On Monday 30 Mar 2015 01:32:21 Walter Dnes wrote: > On Sun, Mar 29, 2015 at 03:30:07PM -0400, Rich Freeman wrote > > > With TPM, full-disk encryption, and a verified boot path, you could > > actually protect against that scenario (they'd have to tear apart the > > TPM chip and try to access the non-volatile storage directly, and the > > chips are specifically designed to defeat this). Secure boot would > > not hurt either (with your own keys). Of course, they could still try > > to hack in via USB/PCI/etc, or plant keyloggers and such. I'm not > > suggesting physical security isn't important. It just isn't a good > > reason to completely neglect console security. > > Be careful what you wish for. I have my doubts that TPM chips would > boot linux with Microsoft offering "volume discounts" to OEMS. Call me > cynical.
Well, yes, post Snowden revelations we can reasonably suspect that the TPM OEMs have degraded the randomness of the chip sufficiently for spooks to be able to crack your keys. -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
