grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TPM support status ?


From: Michael Gorven
Subject: Re: TPM support status ?
Date: Thu, 20 Aug 2009 09:38:14 +0200
User-agent: KMail/1.9.10

On Wednesday 19 August 2009 22:25:00 Vladimir 'phcoder' Serbinenko wrote:
> > 99% of people with this use case are not going to put their BIOS chip in
> > concrete. Configuring a TPM chip a lot easier.
>
> 98% of people in this case don't really care if they are secure or not.

I said "with this use case".

> >> Then I wait that you enter you password and leave machine unattended
> >> and execute my cold boot attack. If you never left machine unattended
> >> you don't need a chip to ensure the integrity.
> >
> > That's a completely different issue which you don't have a solution to
> > either.
>
> And which makes all the hassle around TPM worth nothing

Cold boot attacks can be mitigated somewhat because the BIOS would be 
configured to only boot from the harddrive. The BIOS would have to be reset 
before booting from another device, but this would break the trusted path 
which means that it has to happen during the attack itself.

Michael

-- 
http://michael.gorven.za.net
PGP Key ID 1E016BE8
S/MIME Key ID AAF09E0E

Attachment: signature.asc
Description: This is a digitally signed message part.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]