[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TPM support status ?

From: Vladimir 'phcoder' Serbinenko
Subject: Re: TPM support status ?
Date: Thu, 20 Aug 2009 15:06:35 +0200

>> Proven? As any chip it can only know what's on its pins. High-tech
>> electric lab equipment can fool any chip. Asking nicely at university
>> most students can gain access to one.
> I doubt this is even necessary. What's the real difference between
> mounting the chip on the mainboard and plugging one into an external
> port (besides the inability to use content encrypted by the chip on
> different machine if you wanted to)?
I also doubt that it's necessary - perhaps an adapter can be soldered
from parts without big difficulty. I just say that it's possible and
even if it's complicated it's not impossible and once it's published
exactly how to do it it will be much easier. Nothing can make
general-purpose computer tamper-resistant - it's simply not designed
this way. Smartcards can be tamper-resistant because they are designed
to be such (and even they sometimes fail this goal). Making system
tamper-resistant means that every component must be tamper-resistant
and all the connections.
As you see I deliberately avoided word "tamperproof" because I don't
believe in this being anything more as an idealisation similar to hash
being random oracle except that no real hash is one and in some cases
even the smallest difference between real hash and random oracle makes
whole system insecure.
No chip can make laptop or server tamper-resistant. I acknowledge that
tamperproveness can be an useful cryptographical property but no
realisation of it should be locked by manufacturer for consumer
devices. It's fine for e.g. medical equipment or flight guidance
system to be tamper-resistant but a consumer who bought a device has
right to use it for whatever use he likes to no matter what
manufacturer wants. No baker sells the bread with conditions like "you
can eat it only evening" or "you can't give it with your neighbour"
and so on. Why would consumer electronics manufacturer be allowed to
do so?
> Thanks
> Michal
> _______________________________________________
> Grub-devel mailing list
> address@hidden

Vladimir 'phcoder' Serbinenko

Personal git repository:

reply via email to

[Prev in Thread] Current Thread [Next in Thread]