sad treacherous computing day

Alex Hudson home at
Tue May 8 22:03:49 UTC 2007

On Tue, 2007-05-08 at 23:47 +0200, Alfred M. Szmidt wrote:
>    An attacker who has physical access to your machine can pull the
>    disk and put his own kernel on it that will perform his own
>    nefarious tasks. But if you made use of the TC module then I
>    believe you can prevent him from being able to do this -- the
>    system will simply refuse to load his modified kernel.
> The attackar can then copy all data, install keyloggers, trojans,
> backdoors and what not, so you are SOL anyway.

That's not correct; at least, not with this hardware. If the data is
protected by TPM (e.g., encrypted with a TPM-controlled key) he could
copy it but not read it, and if the OS' TPM protection was enabled
(e.g., only able to run binaries signed with a TPM-controlled key) then
he wouldn't be able to install that software in a way that it actually

The best an attacker would be able to do would be to swap out the
hardware of yours with something he had control of; but even then, the
TPM in the new hardware (if it even existed) wouldn't be able to access
your data since the encryption keys in the hardware would be different -
you'd basically have to retrieve the keys out of the TPM chip via
scanning electron microscopes or some such.

In many ways, a TPM chip isn't that much different to the FSFE
membership card - you can have encryption keys in the hardware which are
pretty tough to extract, and if the user has control over those, there
are a lot of security features you can turn on. The fact that it's
inbuilt into the hardware makes it tough to tamper with.

It cuts both ways: it's very useful technology, and it's pretty well
designed. If it were easy to bypass, people wouldn't care about
manufacturers using it for other purposes (e.g., DRM systems). 

> This begs another question, how can you trust that the TC module
> doesn't have a backdoor?  Atleast with software, I can disect the
> assembly output.

That's not a problem particular to TPM chips ;)



More information about the Discussion mailing list