Dell to Add Security Chip to PCs

Joseph Ashwood ashwood at msn.com
Fri Feb 4 01:54:03 PST 2005


----- Original Message ----- 
From: "Shawn K. Quinn" <skquinn at speakeasy.net>
Subject: Re: Dell to Add Security Chip to PCs


> Isn't it possible to emulate the TCPA chip in software, using one's own
> RSA key, and thus signing whatever you damn well please with it instead
> of whatever the chip wants to sign? So in reality, as far as remote
> attestation goes, it's only as secure as the software driver used to
> talk to the TCPA chip, right?

That issue has been dealt with. They do this by initializing the chip at the 
production plant, and generating the certs there, thus the process of making 
your software TCPA work actually involves faking out the production facility 
for some chips. This prevents the re-init that I think I saw mentioned a few 
messages ago (unless there's some re-signing process within the chip to 
allow back-registering, entirely possible, but unlikely). It even gets worse 
from there because the TCPA chip actually verifies the operating system on 
load, and then the OS verifies the drivers, solid chain of verification. 
Honestly Kaminsky has the correct idea about how to get into the chip and 
break the security, one small unchecked buffer and all the security 
disappears forever.
                    Joe


Trust Laboratories
Changing Software Development
http://www.trustlaboratories.com 





More information about the cypherpunks-legacy mailing list