On Wednesday 19 August 2009 22:25:00 Vladimir 'phcoder' Serbinenko wrote: > > 99% of people with this use case are not going to put their BIOS chip in > > concrete. Configuring a TPM chip a lot easier. > > 98% of people in this case don't really care if they are secure or not.
I said "with this use case". > >> Then I wait that you enter you password and leave machine unattended > >> and execute my cold boot attack. If you never left machine unattended > >> you don't need a chip to ensure the integrity. > > > > That's a completely different issue which you don't have a solution to > > either. > > And which makes all the hassle around TPM worth nothing Cold boot attacks can be mitigated somewhat because the BIOS would be configured to only boot from the harddrive. The BIOS would have to be reset before booting from another device, but this would break the trusted path which means that it has to happen during the attack itself. Michael -- http://michael.gorven.za.net PGP Key ID 1E016BE8 S/MIME Key ID AAF09E0E
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
