> > 99% of people with this use case are not going to put their BIOS chip in > concrete. Configuring a TPM chip a lot easier. > 98% of people in this case don't really care if they are secure or not. >>> I keep trusting it because >>> the TPM tells me it hasn't been altered on my computer by nasty people. >>> >> Suppose even that TPM or XYZ can ensure software isn't tampered at >> all. Attacker can alter your hardware instead. It just changes the way >> your computer is attacked, not the result. As a matter of fact >> hardware attacks are now more widespread in these considerations. > > Yes -- the whole point is to make it more difficult and require more > resources. What ressources do you suppose your attacker have? >> Then I wait that you enter you password and leave machine unattended >> and execute my cold boot attack. If you never left machine unattended >> you don't need a chip to ensure the integrity. > > That's a completely different issue which you don't have a solution to > either. > And which makes all the hassle around TPM worth nothing
-- Regards Vladimir 'phcoder' Serbinenko Personal git repository: http://repo.or.cz/w/grub2/phcoder.git _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
