T>his paranoid security talk is growing some big pink elephants which are >being conveniently ignored: you people are trying to protect a HD within >a computer that could be stolen, but you trust that the BIOS chip (in >ROM and whatever you want), which performs the systems initialization >(including RAM and the TPM) cannot be tampered with or even replaced. The BIOS itself is checksummed and verified by the TPM. So a simple reflashing won't work.
Please, don't think that all engineers who designed the TPM are complete idiots. >When someone pointed the key-in-RAM problem the answer was "I'll just >glue it with epoxy resin"! For crying out loud! Without taking into >account that most epoxy resins take weeks to solidify under 100 ºC, Uhm.. It takes about 8 hours for the resin with hardener to solidify (speaking from experience). >if the computer is physically stolen it could be subjected to EM-field >analysis. That's WAY more complex than just swapping chips. Also, there's another small thing - I can just delete the key from my key server, and then no amount of hacking will unlock hard drive. TPM and other measures just buy time. _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
