Re: TPM & disk crypto

[Martin Hermanowski]

Alexander Klimov schrieb: On Fri, 6 Oct 2006, Erik Tews wrote: And the TPM knows that your BIOS has not lied about the checksum of grub how? The TPM does not know that the BIOS did not lie about the checksum of grub or any other bios component. What you do is, you trust your TPM and your BIOS that they never lie to you, because they are certified by the manufature of the system and the tpm. (This is why it is called trusted computing) IIUC, TPM is pointless for disk crypto: if your laptop is stolen the attacker can reflash BIOS and bypass TPM. Moreover, TPM is actually bad for disk crypto: without it you lose your data only if your HDD dies, now you lose your data if your HDD dies *or* if you motherboard dies. If the user is not experienced in BIOS reflashing, they also lose their data if OS crashes and refuses to boot (not uncommon for some common OSes). There is a great risk of data loss if the TPM protection is badly implemented. You can, however, store an encrypted key in your (not encrypted) hard disk, and save the decryption key both inside the TPM (bound to valid bios/boot loader/Kernel/OS PCR values) *and* in a second place for emergency recovery (like a memory stick in a safe). This way, the data on the hard disk can only be decrypted, if the unaltered operating system is used - the TPM will not decrypt the bound data if the system state changed. Of course, after reflashing your bios, you need to use your second key credential (once). -- Martin Hermanowski http://martin.hermanowski.name https://www.openbc.com/hp/Martin_Hermanowski/

signature.asc
Description: OpenPGP digital signature