2009/8/20 Michael Gorven <mich...@gorven.za.net>: > On Thursday 20 August 2009 10:20:02 Michal Suchanek wrote: >> 2009/8/20 Michael Gorven <mich...@gorven.za.net>: >> > On Thursday 20 August 2009 09:59:42 Michal Suchanek wrote: >> >> 2009/8/20 Michael Gorven <mich...@gorven.za.net>: >> >> > On Thursday 20 August 2009 09:49:06 Michal Suchanek wrote: >> >> >> 2009/8/20 Michael Gorven <mich...@gorven.za.net>: >> >> >> > On Wednesday 19 August 2009 21:21:28 Michal Suchanek wrote: >> >> >> >> Tell me one technical benefit of TPM over coreboot. >> >> >> > >> >> >> > Coreboot doesn't provide protected storage of secrets (e.g. >> >> >> > harddrive decryption keys). >> >> >> >> >> >> TPM does not either at the time the BIOS is loaded. Remember, it's >> >> >> the CPU what's running the BIOS, not the TPM chip. >> >> >> >> >> >> Only after BIOS enables TPM or coreboot enables any crypto device you >> >> >> choose you get any secrets or keys. >> >> > >> >> > So? It's still protected storage. You can read a BIOS chip, but you >> >> > can't just read the contents of a TPM chip. >> >> >> >> You can use decent crypto storage rather than half-broken TPM. There >> >> is no advantage to using it. >> > >> > Like what? >> >> There is hardware for secure key storage which you can put into some >> card slot or USB and unlike TPM you can also remove it and store >> separately from the computer which greatly decreases the chance that >> your data would be compromised if your computer is stolen. > > But that doesn't protect the machine (and crypto card) from being physically > compromised, so it's not the same as TPM.
How does TPM protest your machine from physical access? I thought it's a small chip somewhere on the board, not a steel case around the machine. Thanks Michal _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
