| 1 |
On Mon, Mar 30, 2015 at 4:09 AM, Mick <michaelkintzios@×××××.com> wrote: |
| 2 |
> On Monday 30 Mar 2015 01:52:14 Rich Freeman wrote: |
| 3 |
>> On Sun, Mar 29, 2015 at 8:32 PM, Walter Dnes <waltdnes@××××××××.org> wrote: |
| 4 |
>> > Be careful what you wish for. I have my doubts that TPM chips would |
| 5 |
>> > |
| 6 |
>> > boot linux with Microsoft offering "volume discounts" to OEMS. Call me |
| 7 |
>> > cynical. |
| 8 |
>> |
| 9 |
>> TPM chips don't control what boots. They just accept the hash of the |
| 10 |
>> bootloader reported by the firmware and store it (and that is it as |
| 11 |
>> far as the OEM's contribution to the process). |
| 12 |
> |
| 13 |
> Rich, the problem with TPM as I understand it is that the private key in the |
| 14 |
> TPM chip is not yours, generated on your trusted platform, but the TPM |
| 15 |
> manufacturer's and is burned into the TPM chip at the time of production. If |
| 16 |
> the TPM OEMs are in US or within the sphere of influence of the US, then I |
| 17 |
> would consider this key as good as compromised. |
| 18 |
|
| 19 |
As far as I'm aware, using a TPM for full-disk encryption does not |
| 20 |
rely on any keys pre-installed in the TPM. Typically you install your |
| 21 |
own key or have the TPM generate one for you. All the TPM does is |
| 22 |
refuse to divulge the key unless the firmware reported that the |
| 23 |
bootloader hash matches what you told it to look out for, and the |
| 24 |
bootloader reported that the kernel hash matches what you told it to |
| 25 |
look for (and you can go beyond that, but only if you are using a |
| 26 |
distro that signs its userspace, which I believe is a direction RedHat |
| 27 |
is going). |
| 28 |
|
| 29 |
However, if the TPM or firmware has a back-door, then I'll certainly |
| 30 |
grant that the NSA can read your hard drive. They don't even need to |
| 31 |
compromise the TPM - the firmware alone is capable of compromising the |
| 32 |
trusted boot path. It just needs to tell the TPM that it booted your |
| 33 |
trusted bootloader when it really booted something else. |
| 34 |
|
| 35 |
Securing your system isn't really about keeping the NSA out. If they |
| 36 |
want in, they're probably already in. Sure, it might be |
| 37 |
hypothetically possible to keep them out, but it would take far more |
| 38 |
effort than almost anybody is going to be willing to put in. A TPM |
| 39 |
will likely do a very effective job at keeping the 99.9999999% of |
| 40 |
people on the Earth who aren't the NSA out, which seems to be good |
| 41 |
enough for just about every company on the planet, since most secure |
| 42 |
their laptops with TPMs. |
| 43 |
|
| 44 |
-- |
| 45 |
Rich |
Archives