Re: TPM support status ?

[Duboucher Thomas]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Vladimir 'phcoder' Serbinenko a écrit :
>> I can imagine a world with computers you can access from free and from
>> whom you can boot with your USB pen-drive (or trust the installed OS, or
>> whatever you want). But this world is still far away from here ... :|
> TPM doesn't protect your computer from being stolen and HD wiped.

Hey, I didn't say that TPM will replace a faithful dog! :D

>> No! No! No! and No! Coreboot is not an CRTM, and then you can't speak
>> about chain of trust if you are starting it with Coreboot ... It is
>> already very difficult to consider the TPM as a CRTM since there are
>> design flaws.
> Yes! Yes! Yes! Yes! Yes! Yes! Yes! Yes! Yes! Yes! Yes! Yes! Yes! Yes!
> Yes! Yes! Yes! Yes!
> Coreboot is perfect for my use for *****.
> Did I bring any argument in last 2 lines?

Since the BIOS can be "easily" replaced, it cannot be trusted, hence you
can't build a chain of trust starting from your BIOS. It is a "little"
more difficult to replace a TPM, even more if it's holding a shared
secret. :)

>> Also, you are not owning a computer by using a chain of trust. You are
>> only sure that the software you trust on your computer haven't been
>> tampered. And you can keep trusting them, even if they have a backdoor
>> you weren't aware of! ;)
>>
> That's what open source is here for. You just said it yourself that
> you can easier trust open source than closed source and TPM doesn't
> change that.
> 
I completly agree with the first part, but you twisted the ending. :'(
I trust an open-source software, because I can see the source code (uh,
wait! what if I can't trust the compiler!). I keep trusting it because
the TPM tells me it hasn't been altered on my computer by nasty people.

>>> - Lock down via proprietary crypto chip (TPM).  Different software can
>>> happen if "attacker" figured out how to break into your TPM, which is
>>> actually quite possibly easier, not harder, than replacing hardware
>>> because the TPMs are closed systems that don't disclose their design and
>>> flaws...
>> Wow! Software hacked TPM? Software breaking into TPM? I must be missing
>> something. :|
> It's possible that using some kind of obscure power control sequence
> you can reset tpm to its boot state and then nicely ask it to do
> whatever you want.

Well, that would be a design flaw, and not very TCG compliant. Things
like this happen, and when it does, it's always a little problematic in
cryptographics.

>> Every technology has its design and its implementation, and also its
>> design flaws and implementation flaws. Remember Debian and OpenSSL.
>> Well, if a chip has a design flaw, it is more expensive to change it;
>> however, people that will truly require it will also be able to. ;)
>>
> TPM claims to e.g. protect your hd encryption keys. But what a hacker
> would do is to boot computer, wait that it retrieves the keys and then
> execute cold boot attack (in most cases it's enough to just cool RAM
> down and reboot with a USB key which will dump the memory). I don't
> spend my time on implementing a "security" which increases hacking
> cost by $15, claims to be unbreakable and can be used for evil
> purposes (in which case it's more difficult to crack)

Uh, wait! There's something I don't understand there. What's the point
in puting the whole secret in the TPM? It's like writing your passphrase
on a paper and put it under your keyboard. A clever implementation would
be using the ownership capabilities of the TPM so that the secret can be
protected by system integrity _and_ password.

>>> attestation, flawed, as soon as your RAM becomes unpredictable.  Not in
>>> a convenient way, but it should definitely be possible..)  Also, none of
>>> the airplane arguments really apply to small, non-life-critical systems.
>> Airplane manufacter aren't using ordinary computer ...
> So what?
> Example stays an interesting one and their computers probably have
> some kind of protection.

Well, I think there's computer onboard, and I think they may have some
security, but personnaly I've never worked in a department that produces
planes. This would be only pure speculations.

>> This chain of trust is useful for people that have to work with a
>> computer and data in an untrusted environnement, and that's how and what
>> it was designed for.
> Then this design is fundamentaly flawed. You just can't trust hardware
> in untrusted environment.

This is what the TCPA is trying to solve. Not an easy question, but TPM
is a good begining imho (invalid the Stoned attack scheme for example)

> Claiming to achieve impossible is an advantage proprietary security
> suites have over free ones.
> 

Yup ;)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkqMRkUACgkQBV7eXqefhqjZXgCgmGik1TszdBP3tJDlWHFkDhuS
4ooAoJA7CmS+TR0Mv7UHuOJi4mBxBhtT
=Qqm3
-----END PGP SIGNATURE-----