Dell to Add Security Chip to PCs
Joseph Ashwood
ashwood at msn.com
Fri Feb 4 01:54:03 PST 2005
----- Original Message -----
From: "Shawn K. Quinn" <skquinn at speakeasy.net>
Subject: Re: Dell to Add Security Chip to PCs
> Isn't it possible to emulate the TCPA chip in software, using one's own
> RSA key, and thus signing whatever you damn well please with it instead
> of whatever the chip wants to sign? So in reality, as far as remote
> attestation goes, it's only as secure as the software driver used to
> talk to the TCPA chip, right?
That issue has been dealt with. They do this by initializing the chip at the
production plant, and generating the certs there, thus the process of making
your software TCPA work actually involves faking out the production facility
for some chips. This prevents the re-init that I think I saw mentioned a few
messages ago (unless there's some re-signing process within the chip to
allow back-registering, entirely possible, but unlikely). It even gets worse
from there because the TCPA chip actually verifies the operating system on
load, and then the OS verifies the drivers, solid chain of verification.
Honestly Kaminsky has the correct idea about how to get into the chip and
break the security, one small unchecked buffer and all the security
disappears forever.
Joe
Trust Laboratories
Changing Software Development
http://www.trustlaboratories.com
More information about the cypherpunks-legacy
mailing list