Re: A _good_ and valid use for TPM

2009-02-18 Thread Isaac Dupree
Alex Besogonov wrote: > On Wed, Feb 18, 2009 at 4:52 PM, Isaac Dupree > > wrote: > > Alex Besogonov wrote: > > But guess what? While your system is running, they can take out your RAM > > and read it (disk-encryption key and all) before the RAM forgets its > > contents, see e.g. http://blogs.zdne

Re: A _good_ and valid use for TPM

2009-02-18 Thread Alex Besogonov
On Wed, Feb 18, 2009 at 4:52 PM, Isaac Dupree wrote: > Alex Besogonov wrote: > But guess what? While your system is running, they can take out your RAM and > read it (disk-encryption key and all) before the RAM forgets its contents, see > e.g. http://blogs.zdnet.com/security/?p=900 I know. But th

Re: A _good_ and valid use for TPM

2009-02-18 Thread Isaac Dupree
Alex Besogonov wrote: > There's no way to break this chain of trust without hacking TPM (which > I consider very unlikely) fair to say "unlikely" > doing uber-dirty hardware tricks (like > modifying RAM on-the-fly using DMA from rogue PCI devices) yeah, it's probably technically possible, but en

Re: A _good_ and valid use for TPM

2009-02-18 Thread Alex Besogonov
>I don't know much about TPM but from example that I read at >TreacherousGrub website actual verification is done by TreachorousGrub. >I don't see how such a verification can protect against anything. Wrong. The main concept in TPM is "chain of trust". First, BIOS attests that the first stage of G

Re: A _good_ and valid use for TPM

2009-02-18 Thread phcoder
I don't know much about TPM but from example that I read at TreacherousGrub website actual verification is done by TreachorousGrub. I don't see how such a verification can protect against anything. If you suppose that your attacker is unable to tamper the hardware then bios and grub password is

Re: Booting Xen dom0 with Grub2

2009-02-18 Thread Emmanuel Jeanvoine
Do you mean: at the bootime or once the system is booted ? Regards, Emmanuel Le Wed, 18 Feb 2009 09:14:21 +0100, phcoder a écrit : > Hello. multiboot implementation of grub2 isn't complete yet. This is > one possible reason. Can you supply us with the output of displaymem > under grub1 and of l

A _good_ and valid use for TPM

2009-02-18 Thread Alex Besogonov
I know that TPM has been mentioned several times on this list. With absolutely inadequate knee-jerk reactions from GRUB developers :( Currently I have a problem - I need to protect confidential private data (we try to protect privacy of our customers) from the _physical_ theft of the server. A sim

Re: Booting Xen dom0 with Grub2

2009-02-18 Thread phcoder
Hello. multiboot implementation of grub2 isn't complete yet. This is one possible reason. Can you supply us with the output of displaymem under grub1 and of lsmmap under grub2 Regards Vladimir 'phcoder' Serbinenko Emmanuel Jeanvoine wrote: Hi all, I try to boot a Xen dom0 with grub2 on a Lenny