Re: TPM support status ?

[Michael Gorven]

On Wed, Aug 19, 2009 at 08:01:06PM +0200, Vladimir 'phcoder' Serbinenko wrote:
> > I can imagine a world with computers you can access from free and from
> > whom you can boot with your USB pen-drive (or trust the installed OS, or
> > whatever you want). But this world is still far away from here ... :|
> TPM doesn't protect your computer from being stolen and HD wiped.

No it doesn't, and that's not what I'm trying to avoid.

> > Also, you are not owning a computer by using a chain of trust. You 
> > are
> > only sure that the software you trust on your computer haven't been
> > tampered. And you can keep trusting them, even if they have a backdoor
> > you weren't aware of! ;)
> That's what open source is here for. You just said it yourself that
> you can easier trust open source than closed source and TPM doesn't
> change that.

So make an open hardware TPM chip.

> > > - Lock down via proprietary crypto chip (TPM).  Different software can
> > > happen if "attacker" figured out how to break into your TPM, which is
> > > actually quite possibly easier, not harder, than replacing hardware
> > > because the TPMs are closed systems that don't disclose their design and
> > > flaws...
> > Wow! Software hacked TPM? Software breaking into TPM? I must be missing
> > something. :|
> It's possible that using some kind of obscure power control sequence
> you can reset tpm to its boot state and then nicely ask it to do
> whatever you want.

Yes, and then the decryption key is gone and my data is safe.

> > Every technology has its design and its implementation, and also its
> > design flaws and implementation flaws. Remember Debian and OpenSSL.
> > Well, if a chip has a design flaw, it is more expensive to change it;
> > however, people that will truly require it will also be able to. ;)
> TPM claims to e.g. protect your hd encryption keys. But what a hacker
> would do is to boot computer, wait that it retrieves the keys and then
> execute cold boot attack (in most cases it's enough to just cool RAM
> down and reboot with a USB key which will dump the memory). I don't
> spend my time on implementing a "security" which increases hacking
> cost by $15, claims to be unbreakable and can be used for evil
> purposes (in which case it's more difficult to crack)

It's still more secure than your solutions.

> > This chain of trust is useful for people that have to work with a
> > computer and data in an untrusted environnement, and that's how and what
> > it was designed for.
> Then this design is fundamentaly flawed. You just can't trust hardware
> in untrusted environment.
> Claiming to achieve impossible is an advantage proprietary security
> suites have over free ones.

Yes it's impossible, but TPM moves it a lot closer.

--
http://michael.gorven.za.net/
PGP Key ID 6612FE85
S/MIME Key ID AAF09E0E

signature.asc
Description: Digital signature