Re: A _good_ and valid use for TPM

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A _good_ and valid use for TPM

From:	Michal Suchanek
Subject:	Re: A _good_ and valid use for TPM
Date:	Thu, 19 Feb 2009 16:44:52 +0100

2009/2/19 phcoder <address@hidden>:
> First of all your system is still totally vulnerable to emanation and power
> analysis or hw tampering. By reflashing bios one can bypass all tpm
> protections (don't say it's difficult because it's closed source and so on.
> Look at all closed source obfuscations/pseudo-protections that get cracked
> every day)

This is interesting. I have not thought about the way the BIOS is
protected from tampering. You can probably read the BIOS and verify
the signature with the TPM chip but there is nothing that can attest
the machine actually used this BIOS for booting.

Since the BIOS is not stored in the TPM chip and must be able to reset
the TPM  chip into a good state at least when the power is removed
from the board it must be possible to not use the BIOS at all and
leave the TPM chip in good or resettable state.

The hard part is initializing the hardware without the use of the
original BIOS - the specifics of initializing various chips are not
public, and probably depend on companion hardware and/or trace length
on the particular board as well.


Thanks

Michal

[Prev in Thread]

Current Thread

[Next in Thread]

A _good_ and valid use for TPM, Alex Besogonov, 2009/02/18
- Re: A _good_ and valid use for TPM, phcoder, 2009/02/18
- Message not available
  - Re: A _good_ and valid use for TPM, Alex Besogonov, 2009/02/19
    - Re: A _good_ and valid use for TPM, phcoder, 2009/02/19
    - Re: A _good_ and valid use for TPM, Colin D Bennett, 2009/02/19
    - Re: A _good_ and valid use for TPM, phcoder, 2009/02/19
    - Re: A _good_ and valid use for TPM, Robert Millan, 2009/02/21
    - Re: A _good_ and valid use for TPM, phcoder, 2009/02/21
    - Re: A _good_ and valid use for TPM, Jan Alsenz, 2009/02/21
    - Re: A _good_ and valid use for TPM, Michal Suchanek <=
    - Re: A _good_ and valid use for TPM, phcoder, 2009/02/19
- Re: A _good_ and valid use for TPM, Robert Millan, 2009/02/21
- Re: A _good_ and valid use for TPM, Alex Besogonov, 2009/02/18
  - Re: A _good_ and valid use for TPM, Isaac Dupree, 2009/02/18
    - Re: A _good_ and valid use for TPM, Alex Besogonov, 2009/02/18
    - Re: A _good_ and valid use for TPM, Isaac Dupree, 2009/02/18
    - Re: A _good_ and valid use for TPM, Alex Besogonov, 2009/02/19
- Re: A _good_ and valid use for TPM, Alex Besogonov, 2009/02/19
  - Re: A _good_ and valid use for TPM, phcoder, 2009/02/19
    - Re: A _good_ and valid use for TPM, Alex Besogonov, 2009/02/19

Prev by Date: Re: A _good_ and valid use for TPM
Next by Date: Re: A _good_ and valid use for TPM
Previous by thread: Re: A _good_ and valid use for TPM
Next by thread: Re: A _good_ and valid use for TPM
Index(es):
- Date
- Thread