TPM & disk crypto
Alexander Klimov
alserkli at inbox.ru
Mon Oct 9 05:54:51 EDT 2006
On Fri, 6 Oct 2006, Erik Tews wrote:
> > And the TPM knows that your BIOS has not lied about the checksum of grub
> > how?
>
> The TPM does not know that the BIOS did not lie about the checksum of
> grub or any other bios component.
>
> What you do is, you trust your TPM and your BIOS that they never lie to
> you, because they are certified by the manufature of the system and the
> tpm. (This is why it is called trusted computing)
IIUC, TPM is pointless for disk crypto: if your laptop is stolen the
attacker can reflash BIOS and bypass TPM. Moreover, TPM is actually
bad for disk crypto: without it you lose your data only if your HDD
dies, now you lose your data if your HDD dies *or* if you motherboard
dies. If the user is not experienced in BIOS reflashing, they also
lose their data if OS crashes and refuses to boot (not uncommon for
some common OSes).
--
Regards,
ASK
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list