Alexander Klimov schrieb:
On Fri, 6 Oct 2006, Erik Tews wrote:
And the TPM knows that your BIOS has not lied about the checksum of grub
The TPM does not know that the BIOS did not lie about the checksum of
grub or any other bios component.

What you do is, you trust your TPM and your BIOS that they never lie to
you, because they are certified by the manufature of the system and the
tpm. (This is why it is called trusted computing)

IIUC, TPM is pointless for disk crypto: if your laptop is stolen the
attacker can reflash BIOS and bypass TPM. Moreover, TPM is actually
bad for disk crypto: without it you lose your data only if your HDD
dies, now you lose your data if your HDD dies *or* if you motherboard
dies. If the user is not experienced in BIOS reflashing, they also
lose their data if OS crashes and refuses to boot (not uncommon for
some common OSes).

There is a great risk of data loss if the TPM protection is badly implemented. You can, however, store an encrypted key in your (not encrypted) hard disk, and save the decryption key both inside the TPM (bound to valid bios/boot loader/Kernel/OS PCR values) *and* in a second place for emergency recovery (like a memory stick in a safe).

This way, the data on the hard disk can only be decrypted, if the unaltered operating system is used - the TPM will not decrypt the bound data if the system state changed. Of course, after reflashing your bios, you need to use your second key credential (once).

Martin Hermanowski

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to