TPM & disk crypto
Ivan Krstić
krstic at solarsail.hcs.harvard.edu
Thu Oct 12 14:00:13 EDT 2006
Travis H. wrote:
> I can validate everything else, but as long as the BIOS is
> motherboard-specific and closed source, I don't see why I should trust
> it. We need to get rid of this legacy crud. LinuxBIOS is a good step
> but unfortunately it is only supported on a few motherboards.
We're shipping LinuxBIOS on the One Laptop per Child machines.
> No BIOS
> I know of has a semblance of security, given temporary physical access
> to the machine.
I came up with a scheme that lets us do a "secure BIOS" without a TPM;
bypassing it without a PLCC would be extremely difficult. I'm not yet
certain if we'll end up shipping a PLCC socket on the final hardware,
but if not, I suspect you'd be hard-pressed to do much to the BIOS
protection even with physical access, short of un-soldering and
re-soldering a different SPI flash chip to the motherboard. That was
explicitly not part of my threat model.
--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | GPG: 0x147C722D
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list