dangers of TCPA/palladium
Ben Laurie
ben at algroup.co.uk
Sun Aug 11 08:10:44 PDT 2002
Mike Rosing wrote:
>>Why exactly is this so much more of a threat than, say, flash BIOS
>>upgrades? The BIOS has a lot more power over your machine than the
>>TPM does.
>
>
> The difference is fundamental: I can change every bit of flash in my BIOS.
> I can not change *anything* in the TPM. *I* control my BIOS. IF, and
> only IF, I can control the TPM will I trust it to extend my trust to
> others. The purpose of TCPA as spec'ed is to remove my control and
> make the platform "trusted" to one entity. That entity has the master
> key to the TPM.
>
> Now, if the spec says I can install my own key into the TPM, then yes,
> it is a very useful tool. It would be fantastic in all the portables
> that have been stolen from the FBI for example. Assuming they use a
> password at turn on, and the TPM is used to send data over the net,
> then they'd know where all their units are and know they weren't
> compromised (or how badly compromised anyway).
>
> But as spec'ed, it is very seriously flawed.
Although the outcome _may_ be like this, your understanding of the TPM
is seriously flawed - it doesn't prevent your from running whatever you
want, but what it does do is allow a remote machine to confirm what you
have chosen to run.
It helps to argue from a correct starting point.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
Available for contract work.
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
More information about the Testlist
mailing list