Re: TPM support status ?

[Vladimir 'phcoder' Serbinenko]

>
> 99% of people with this use case are not going to put their BIOS chip in
> concrete. Configuring a TPM chip a lot easier.
>
98% of people in this case don't really care if they are secure or not.
>>> I keep trusting it because
>>> the TPM tells me it hasn't been altered on my computer by nasty people.
>>>
>> Suppose even that TPM or XYZ can ensure software isn't tampered at
>> all. Attacker can alter your hardware instead. It just changes the way
>> your computer is attacked, not the result. As a matter of fact
>> hardware attacks are now more widespread in these considerations.
>
> Yes -- the whole point is to make it more difficult and require more
> resources.
What ressources do you suppose your attacker have?
>> Then I wait that you enter you password and leave machine unattended
>> and execute my cold boot attack. If you never left machine unattended
>> you don't need a chip to ensure the integrity.
>
> That's a completely different issue which you don't have a solution to
> either.
>
And which makes all the hassle around TPM worth nothing


-- 
Regards
Vladimir 'phcoder' Serbinenko

Personal git repository: http://repo.or.cz/w/grub2/phcoder.git