The hard part is initializing the hardware without the use of the
original BIOS - the specifics of initializing various chips are not
public, and probably depend on companion hardware and/or trace length
on the particular board as well.
It's not actually needed. If one can nop tpm code in bios then he can
boot from anything and read tpm keys. You don't need to understand the
whole bios to do it. Of course it's obfuscated but obfuscation isn't a
security in any way. Also if you write completely different code to
flash bios you don't need to be able to initialise the whole hardware
all you need is being able to read tpm and write to serial port. Then
you can simply read the key at your serial console. Actually bios isn't
protected. It's just obfuscated.
Regards
Vladimir 'phcoder' Serbinenko
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
