Alex Besogonov wrote:
[skip]
>>> As far as I understand - no.
>> Actually - it is.
>> Check the "TCG PC Client Specific Implementation Specification for
>> Conventional
>> Bios" or "TCG PC Specific Implementation Specification" at
>> https://www.trustedcomputinggroup.org/specs/PCClient/
>> and loo
On Friday 20 February 2009 02:29:50 Jan Alsenz wrote:
> So in the end (after boot) you have a bunch of PCR values, that represent
> all the code and data, that was used to boot the system. If you have this
> and are sure, that the current configuration is correct, you have a
> reference value of th
On Fri, Feb 20, 2009 at 2:29 AM, Jan Alsenz wrote:
[skip]
>The TPM can proof to another party, that the PCRs have certain values
> (of
> course the communication needs to be established by normal software running on
> the machine)
Yes, I'm trying to do remote attestation.
> Alex Besogono
Hi!
Alright, lets try to make sure everyone is talking about the same things here.
First of all a TPM is not just some kind of secure memory only accessible from
early BIOS, it basically is a small computer. You can only send it commands, and
it can "decide" to reject them, e.g. if you try to rea
On Thu, Feb 19, 2009 at 9:30 PM, phcoder wrote:
>> Yes, but that's way too hard.
> Sure? There was a demonstration when rsa key was recovered just by plotting
> variations on powerline of usb port
TPM performs encoding/decoding, and I consider it secure.
I don't think it's possible to recover the
Alex Besogonov wrote:
First of all your system is still totally vulnerable to emanation and
power analysis or hw tampering.
Yes, but that's way too hard.
Sure? There was a demonstration when rsa key was recovered just by
plotting variations on powerline of usb port
And what about cache attac
>First of all your system is still totally vulnerable to emanation and
>power analysis or hw tampering.
Yes, but that's way too hard.
>By reflashing bios one can bypass all
>tpm protections (don't say it's difficult because it's closed source and
>so on. Look at all closed source obfuscations/pseu
As I understand from his letters and from a quick look at tgrub all he
needs is to ensure the chain of verification. It seems that tgrub never
reads tpm key. Even if we one finds tpm acceptable way to check OS
integrity I don't see why we would rely on it if more universal approach
is possible
The hard part is initializing the hardware without the use of the
original BIOS - the specifics of initializing various chips are not
public, and probably depend on companion hardware and/or trace length
on the particular board as well.
It's not actually needed. If one can nop tpm code in bios t
2009/2/19 phcoder :
> First of all your system is still totally vulnerable to emanation and power
> analysis or hw tampering. By reflashing bios one can bypass all tpm
> protections (don't say it's difficult because it's closed source and so on.
> Look at all closed source obfuscations/pseudo-prote
On Thu, 19 Feb 2009 16:05:10 +0100
phcoder wrote:
> Personally if tpm support is merged into mainline grub2 I'll stop using
> it. However what you request doesn't need tpm. Authenticity of modules,
> configuration files and so on can be verified by one of 4 methods:
> 1) internal signatures
> 2
Hi,
This patch contains several important update for x86_64 efi:
1, Support memory larger than 2G.
2, Fix a bug in efi_call_6 that could cause chainloadering osx to fail.
3, Improve the method to detect frame buffer address and line length
in linux loader.
2009-02-19 Bean
* configure
First of all your system is still totally vulnerable to emanation and
power analysis or hw tampering. By reflashing bios one can bypass all
tpm protections (don't say it's difficult because it's closed source and
so on. Look at all closed source obfuscations/pseudo-protections that
get cracked
On Wed, Feb 18, 2009 at 11:05 PM, Jan Alsenz wrote:
> I've recently started porting TrustedGRUB (
> http://sourceforge.net/projects/trustedgrub ) to GRUB2.
> I didn't get too far as I don't have too much time right now, but I managed to
> complete the MBR bootloader.
Great! MBR is the most scary p
On Thu, Feb 19, 2009 at 12:03 AM, Isaac Dupree
wrote:
>> I know. But there's no way to guard against this attack, so there's no
>> sense fretting over it for now.
> well, it's relatively straightforward for an attacker who knows what they're
> doing, so perhaps you should assume that *privacy* is
15 matches
Mail list logo
