sad treacherous computing day
Alex Hudson
home at alexhudson.com
Tue May 8 22:03:49 UTC 2007
On Tue, 2007-05-08 at 23:47 +0200, Alfred M. Szmidt wrote:
> An attacker who has physical access to your machine can pull the
> disk and put his own kernel on it that will perform his own
> nefarious tasks. But if you made use of the TC module then I
> believe you can prevent him from being able to do this -- the
> system will simply refuse to load his modified kernel.
>
> The attackar can then copy all data, install keyloggers, trojans,
> backdoors and what not, so you are SOL anyway.
That's not correct; at least, not with this hardware. If the data is
protected by TPM (e.g., encrypted with a TPM-controlled key) he could
copy it but not read it, and if the OS' TPM protection was enabled
(e.g., only able to run binaries signed with a TPM-controlled key) then
he wouldn't be able to install that software in a way that it actually
ran.
The best an attacker would be able to do would be to swap out the
hardware of yours with something he had control of; but even then, the
TPM in the new hardware (if it even existed) wouldn't be able to access
your data since the encryption keys in the hardware would be different -
you'd basically have to retrieve the keys out of the TPM chip via
scanning electron microscopes or some such.
In many ways, a TPM chip isn't that much different to the FSFE
membership card - you can have encryption keys in the hardware which are
pretty tough to extract, and if the user has control over those, there
are a lot of security features you can turn on. The fact that it's
inbuilt into the hardware makes it tough to tamper with.
It cuts both ways: it's very useful technology, and it's pretty well
designed. If it were easy to bypass, people wouldn't care about
manufacturers using it for other purposes (e.g., DRM systems).
> This begs another question, how can you trust that the TC module
> doesn't have a backdoor? Atleast with software, I can disect the
> assembly output.
That's not a problem particular to TPM chips ;)
Cheers,
Alex.
More information about the Discussion
mailing list