> > You are of course correct. I advised
an integrity value just to detect
> > a hardware or software fault. The check value would not
protect against an
> > attack.
>
> Fair enough, but why protect these bits specifically?
> E.g. disk corruption seems more likely (since it's bigger). Add
> integrity at that level? Why even stop at detection, let's do error
> correction ...
Why ... just because it's a security device. Whenever
I code for security, I add layers of protection, constantly looking for
"this should never happen" cases.
It might be just a small benefit, but hashing a few
kbytes is a small part of TPM startup time, and the function is already there.
Think of it as part of the larger (and required) TPM self test that a
TPM must do.