately from the computer which greatly decreases the chance that
your data would be compromised if your computer is stolen.

I am not using such hardware so I do not know all the details of
available options. STFW should bring up something.

Thanks

Michal