TPM & disk crypto
Travis H.
solinym at gmail.com
Tue Oct 10 15:43:02 EDT 2006
On 10/9/06, Adam Back <adam at cypherspace.org> wrote:
> The bad part is that the user is not given control to modify the hash
> and attest as if it were the original so that he can insert his own
> code, debug, modify etc.
>
> (All that is needed is a debug option in the BIOS to do this that only
> the user can change, via BIOS setup.)
Actually, it's the BIOS I don't trust.
I can validate everything else, but as long as the BIOS is
motherboard-specific and closed source, I don't see why I should trust
it. We need to get rid of this legacy crud. LinuxBIOS is a good step
but unfortunately it is only supported on a few motherboards. No BIOS
I know of has a semblance of security, given temporary physical access
to the machine.
BTW, the x86 microcode updates are performed by the BIOS IIRC and
require no hardware settings. Is there any reason you can't update
the processor microcode later on in the boot process?
--
"The obvious mathematical breakthrough would be the development of an
easy way to factor large prime numbers.'' [sic] -- Bill Gates -><-
<URL:http://www.lightconsulting.com/~travis/>
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list