1 |
On Mon, Mar 30, 2015 at 4:09 AM, Mick <michaelkintzios@×××××.com> wrote: |
2 |
> On Monday 30 Mar 2015 01:52:14 Rich Freeman wrote: |
3 |
>> On Sun, Mar 29, 2015 at 8:32 PM, Walter Dnes <waltdnes@××××××××.org> wrote: |
4 |
>> > Be careful what you wish for. I have my doubts that TPM chips would |
5 |
>> > |
6 |
>> > boot linux with Microsoft offering "volume discounts" to OEMS. Call me |
7 |
>> > cynical. |
8 |
>> |
9 |
>> TPM chips don't control what boots. They just accept the hash of the |
10 |
>> bootloader reported by the firmware and store it (and that is it as |
11 |
>> far as the OEM's contribution to the process). |
12 |
> |
13 |
> Rich, the problem with TPM as I understand it is that the private key in the |
14 |
> TPM chip is not yours, generated on your trusted platform, but the TPM |
15 |
> manufacturer's and is burned into the TPM chip at the time of production. If |
16 |
> the TPM OEMs are in US or within the sphere of influence of the US, then I |
17 |
> would consider this key as good as compromised. |
18 |
|
19 |
As far as I'm aware, using a TPM for full-disk encryption does not |
20 |
rely on any keys pre-installed in the TPM. Typically you install your |
21 |
own key or have the TPM generate one for you. All the TPM does is |
22 |
refuse to divulge the key unless the firmware reported that the |
23 |
bootloader hash matches what you told it to look out for, and the |
24 |
bootloader reported that the kernel hash matches what you told it to |
25 |
look for (and you can go beyond that, but only if you are using a |
26 |
distro that signs its userspace, which I believe is a direction RedHat |
27 |
is going). |
28 |
|
29 |
However, if the TPM or firmware has a back-door, then I'll certainly |
30 |
grant that the NSA can read your hard drive. They don't even need to |
31 |
compromise the TPM - the firmware alone is capable of compromising the |
32 |
trusted boot path. It just needs to tell the TPM that it booted your |
33 |
trusted bootloader when it really booted something else. |
34 |
|
35 |
Securing your system isn't really about keeping the NSA out. If they |
36 |
want in, they're probably already in. Sure, it might be |
37 |
hypothetically possible to keep them out, but it would take far more |
38 |
effort than almost anybody is going to be willing to put in. A TPM |
39 |
will likely do a very effective job at keeping the 99.9999999% of |
40 |
people on the Earth who aren't the NSA out, which seems to be good |
41 |
enough for just about every company on the planet, since most secure |
42 |
their laptops with TPMs. |
43 |
|
44 |
-- |
45 |
Rich |