> > You are of course correct. I advised an integrity value just to detect > > a hardware or software fault. The check value would not protect against an > > attack. > > Fair enough, but why protect these bits specifically? > E.g. disk corruption seems more likely (since it's bigger). Add > integrity at that level? Why even stop at detection, let's do error > correction ...
Why ... just because it's a security device. Whenever I code for security, I add layers of protection, constantly looking for "this should never happen" cases. It might be just a small benefit, but hashing a few kbytes is a small part of TPM startup time, and the function is already there. Think of it as part of the larger (and required) TPM self test that a TPM must do.
