Free Rootkit with Every New Intel Machine
Jacob Appelbaum
jacob at appelbaum.net
Tue Jun 26 17:29:34 EDT 2007
Jon Callas wrote:
>
> On Jun 25, 2007, at 7:23 PM, Matt Johnston wrote:
>
>> On Mon, Jun 25, 2007 at 04:42:56PM +1200, David G. Koontz wrote:
>>> Apple (mis)uses
>>> TPM to unsuccessfully prevent OS X from running on non-Apple Hardware.
>>> All Apple on Intel machines have TPM, that's what 6 percent of new PCs?
>>
>> To nit pick, the TPM is only present in some Apple Intel
>> machines and isn't used in any of them. See
>> http://osxbook.com/book/bonus/chapter10/tpm/
>>
>> Their OS decryption key is just stored in normal firmware,
>> unprotected AIUI.
Are you discussing how they handle their encrypted swap, encrypted disk
(via FileVault) or their encrypted sleep image? I was unaware that Apple
had implemented full root file system encryption.
>
> They've apparently stopped shipping TPMs. There isn't one on my MacBook
> Pro from last November, and it is missing on my wife's new Santa Rosa
> machine.
>
> If you want to see if a machine has one, then the command:
>
> sudo ioreg -w 0 | grep -i tpm
>
> should give something meaningful. Mine reports the existence of
> ApplePCISlotPM, but that's not the same thing.
>
A positive match looks like this:
| +-o ApplePCISlotPM <class ApplePCISlotPM, !registered, !matched,
active, busy 0, retain count 8>
| +-o TPM <class IOACPIPlatformDevice, registered, matched, active,
busy 0, retain count 6>
Regards,
Jacob Appelbaum
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list