Re: TPM support status ?

[Vladimir 'phcoder' Serbinenko]

On Thu, Aug 20, 2009 at 9:38 AM, Michael Gorven<address@hidden> wrote:
> On Wednesday 19 August 2009 22:25:00 Vladimir 'phcoder' Serbinenko wrote:
>> > 99% of people with this use case are not going to put their BIOS chip in
>> > concrete. Configuring a TPM chip a lot easier.
>>
>> 98% of people in this case don't really care if they are secure or not.
>
> I said "with this use case".
It's also what I meant. Most sysadmins just need someone to blame if
it goes wrong.
>
>> >> Then I wait that you enter you password and leave machine unattended
>> >> and execute my cold boot attack. If you never left machine unattended
>> >> you don't need a chip to ensure the integrity.
>> >
>> > That's a completely different issue which you don't have a solution to
>> > either.
>>
>> And which makes all the hassle around TPM worth nothing
>
> Cold boot attacks can be mitigated somewhat because the BIOS would be
> configured to only boot from the harddrive. The BIOS would have to be reset
> before booting from another device, but this would break the trusted path
> which means that it has to happen during the attack itself.
It just means one needs to move memory to another computer.
>
> Michael
>
> --
> http://michael.gorven.za.net
> PGP Key ID 1E016BE8
> S/MIME Key ID AAF09E0E
>
> _______________________________________________
> Grub-devel mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/grub-devel
>
>



-- 
Regards
Vladimir 'phcoder' Serbinenko

Personal git repository: http://repo.or.cz/w/grub2/phcoder.git