| 1 |
On Sat, Dec 19, 2015 at 4:06 PM, Grant Edwards |
| 2 |
<grant.b.edwards@×××××.com> wrote: |
| 3 |
> On 2015-12-19, Mick <michaelkintzios@×××××.com> wrote: |
| 4 |
> |
| 5 |
>> http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html |
| 6 |
> |
| 7 |
> If somebody can touch your computer while it's booting, the game's |
| 8 |
> over anyway... |
| 9 |
> |
| 10 |
|
| 11 |
Actually, not necessarily, though there is still room to go. |
| 12 |
|
| 13 |
With a TPM-backed full disk encryption scheme you can basically |
| 14 |
prevent most attacks based on physical control. If you were to go a |
| 15 |
step further and secure RAM and bus IO (we're not quite there yet) you |
| 16 |
could probably make almost any hardware attack completely impractical. |
| 17 |
If you have TPM-backed encryption and you assume the software itself |
| 18 |
is secure then to attack it you're going to have to actually intercept |
| 19 |
data off the bus, or from RAM. You certainly can't just install some |
| 20 |
rootkit by booting from alternate media, or remove the drives and |
| 21 |
attack them from another device you control. That is, unless you |
| 22 |
defeat the TPM, which is certainly within the realm of the laws of |
| 23 |
physics, but in practice everything about a TPM's design is intended |
| 24 |
to prevent that attack. |
| 25 |
|
| 26 |
-- |
| 27 |
Rich |
Archives