On 22/02/2009, phcoder <phco...@gmail.com> wrote: > > > > > In any case, if your attacker is that much determined to archieve their > goal, > > > reverse engineering a small chip isn't going to stop them. > > > > > Reverse engineering the TPM chip is very costly. And I'm not going to try > to protect data from NSA or CIA or another three-letter agency. > > > On this you have to trust the manufacturer. Actually you can't know how > difficult reverse-engineering is before you do. And it's only a matter of > time before some crypto-hardware geek reverse-engineers it because he was > bored or a crypto-student does it because it gives him an excellent diploma. > This is quite possible because universities often have the necessary > equipment and diploma works are supposed to be long and difficult. At this > point reading a publication and using its results is trivial. And look at > reverse-engineered opensource drivers. It's just a matter of obfuscation and > we already know that it brings no security. If you want to protect your keys > the only ways is to physically protect them like putting concrete around the > flash chip
Hmm, so let me collect the data from this discussion: There is somebody who wants to lock his own computer in software so that his data is not easily accessible. For some reason he wants to store the data encrypted in multiple locations rather than using a simple terminal to retreive the data over network which makes things needlessly hard. He can have a custom solution developed for the purpose (like take an ALIX board and have the BIOS on it customized and have the flash chip covered with concrete ;-) He can also use a ready made solution - a board with a TPM chip. Now I am not sure how secure this solution is. You can usually remove the battery to reset BIOS password, reflash the BIOS, etc. Since manufacturers claim (or used to) that you can pry the TPM chip off your board and it will still work the board is bootstrapped by the main CPU, not the TPM. This makes it possible to short some pins on the TPM chip so that is cannot be accessed during boot, boot a virtual machine, and have the BIOS initialize the chip inside that. There's also the possibility to remove the RAM from a running computer given you find out what kind of RAM it uses and get a different compatible computer. Generally this shifts the attack from the realm of plain vandalism to the realm of planned attack which is certainly a bonus. Still I would rather rely on a custom solution because I would know exactly what it does. The manufacturers of PC mainboards tend to not release exact specifications and there are often serious problems. Still finding the flaw in the particular mainboard would probably take some non-trivial effort. If the attacker just wants to break something there would likely be easier targets. If you are specifically targeted you are doomed. Hire a security agency to guard your computers so that you can blame them when the data is stolen. Now to the TPM support in GRUB. It appears that if grub supports *any* integrity check of the loaded software, and the BIOS can make the TPM check GRUB you are set, the GRUB itself needs not talk to the TPM diractly, it's just a nice bonus. And if somebody wanted to lock your computer from you they would ship it with software that does it, they would not have to rely on GRUB. Most likely GRUB would not be able to load their system anyway. This makes the TPM support debate seem quite pointless. Well, enjoy the flames ;-) MS _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel