2009/8/19 Vladimir 'phcoder' Serbinenko <phco...@gmail.com>: > On Wed, Aug 19, 2009 at 10:57 PM, Duboucher Thomas<tho...@duboucher.eu> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Michal Suchanek a écrit : >>>>> Without threat model we're speaking placebo. >>>>> >>>> Stoned Bootkit? >>> >>> Coreboot can prevent that as well as TPM can. >>> >> >> Coreboot can be "stoned" as easily as your MBR since you can easily >> rewrite the MBR from the software. On MB that does not support online >> overwriting, you may require physical access (but since you already have >> to do some dirt work to replace your RO BIOS, that is not really difficult). > You can remove TPM too
That would remove the keys, too. And the chips are designed to erase them in this case because then you could copy your media files from one device to other and not buy media for each device separately. But the bios on most boards is removable and/or upgradeable in place so you can do the same with TPM+BIOS as you could with coreboot+any crypto you choose but you get much fewer options in the case of TPM+BIOS. Thanks Michal _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel