| 1 |
On Sat, Nov 29, 2014 at 6:44 PM, Mick <michaelkintzios@×××××.com> wrote: |
| 2 |
> |
| 3 |
> Thanks Rich, it seems not all modern MoBos have it. This doesn't: |
| 4 |
> |
| 5 |
|
| 6 |
Interesting, I had really thought they were ubiquitous. |
| 7 |
|
| 8 |
> |
| 9 |
> If I enable this TPM thing, do I automatically open ports at pre/post-boot |
| 10 |
> time giving access to my machine? Or is remote attestation something I have a |
| 11 |
> say over? |
| 12 |
> |
| 13 |
|
| 14 |
It has to be implemented in software. The only thing the chip does is |
| 15 |
let software call it and ask it to sign data. The chip can't talk to |
| 16 |
the network on its own. |
| 17 |
|
| 18 |
Remote attestation doesn't actually give anybody access to your |
| 19 |
machine. Now, it does let you prove to somebody that they actually do |
| 20 |
have access to your machine, if you installed software that gave them |
| 21 |
access. Suppose I gave you a piece of software and asked you to |
| 22 |
install it on your machine so that I could evesdrop on everything you |
| 23 |
do. If you refuse to do it I'll fire you from your job. Without |
| 24 |
remote attestation you could install that software in a VM or emulator |
| 25 |
somewhere and tell me you complied, and it would be impossible for me |
| 26 |
to tell that you did this if your VM was well-implemented. On the |
| 27 |
other hand, if my software implemented remote attestation then the |
| 28 |
best you could do is block it, in which case I brand you as |
| 29 |
non-compliant and fire you. With remote attestation I could get a |
| 30 |
list of the boot path from the firmware to my software and see if |
| 31 |
there is anything in it that could tamper with my software. If I |
| 32 |
dictate that you have to run TrustedCo Linux v5 then I could see that |
| 33 |
you're running an unpatched version of it and know that my process is |
| 34 |
directly talking to the kernel, which I know doesn't let you tamper |
| 35 |
with it, and that kernel is directly running on the hardware having |
| 36 |
been loaded by a trusted firmware/bootloader. |
| 37 |
|
| 38 |
> Also, what happens if the TPM chip, or the whole MoBo blows up? Will I ever |
| 39 |
> be able to access my data using another PC? |
| 40 |
|
| 41 |
Only if you encrypted it. A TPM chip doesn't do much more than except |
| 42 |
store and retrieve data, and digitally sign things. It just tends to |
| 43 |
be used in a way that greatly limits the ability of arbitrary |
| 44 |
processes to access the data stored on the chip. |
| 45 |
|
| 46 |
With Linux you're basically completely in control. You choose to |
| 47 |
encrypt your drive and store the key in the TPM, and you instruct the |
| 48 |
TPM to only hand it over under the conditions you specify, such as a |
| 49 |
particular bootloader, kernel, and initramfs (or something like that - |
| 50 |
I've never implemented it myself). If somebody tries to boot your |
| 51 |
system with some other kernel/bootloader/initramfs then the TPM will |
| 52 |
not have the valid signature chain and it will refuse to divulge your |
| 53 |
full-disk encryption key. I imagine that you could generate the key |
| 54 |
outside the TPM and keep a copy of it somewhere and load it into the |
| 55 |
TPM, so that if you mess up you can just mount it manually. |
| 56 |
|
| 57 |
It is a bit like UEFI - if you use it properly it becomes a tool which |
| 58 |
allows the device owner to secure his own device against other |
| 59 |
intruders. The problems only come when people want to treat your |
| 60 |
device as if it is their device. With Linux you control almost all of |
| 61 |
it, though I would GREATLY prefer it if TPM chips did not come with |
| 62 |
vendor-supplied certificates (that is, if there was no way for anybody |
| 63 |
to determine if the master key inside was externally loaded by the end |
| 64 |
user or not). If they didn't come pre-loaded with certificates then |
| 65 |
they would be just as usable for securing your own machine (since you |
| 66 |
could add your own certificate/etc), but they would be useless for DRM |
| 67 |
(since no key was ever in the chip at a time when it was in the |
| 68 |
possession of somebody trusted by the media companies). |
| 69 |
|
| 70 |
I also don't have much more than a general interest in this area, so |
| 71 |
I'm sure there are some fine details above which are inaccurate. The |
| 72 |
gist of it should be right though. |
| 73 |
|
| 74 |
-- |
| 75 |
Rich |
Archives