|
From: | phcoder |
Subject: | Re: A _good_ and valid use for TPM |
Date: | Thu, 19 Feb 2009 17:29:06 +0100 |
User-agent: | Thunderbird 2.0.0.19 (X11/20090105) |
The both goals together are theoretically unachievable technics like replacing ram (or gpu memory) with non-volatile storage is always available or the method of additional energy. All tpm does is to store it in obfuscated way and providing access to it in clear way if some conditions are met.1. The disk must be encrypted. 2. The system must be able to boot without human interaction. That is, a user cannot be prompted for a passphrase or key.
Ideally this condition is B="my system is untampered" BIOS has the duty to verify the condition A="mbr is untampered" So actually what he needs is that grub ensures (A=>B)Intermediary condition is "core.img" is untampered. I already outlined how to ensure C=>B without any sacrifices. Ensuring A=>C may require some sacrifices that's why I propose to have two versions of mbr sector. I find that the feature A=>B / C=>B is useful also in many ways not limited to tpm scenarios. Look at the following case: One has installed grub locally on small disk or in flash memory (e.g. coreboot) in otherwise lightweight terminal. Now he wants to boot the OS from remote server over unsecure network.
In the same time he can always choose to boot unsigned OS by providing his password
Regards Vladimir 'phcoder' Serbinenko
[Prev in Thread] | Current Thread | [Next in Thread] |