Re: A _good_ and valid use for TPM

[Alex Besogonov]

>I don't know much about TPM but from example that I read at
>TreacherousGrub website actual verification is done by TreachorousGrub.
>I don't see how such a verification can protect against anything.
Wrong. The main concept in TPM is "chain of trust".

First, BIOS attests that the first stage of GRUB is not tampered with.
If it's somehow modified then the chain of trust is broken and keys in
the TPM are locked. Then the first stage (which is by now checked to
be real and unmodified) loads and checks the second stage. And so
on...

There's no way to break this chain of trust without hacking TPM (which
I consider very unlikely), doing uber-dirty hardware tricks (like
modifying RAM on-the-fly using DMA from rogue PCI devices) or
exploiting some local vulnerability (which is rather unlikely).

>If you suppose that your attacker is unable to tamper the hardware then
>bios and grub password is all you need. If you suppose that he can then
>you can't even trust your ram modules. It can be tampered in many ways
>like serving hacked bootloader or just being non-volatile then an
>attacker can read the key from memory.
I'm trying to guard against attacker who can _steal_ the server itself
and/or tamper with the hardware.

PS: please, at least read the relevant specs before calling TPM 'Treacherous'.