[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A _good_ and valid use for TPM
|
From: |
Alex Besogonov |
|
Subject: |
Re: A _good_ and valid use for TPM |
|
Date: |
Fri, 20 Feb 2009 03:03:04 +0200 |
On Fri, Feb 20, 2009 at 2:29 AM, Jan Alsenz <address@hidden> wrote:
[skip]
> The TPM can proof to another party, that the PCRs have certain values
> (of
> course the communication needs to be established by normal software running on
> the machine)
Yes, I'm trying to do remote attestation.
> Alex Besogonov wrote:
>> I don't think it's possible to recover the symmetric key used later
>> during normal system operation.
> It could possibly be done, but that is out of scope here.
> Regardless of what you use to establish your trust, if someone can extract the
> key for your disk encryption from the running system your screwed.
Yes, of course.
>>> And what about cache attack?
>> You mean frozen memory chip attack?
> No, cache timing. (search for "aes cache timing")
I don't think it's applicable here.
>> As far as I understand - no.
> Actually - it is.
> Check the "TCG PC Client Specific Implementation Specification for
> Conventional
> Bios" or "TCG PC Specific Implementation Specification" at
> https://www.trustedcomputinggroup.org/specs/PCClient/
> and look for CRTM (Core Root of Trust for Measurement)
Yes, BIOS is a root of trust, but not the Core Root. BIOS itself is
checked before execution (pages 20 and onwards in the "TCG PC Client
Specific Implementation Specification for Conventional Bios" spec),
even before dynamic memory is initialized.
> What you are referring to, is that you don't trust it to have ONLY this
> functionality, but you can make the same argument for every part of your PC!
> Are
> you sure, there is nothing in your network card, CPU or hard drive, that can
> be
> used against you?
Frankly, I don't care. I'm not trying to protect data against NSA or
other three-letter agencies. There should be a limit to paranoia, and
my paranoia ends at the hardware level.
>> First, I don't think it's possible to implement SHA-1 hashing in MBR -
>> there's probably just not enough space left in 512-byte code segment
>> for that.
> I am very sure of that.
Well, I spoke phcoder on Jabber - there might be a way to do this.
He's going to investigate it.
>> Second, the only safe action non TPM-aware MBR can perform if it
>> detects tampering is just shutting down hard. Everything else is
>> dangerous.
> Yeah, but an attacker could patch that out too.
Not if we first measure the MBR. It can be done without any
TPM-specific code in the MBR if I'm not very mistaken.
PS: thanks for detailed explanation!
- Re: A _good_ and valid use for TPM, (continued)
Re: A _good_ and valid use for TPM, Alex Besogonov, 2009/02/19
- Re: A _good_ and valid use for TPM, phcoder, 2009/02/19
- Re: A _good_ and valid use for TPM, Alex Besogonov, 2009/02/19
- Re: A _good_ and valid use for TPM, Jan Alsenz, 2009/02/19
- Re: A _good_ and valid use for TPM,
Alex Besogonov <=
- Re: A _good_ and valid use for TPM, Jan Alsenz, 2009/02/20
- Re: A _good_ and valid use for TPM, Alex Besogonov, 2009/02/21
- Re: A _good_ and valid use for TPM, Robert Millan, 2009/02/27
Re: A _good_ and valid use for TPM, Robert Millan, 2009/02/21
Re: A _good_ and valid use for TPM, Jan Alsenz, 2009/02/21
Re: A _good_ and valid use for TPM, Robert Millan, 2009/02/21
Re: A _good_ and valid use for TPM, Jan Alsenz, 2009/02/21
Re: A _good_ and valid use for TPM, Robert Millan, 2009/02/21
Re: A _good_ and valid use for TPM, Alex Besogonov, 2009/02/21
Re: A _good_ and valid use for TPM, phcoder, 2009/02/22