On Thu, Aug 20, 2009 at 9:38 AM, Michael Gorven<mich...@gorven.za.net> wrote: > On Wednesday 19 August 2009 22:25:00 Vladimir 'phcoder' Serbinenko wrote: >> > 99% of people with this use case are not going to put their BIOS chip in >> > concrete. Configuring a TPM chip a lot easier. >> >> 98% of people in this case don't really care if they are secure or not. > > I said "with this use case". It's also what I meant. Most sysadmins just need someone to blame if it goes wrong. > >> >> Then I wait that you enter you password and leave machine unattended >> >> and execute my cold boot attack. If you never left machine unattended >> >> you don't need a chip to ensure the integrity. >> > >> > That's a completely different issue which you don't have a solution to >> > either. >> >> And which makes all the hassle around TPM worth nothing > > Cold boot attacks can be mitigated somewhat because the BIOS would be > configured to only boot from the harddrive. The BIOS would have to be reset > before booting from another device, but this would break the trusted path > which means that it has to happen during the attack itself. It just means one needs to move memory to another computer. > > Michael > > -- > http://michael.gorven.za.net > PGP Key ID 1E016BE8 > S/MIME Key ID AAF09E0E > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > http://lists.gnu.org/mailman/listinfo/grub-devel > >
-- Regards Vladimir 'phcoder' Serbinenko Personal git repository: http://repo.or.cz/w/grub2/phcoder.git _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
