TPM & disk crypto
Alexander Klimov
alserkli at inbox.ru
Tue Oct 10 13:26:39 EDT 2006
On Mon, 9 Oct 2006, James A. Donald wrote:
> Well obviously I trust myself, and do not trust anyone else all that
> much, so if I am the user, what good is trusted computing?
>
> One use is that I can know that my operating system has not changed
> behind the scenes, perhaps by a rootkit, know that not only have I
> not changed the operating system, but no one else has changed the
> operating system.
The argument that TPM can prevent trojans seems to imply that the
trojans are installed by modification of raw storage while the OS is
offline. Probably, this can be a case for malicious internet-cafes,
but 99.9% of trojans on home PCs of normal people are installed when
the OS is active (0.1% is for trojans installed by law enforcement).
(Of course, an attacker with physical access can install physical
trojans: hardware keylogger and camera.) Since a regular installation
should not change ``reported OS hash,'' TPM will not be able to detect
the difference. Am I missing something?
Btw, how the TCG allows to regularly change the kernel for security
patches and still keep the same ``reported hash''?
--
Regards,
ASK
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list