-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vladimir 'phcoder' Serbinenko a écrit : >> I can imagine a world with computers you can access from free and from >> whom you can boot with your USB pen-drive (or trust the installed OS, or >> whatever you want). But this world is still far away from here ... :| > TPM doesn't protect your computer from being stolen and HD wiped.
Hey, I didn't say that TPM will replace a faithful dog! :D >> No! No! No! and No! Coreboot is not an CRTM, and then you can't speak >> about chain of trust if you are starting it with Coreboot ... It is >> already very difficult to consider the TPM as a CRTM since there are >> design flaws. > Yes! Yes! Yes! Yes! Yes! Yes! Yes! Yes! Yes! Yes! Yes! Yes! Yes! Yes! > Yes! Yes! Yes! Yes! > Coreboot is perfect for my use for *****. > Did I bring any argument in last 2 lines? Since the BIOS can be "easily" replaced, it cannot be trusted, hence you can't build a chain of trust starting from your BIOS. It is a "little" more difficult to replace a TPM, even more if it's holding a shared secret. :) >> Also, you are not owning a computer by using a chain of trust. You are >> only sure that the software you trust on your computer haven't been >> tampered. And you can keep trusting them, even if they have a backdoor >> you weren't aware of! ;) >> > That's what open source is here for. You just said it yourself that > you can easier trust open source than closed source and TPM doesn't > change that. > I completly agree with the first part, but you twisted the ending. :'( I trust an open-source software, because I can see the source code (uh, wait! what if I can't trust the compiler!). I keep trusting it because the TPM tells me it hasn't been altered on my computer by nasty people. >>> - Lock down via proprietary crypto chip (TPM). Different software can >>> happen if "attacker" figured out how to break into your TPM, which is >>> actually quite possibly easier, not harder, than replacing hardware >>> because the TPMs are closed systems that don't disclose their design and >>> flaws... >> Wow! Software hacked TPM? Software breaking into TPM? I must be missing >> something. :| > It's possible that using some kind of obscure power control sequence > you can reset tpm to its boot state and then nicely ask it to do > whatever you want. Well, that would be a design flaw, and not very TCG compliant. Things like this happen, and when it does, it's always a little problematic in cryptographics. >> Every technology has its design and its implementation, and also its >> design flaws and implementation flaws. Remember Debian and OpenSSL. >> Well, if a chip has a design flaw, it is more expensive to change it; >> however, people that will truly require it will also be able to. ;) >> > TPM claims to e.g. protect your hd encryption keys. But what a hacker > would do is to boot computer, wait that it retrieves the keys and then > execute cold boot attack (in most cases it's enough to just cool RAM > down and reboot with a USB key which will dump the memory). I don't > spend my time on implementing a "security" which increases hacking > cost by $15, claims to be unbreakable and can be used for evil > purposes (in which case it's more difficult to crack) Uh, wait! There's something I don't understand there. What's the point in puting the whole secret in the TPM? It's like writing your passphrase on a paper and put it under your keyboard. A clever implementation would be using the ownership capabilities of the TPM so that the secret can be protected by system integrity _and_ password. >>> attestation, flawed, as soon as your RAM becomes unpredictable. Not in >>> a convenient way, but it should definitely be possible..) Also, none of >>> the airplane arguments really apply to small, non-life-critical systems. >> Airplane manufacter aren't using ordinary computer ... > So what? > Example stays an interesting one and their computers probably have > some kind of protection. Well, I think there's computer onboard, and I think they may have some security, but personnaly I've never worked in a department that produces planes. This would be only pure speculations. >> This chain of trust is useful for people that have to work with a >> computer and data in an untrusted environnement, and that's how and what >> it was designed for. > Then this design is fundamentaly flawed. You just can't trust hardware > in untrusted environment. This is what the TCPA is trying to solve. Not an easy question, but TPM is a good begining imho (invalid the Stoned attack scheme for example) > Claiming to achieve impossible is an advantage proprietary security > suites have over free ones. > Yup ;) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkqMRkUACgkQBV7eXqefhqjZXgCgmGik1TszdBP3tJDlWHFkDhuS 4ooAoJA7CmS+TR0Mv7UHuOJi4mBxBhtT =Qqm3 -----END PGP SIGNATURE----- _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
