On Mon, 9 Oct 2006 kkursawe at esat.kuleuven.ac.be wrote: > > IIUC, TPM is pointless for disk crypto: if your laptop is stolen the > > attacker can reflash BIOS and bypass TPM. > > According to TCG Specification, the first part of the BIOS (called > Core Root of Trust for Measurement) should be non-flashable; this > part then checksums the rest of the BIOS, option ROMS etc. and > reports those to the TPM. I don't know how this is done in devices > currently sold, but at least it should not be trivial to reprogram > that part of the BIOS.
Even if BIOS is real ROM, but there are some inter-chip links between ROM, CPU, and TPM, it seems possible for an attacker with an iron and FPGAs to trick the TPM to reveal the secret. That is against highly-motivated attacker TPM does not give really more protection than truecrypt, but for a casual attacker (who is just curious what is on a stolen laptop) even truecrypt is enough. -- Regards, ASK --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]