[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TPM support status ?
From: |
Michal Suchanek |
Subject: |
Re: TPM support status ? |
Date: |
Thu, 20 Aug 2009 12:58:50 +0200 |
2009/8/20 Michael Gorven <address@hidden>:
> On Thursday 20 August 2009 10:20:02 Michal Suchanek wrote:
>> 2009/8/20 Michael Gorven <address@hidden>:
>> > On Thursday 20 August 2009 09:59:42 Michal Suchanek wrote:
>> >> 2009/8/20 Michael Gorven <address@hidden>:
>> >> > On Thursday 20 August 2009 09:49:06 Michal Suchanek wrote:
>> >> >> 2009/8/20 Michael Gorven <address@hidden>:
>> >> >> > On Wednesday 19 August 2009 21:21:28 Michal Suchanek wrote:
>> >> >> >> Tell me one technical benefit of TPM over coreboot.
>> >> >> >
>> >> >> > Coreboot doesn't provide protected storage of secrets (e.g.
>> >> >> > harddrive decryption keys).
>> >> >>
>> >> >> TPM does not either at the time the BIOS is loaded. Remember, it's
>> >> >> the CPU what's running the BIOS, not the TPM chip.
>> >> >>
>> >> >> Only after BIOS enables TPM or coreboot enables any crypto device you
>> >> >> choose you get any secrets or keys.
>> >> >
>> >> > So? It's still protected storage. You can read a BIOS chip, but you
>> >> > can't just read the contents of a TPM chip.
>> >>
>> >> You can use decent crypto storage rather than half-broken TPM. There
>> >> is no advantage to using it.
>> >
>> > Like what?
>>
>> There is hardware for secure key storage which you can put into some
>> card slot or USB and unlike TPM you can also remove it and store
>> separately from the computer which greatly decreases the chance that
>> your data would be compromised if your computer is stolen.
>
> But that doesn't protect the machine (and crypto card) from being physically
> compromised, so it's not the same as TPM.
How does TPM protest your machine from physical access? I thought it's
a small chip somewhere on the board, not a steel case around the
machine.
Thanks
Michal
- Re: TPM support status ?, (continued)
- Re: TPM support status ?, Vladimir 'phcoder' Serbinenko, 2009/08/20
- Re: TPM support status ?, Michal Suchanek, 2009/08/19
- Re: TPM support status ?, Michael Gorven, 2009/08/20
- Re: TPM support status ?, Michal Suchanek, 2009/08/20
- Re: TPM support status ?, Michael Gorven, 2009/08/20
- Re: TPM support status ?, Michal Suchanek, 2009/08/20
- Re: TPM support status ?, Michael Gorven, 2009/08/20
- Re: TPM support status ?, Michal Suchanek, 2009/08/20
- Re: TPM support status ?, Michael Gorven, 2009/08/20
- Re: TPM support status ?, Vladimir 'phcoder' Serbinenko, 2009/08/20
- Re: TPM support status ?,
Michal Suchanek <=
- Re: TPM support status ?, Michael Gorven, 2009/08/20
- Re: TPM support status ?, Vladimir 'phcoder' Serbinenko, 2009/08/20
- Re: TPM support status ?, Michal Suchanek, 2009/08/20
- Re: TPM support status ?, Vladimir 'phcoder' Serbinenko, 2009/08/20
- Re: TPM support status ?, Duboucher Thomas, 2009/08/20
- about smartcards (Re: TPM support status ?), Robert Millan, 2009/08/20
- Re: about smartcards (Re: TPM support status ?), decoder, 2009/08/20
- Re: about smartcards (Re: TPM support status ?), Vladimir 'phcoder' Serbinenko, 2009/08/20
- Re: about smartcards (Re: TPM support status ?), Robert Millan, 2009/08/20
- Re: about smartcards (Re: TPM support status ?), decoder, 2009/08/20