Re: TPM support status ?

[Michael Gorven]

On Thursday 20 August 2009 10:20:02 Michal Suchanek wrote:
> 2009/8/20 Michael Gorven <address@hidden>:
> > On Thursday 20 August 2009 09:59:42 Michal Suchanek wrote:
> >> 2009/8/20 Michael Gorven <address@hidden>:
> >> > On Thursday 20 August 2009 09:49:06 Michal Suchanek wrote:
> >> >> 2009/8/20 Michael Gorven <address@hidden>:
> >> >> > On Wednesday 19 August 2009 21:21:28 Michal Suchanek wrote:
> >> >> >> Tell me one technical benefit of TPM over coreboot.
> >> >> >
> >> >> > Coreboot doesn't provide protected storage of secrets (e.g.
> >> >> > harddrive decryption keys).
> >> >>
> >> >> TPM does not either at the time the BIOS is loaded. Remember, it's
> >> >> the CPU what's running the BIOS, not the TPM chip.
> >> >>
> >> >> Only after BIOS enables TPM or coreboot enables any crypto device you
> >> >> choose you get any secrets or keys.
> >> >
> >> > So? It's still protected storage. You can read a BIOS chip, but you
> >> > can't just read the contents of a TPM chip.
> >>
> >> You can use decent crypto storage rather than half-broken TPM. There
> >> is no advantage to using it.
> >
> > Like what?
>
> There is hardware for secure key storage which you can put into some
> card slot or USB and unlike TPM you can also remove it and store
> separately from the computer which greatly decreases the chance that
> your data would be compromised if your computer is stolen.

But that doesn't protect the machine (and crypto card) from being physically 
compromised, so it's not the same as TPM.

-- 
http://michael.gorven.za.net
PGP Key ID 1E016BE8
S/MIME Key ID AAF09E0E

signature.asc
Description: This is a digitally signed message part.