Re: A _good_ and valid use for TPM

[Michal Suchanek]

On 22/02/2009, phcoder <address@hidden> wrote:
> >
> > > In any case, if your attacker is that much determined to archieve their
> goal,
> > > reverse engineering a small chip isn't going to stop them.
> > >
> > Reverse engineering the TPM chip is very costly. And I'm not going to try
> to protect data from NSA or CIA or another three-letter agency.
> >
>  On this you have to trust the manufacturer. Actually you can't know how
> difficult reverse-engineering is before you do. And it's only a matter of
> time before some crypto-hardware geek reverse-engineers it because he was
> bored or a crypto-student does it because it gives him an excellent diploma.
> This is quite possible because universities often have the necessary
> equipment and diploma works are supposed to be long and difficult. At this
> point reading a publication and using its results is trivial. And look at
> reverse-engineered opensource drivers. It's just a matter of obfuscation and
> we already know that it brings no security. If you want to protect your keys
> the only ways is to physically protect them like putting concrete around the
> flash chip

Hmm, so let me collect the data from this discussion:

There is somebody who wants to lock his own computer in software so
that his data is not easily accessible.

For some reason he wants to store the data encrypted in multiple
locations rather than using a simple terminal to retreive the data
over network which makes things needlessly hard.

He can have a custom solution developed for the purpose (like take an
ALIX board and have the BIOS on it customized and have the flash chip
covered with concrete ;-)

He can also use a ready made solution - a board with a TPM chip.

Now I am not sure how secure this solution is. You can usually remove
the battery to reset BIOS password, reflash the BIOS, etc.

Since manufacturers claim (or used to) that you can pry the TPM chip
off your board and it will still work the board is bootstrapped by the
main CPU, not the TPM. This makes it possible to short some pins on
the TPM chip so that is cannot be accessed during boot, boot a virtual
machine, and have the BIOS initialize the chip inside that.

There's also the possibility to remove the RAM from a running computer
given you find out what kind of RAM it uses and get a different
compatible computer.

Generally this shifts the attack from the realm of plain vandalism to
the realm of planned attack which is certainly a bonus.

Still I would rather rely on a custom solution because I would know
exactly what it does. The manufacturers of PC mainboards tend to not
release exact specifications and there are often serious problems.

Still finding the flaw in the particular mainboard would probably take
some non-trivial effort.
If the attacker just wants to break something there would likely be
easier targets. If you are specifically targeted you are doomed. Hire
a security agency to guard your computers so that you can blame them
when the data is stolen.

Now to the TPM support in GRUB.

It appears that if grub supports *any* integrity check of the loaded
software, and the BIOS can make the TPM check GRUB you are set, the
GRUB itself needs not talk to the TPM diractly, it's just a nice
bonus.

And if somebody wanted to lock your computer from you they would ship
it with software that does it, they would not have to rely on GRUB.
Most likely GRUB would not be able to load their system anyway.

This makes the TPM support debate seem quite pointless.

Well, enjoy the flames ;-)

MS