Re: [SLUG] Vista .. anti-Linux ?
Benno wrote: BitLocker is software. It uses the TPM hardware to verify the boot process. (I'm trying to get more information on that.) Hi Benno, Verifying the boot process is exactly the problem. Let's buy a machine, say it comes with Windows installed and the bitlocked feature on. Now let's install Linux, this installs a bootloader. Let's say the linux bootloader detects Windows and chain loads the Windows bootloader. Now the boot process into Windows was - BIOS - windows boot loader - windows and is now - BIOS - linux boot loader - windows boot loader - windows So if TPM works at all then Windows will spit the dummy and declare that the boot process has been compromised. You can also make a similar argument about the partition table: decreasing the size of the Windows volume should lead to the TPM informing Windows that it has been compromised. This unfortunately does away with the simple hack of allowing dual booting by restoring the Windows' boot loader when wanting to run Windows. The only way out is for some mechanism for Windows to be reauthorised to the TPM after Linux has been installed. I don't know enough about the TPM hardware API to know if Windows has to participate in this (eg, does the API return the checksum, or just an indication that the hardware and software are authorised). Cheers, Glen -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Vista .. anti-Linux ?
On Monday 01 May 2006 23:16, Glen Turner wrote: snipped Let's buy a machine, say it comes with Windows installed and the bitlocked feature on. snipped It seems almost certain that Bitlocker will behave as you state, though the documentation is unclear whether the boot loader is part of the Bitlocker checks. However I don't think anyone sane will be selling machines with Bitlocker enabled. Bitlocker requires a recovery password, security flies out the window if your laptop has the same recovery password as every other BrandName(tm,wtf,rtfm) laptop. Of course, computer magazines will tout this great new feature without stressing the importance of the recovery password, and even more people will learn the value of regular backups. Also, is whole disk encryption all that secure? The data at the start of a disk is almost constant, surely this makes it easier to decrypt. Cheers, Malcolm V. -- If all men were brothers, would you let one marry your sister? -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Vista .. anti-Linux ?
On Mon May 01, 2006 at 22:46:12 +0930, Glen Turner wrote: Benno wrote: BitLocker is software. It uses the TPM hardware to verify the boot process. (I'm trying to get more information on that.) Hi Benno, Verifying the boot process is exactly the problem. Let's buy a machine, say it comes with Windows installed and the bitlocked feature on. But Bitlocker is a piece of software you have to first install and then turn on, not something that comes installed and enabled on the machine when you buy it. And if for some reason it did, you could simply reinstall from scratch and then turn it on after installing. Now let's install Linux, this installs a bootloader. Let's say the linux bootloader detects Windows and chain loads the Windows bootloader. Now the boot process into Windows was - BIOS - windows boot loader - windows and is now - BIOS - linux boot loader - windows boot loader - windows So if TPM works at all then Windows will spit the dummy and declare that the boot process has been compromised. You can also make a similar argument about the partition table: decreasing the size of the Windows volume should lead to the TPM informing Windows that it has been compromised. This unfortunately does away with the simple hack of allowing dual booting by restoring the Windows' boot loader when wanting to run Windows. The only way out is for some mechanism for Windows to be reauthorised to the TPM after Linux has been installed. I don't know enough about the TPM hardware API to know if Windows has to participate in this (eg, does the API return the checksum, or just an indication that the hardware and software are authorised). There is no reason I can see, in theory, why you couldn't 1/ Turn off TPM boot 2/ Install linux 3/ Turn TPM back on checksum-ing the new bootloader. But yeah, I have only really had a brief look at the TPM documentation, it might need Windows assistance to do this. And even if windows lets you do this, it could pontetially destroy any remote attestation guarentees that could be given, but I don't *think* bitlocker is really about remote attestation, although that is something else that can be done with TPM hardware. In any case, my main points were that: - Bitlocker is an optional feature the you have to enable. - The frustration referred to in the original register article was simply about accessing encrypted data, not about not being able to dual boot. Cheers, Benno -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Vista .. anti-Linux ?
Benno wrote: But Bitlocker is a piece of software you have to first install and then turn on, not something that comes installed and enabled on the machine when you buy it. The vast majority of machines sold in the western world come with windows pre-installed. There is no reason I can see, in theory, why you couldn't 1/ Turn off TPM boot 2/ Install linux 3/ Turn TPM back on checksum-ing the new bootloader. This raises the bar for people trying to get Linux for the fist time. In any case, my main points were that: - Bitlocker is an optional feature the you have to enable. Not if if comes pre-installed on the machine you buy. This is the rule, not the exception. - The frustration referred to in the original register article was simply about accessing encrypted data, not about not being able to dual boot. I remain unconvinced. Micorsoft would love to make Linux difficult to install and would love to make Linux something that can only be run inside a virtual machine running on windows. Erik -- +---+ Erik de Castro Lopo +---+ Java is, in many ways, C++--. -- Michael Feldman -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Vista .. anti-Linux ?
On Tue, May 02, 2006 at 09:32:08AM +1000, Benno wrote: There is no reason I can see, in theory, why you couldn't 1/ Turn off TPM boot 2/ Install linux 3/ Turn TPM back on checksum-ing the new bootloader. But yeah, I have only really had a brief look at the TPM documentation, it might need Windows assistance to do this. And even [ ... ] Maybe you know this already, but there is linux support for TPM (since kernel 2.6.12) .. and Linus has said (iirc) that he's not against TPM in principle. The company that did the TPM driver work also do a TPM GRUB. http://www.prosec.rub.de/trusted_grub_details.html Now I'm not sure how much this helps i.e. how much more work there would be involved in installing Linux on a TPM machine. Matt -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Vista .. anti-Linux ?
On Tue May 02, 2006 at 09:46:58 +1000, Erik de Castro Lopo wrote: Benno wrote: But Bitlocker is a piece of software you have to first install and then turn on, not something that comes installed and enabled on the machine when you buy it. The vast majority of machines sold in the western world come with windows pre-installed. There is no reason I can see, in theory, why you couldn't 1/ Turn off TPM boot 2/ Install linux 3/ Turn TPM back on checksum-ing the new bootloader. This raises the bar for people trying to get Linux for the fist time. I'm sure the Ubuntu install process will make all this transparent if it is possible. In any case, my main points were that: - Bitlocker is an optional feature the you have to enable. Not if if comes pre-installed on the machine you buy. This is the rule, not the exception. - The frustration referred to in the original register article was simply about accessing encrypted data, not about not being able to dual boot. I remain unconvinced. Micorsoft would love to make Linux difficult to install and would love to make Linux something that can only be run inside a virtual machine running on windows. I just really doubt that a feature which is so difficult to use and can mean losing all you data if you forget a key or password is going to be enabled by default for home PCs -- of course I guess we will see when Vista finally comes out. I'll buy you a beer if it comes with encryption enabled by default :). Of course corporate setting is totally different. Is it that bad if people are running Linux inside a virtual machine running on windows anyway? (Or people running Windows inside a virtual machine on a Linux machine?) I have a feeling we will end up with a secure hypervisor and then running either Linux or windows on both on top of that, but that is just a guess. Maybe I am underestimating the problem because I've never bothered will dual-booting, and underestimate the use of it. I've found the best path to new Linux users is to first ween them off Office (ooffice), IE (firefox) etc, which can be done while they still run windows, and then once that happens, get them to install Linux with the same app on their next computer. But I guess that doesn't work for gamers. Benno -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Vista .. anti-Linux ?
Benno wrote: I'll buy you a beer Cool. I look forward to it. Is it that bad if people are running Linux inside a virtual machine running on windows anyway? I don't mind if they can. I do mind of thats the only way of having Linux and 'doze running on the same machine. But I guess that doesn't work for gamers. Or people trying to wring maximum audio performance out of their audio applications. Erik -- +---+ Erik de Castro Lopo +---+ If you think C++ is not overly complicated, just what is a protected abstract virtual base pure virtual private destructor and when was the last time you needed one? -- Tom Cargill -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Vista .. anti-Linux ?
On Tue, May 2, 2006 10:05, Benno wrote: On Tue May 02, 2006 at 09:46:58 +1000, Erik de Castro Lopo wrote: I just really doubt that a feature which is so difficult to use and can mean losing all you data if you forget a key or password is going to be enabled by default for home PCs -- of course I guess we will see when Vista finally comes out. I'll buy you a beer if it comes with encryption enabled by default :). Of course corporate setting is totally different. Is it that bad if people are running Linux inside a virtual machine running on windows anyway? (Or people running Windows inside a virtual machine on a Linux machine?) I have a feeling we will end up with a secure hypervisor and then running either Linux or windows on both on top of that, but that is just a guess. Maybe I am underestimating the problem because I've never bothered will dual-booting, and underestimate the use of it. I've found the best path to new Linux users is to first ween them off Office (ooffice), IE (firefox) etc, which can be done while they still run windows, and then once that happens, get them to install Linux with the same app on their next computer. But I guess that doesn't work for gamers. Getting them off Office and IE is the easy part; getting them off their Windows based accounting application, which their accountant insists that they use, is the hard, neigh, impossible part. Until such applications as MYOB, Attache, Quicken, Quickbooks, CashFlow Manager, eTax, etc. have Linux versions, then I think there is little or no chance of migrating the masses to Linux. Why these apps can come out with MacOS versions alongsie Windows versions, and not Linux versions is a mystery, perhaps it's because there is only one MacOS or windows distro whereas there are N+1 Linux distros. -- Howard LANNet Computing Associates http://lannet.com.au When you want a computer system that works, just choose Linux; When you want a computer system that works, just, choose Microsoft. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Vista .. anti-Linux ?
On Sat Apr 29, 2006 at 14:20:28 +1000, [EMAIL PROTECTED] wrote: Benno: On Fri Apr 28, 2006 at 20:18:15 +1000, Malcolm V wrote: On Friday 28 April 2006 19:55, Adam Bogacki wrote: snipped http://www.theregister.co.uk/2006/04/27/schneier_infosec/ Getting back to the topic, I believe that it is possible for a system to detect whether it has been chain-loaded from some other bootloader and then refuse to run if it detects this. The system only works off the officially sanctioned bootloader and this bootloader never boots anything else -- no more dual boot. Probably makes it harder to use MS libraries in wine, also might kill Xen, VMware and all those handy tools that give you a chance to make a few MS-Windows licenses go a long way... Does this give any better security than a well-known encryption algorithm (e.g. AES) plus a passphrase plus a key device (e.g. USB, etc)? No it doesn't, it is probably worse because if your motherboard chip dies you won't be able to recover your data on a different motherboard. That means you have to have an unencrypted backup which in turn becomes the weak point. And from the BitLocker tech article on the MS website, it appears to have a way of working in exactly the mode you describe. Plus its optional. So, its only going to be a problem, if you choose to use Vista, and then choose to enable Vista, and then choose to work in the TPM mode. (And I'm not convinced you couldn't setup the TPM such that you say you trust a particular chain loader configuration, and I'm sure if it is possible, and people want this, then someone will make it easy to do.) Of course this could be seen as scary from a what could they do next, point of view. E.g: to view some media you need to be running Vista and need remote attestation that requires you to use have TPM enabled and then the remote party will only trust a Vista install. Now *that* would be evil. But I think BitLocker itself is a way from that. And of course we could implement the same stuff on Linux, to make it harder for people to use Vista with it. Muhahaha! ;) Benno -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Vista .. anti-Linux ?
Fyi, Adam. http://www.theregister.co.uk/2006/04/27/schneier_infosec/ signature.asc Description: Digital signature -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Vista .. anti-Linux ?
I'm wondering how they plan to do that? Are they going to encrypt the MBR? I think this is FUD from microsoft again. They are planning on encrypting the drive that windows resides on. I don't know if it's going to effect the MBR, or all partitions on the harddrive. Apparently they are planning to have hardware to encrypt the device. All I can say is good luck in rolling that out to Large organisations that have SOEs. Can you image Rolling out a machine and having to give a piece of firmware which will authenticate you in loading the OS then you have to log on? It doesn't sound logical then again we are talking about Microsoft. This is more work than it's worth. Fyi, Adam. http://www.theregister.co.uk/2006/04/27/schneier_infosec/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Vista .. anti-Linux ?
On Fri Apr 28, 2006 at 20:09:25 +1000, Kevin Saenz wrote: I'm wondering how they plan to do that? Are they going to encrypt the MBR? I think this is FUD from microsoft again. They are planning on encrypting the drive that windows resides on. I don't know if it's going to effect the MBR, or all partitions on the harddrive. I don't think the article actually said you *couldn't* I think it said it made it pointless because you can't access the data on the windows partition. Benno -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Vista .. anti-Linux ?
On Friday 28 April 2006 19:55, Adam Bogacki wrote: snipped http://www.theregister.co.uk/2006/04/27/schneier_infosec/ Call me cynical (or stupid), but software cannot offer hardware based encryption. Sure, a piece of software can make use of hardware based features, as can other pieces of software. (In other news, I've now got my Nvidia i2c bus module working, and I've dragged my sig monster out of the dungeon). Cheers, Malcolm V. -- Power corrupts; Absolute power corrupts absolutely; God is all-powerful. Draw your own conclusions -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Vista .. anti-Linux ?
There is an indepth article that states that it will be impossible to install linux on a machine that has vista on it. I'm wondering how they plan to do that? Are they going to encrypt the MBR? I think this is FUD from microsoft again. They are planning on encrypting the drive that windows resides on. I don't know if it's going to effect the MBR, or all partitions on the harddrive. I don't think the article actually said you *couldn't* I think it said it made it pointless because you can't access the data on the windows partition. Benno -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Vista .. anti-Linux ?
also the article states This encryption technology also has the effect of frustrating the exchange of data needed in a dual boot system. You could look at BitLocker as anti-Linux because it frustrates dual boot, Schneier told El Reg. On Fri Apr 28, 2006 at 20:09:25 +1000, Kevin Saenz wrote: I'm wondering how they plan to do that? Are they going to encrypt the MBR? I think this is FUD from microsoft again. They are planning on encrypting the drive that windows resides on. I don't know if it's going to effect the MBR, or all partitions on the harddrive. I don't think the article actually said you *couldn't* I think it said it made it pointless because you can't access the data on the windows partition. Benno -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Vista .. anti-Linux ?
On Fri Apr 28, 2006 at 20:42:59 +1000, Kevin Saenz wrote: also the article states This encryption technology also has the effect of frustrating the exchange of data needed in a dual boot system. You could look at BitLocker as anti-Linux because it frustrates dual boot, Schneier told El Reg. That is the paragraph that implied to me that it was more about the data rather than getting it on there: effect of frustrating the exchange of data. But that could mean just about anything. On Fri Apr 28, 2006 at 20:09:25 +1000, Kevin Saenz wrote: I'm wondering how they plan to do that? Are they going to encrypt the MBR? I think this is FUD from microsoft again. They are planning on encrypting the drive that windows resides on. I don't know if it's going to effect the MBR, or all partitions on the harddrive. I don't think the article actually said you *couldn't* I think it said it made it pointless because you can't access the data on the windows partition. Benno -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Vista .. anti-Linux ?
On Fri Apr 28, 2006 at 20:18:15 +1000, Malcolm V wrote: On Friday 28 April 2006 19:55, Adam Bogacki wrote: snipped http://www.theregister.co.uk/2006/04/27/schneier_infosec/ Call me cynical (or stupid), but software cannot offer hardware based encryption. Sure, a piece of software can make use of hardware based features, as can other pieces of software. No, I'll just call you smarter than John Leydon :). BitLocker is software. It uses the TPM hardware to verify the boot process. (I'm trying to get more information on that.) Benno -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Vista .. anti-Linux ?
On Fri Apr 28, 2006 at 20:39:36 +1000, Kevin Saenz wrote: There is an indepth article that states that it will be impossible to install linux on a machine that has vista on it. Where? This seems like FUD. http://www.microsoft.com/technet/windowsvista/security/bittech.mspx talks about lock the Vista volume, not the whole harddrive. And of course BitLocker is purely optional anyway. Benno -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Vista .. anti-Linux ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Benno: On Fri Apr 28, 2006 at 20:18:15 +1000, Malcolm V wrote: On Friday 28 April 2006 19:55, Adam Bogacki wrote: snipped http://www.theregister.co.uk/2006/04/27/schneier_infosec/ Call me cynical (or stupid), but software cannot offer hardware based encryption. Sure, a piece of software can make use of hardware based features, as can other pieces of software. No, I'll just call you smarter than John Leydon :). BitLocker is software. It uses the TPM hardware to verify the boot process. (I'm trying to get more information on that.) There's an awful lot of manufacturers selling hardware RAID cards that have nothing on the card except a CPU and and EEPROM. Usually not a terribly fast CPU (after all RAID-5 requirements are not much more than basic block handling and a fast parity algorithm). Yes I'm looking at you Compaq... and you too IBM. Getting back to the topic, I believe that it is possible for a system to detect whether it has been chain-loaded from some other bootloader and then refuse to run if it detects this. The system only works off the officially sanctioned bootloader and this bootloader never boots anything else -- no more dual boot. Probably makes it harder to use MS libraries in wine, also might kill Xen, VMware and all those handy tools that give you a chance to make a few MS-Windows licenses go a long way... Suppose (for example) that any piece of hardware on the system contains consistent (but unknown) state at boot time and will have this state shuffled by the boot process (e.g. a CRC of the boot sector plus some secret internal machine ID). Further suppose that such hardware allows you to perform cryptographic operations based on the hardware state but did not allow you to discover what the state was. You could now use this hardware to encrypt the hard drive in such a way that another system would have great difficulty emulating the process (booting the other system always corrupts the hardware state and not enough internal information is available to emulate the device to rebuild the correct state). I would guess that TPM hardware contains the necessary ingredients. Does this give any better security than a well-known encryption algorithm (e.g. AES) plus a passphrase plus a key device (e.g. USB, etc)? No it doesn't, it is probably worse because if your motherboard chip dies you won't be able to recover your data on a different motherboard. That means you have to have an unencrypted backup which in turn becomes the weak point. This is all my supposition... with nothing other than gut feeling to back it up. I guess we will find out when the time comes. - Tel -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) iQIVAwUBRFLpi8fOVl0KFTApAQIG2A//UOfXY8qLxNRSd3w3/k8u28UMIHNuogle qXVgBqQs7Q5qF7cIYBh6ja07K8oyhEL0TrMXOrIUpa/eBXmkp07RA3rA6Dd1S1nJ rDQERdXzNqrSdE5fs/8yPBR2CORYRk3FZUXJ63ZP9Kzb2wIICFvOp6SCp8XS+gBX Qyup6H1n64aCQj/oIqefQpjjiAekrrSVDUWZ7xDC0JeGq+Zxm1hEYDKppeOpc4xc Ck0DczTmFZzJ98PDkm2R3Fd4L82sYHWXLjkfE6vDgww4aWmxfb8jt8xrjXVHfHwO pnkMUAzTH8nfreQE8FjpR4MHF9lI3XfpPXqQ/CrmuMXqX2+LL5Z6fKttXLhzxY3N yjrvOLcOn2QKHJzkJZD3c5KFnuzZEKtFchXsBGBgkiUfrPtvI2P8ILXjazM7qKLT o3/ZV/vjgrMis7FVqHoth25mtQ2Et4dyZq3m5QEpLZnFLtzioQHEfEZBaakveb5q 4JyuJO/DavrMd5TRtTf6uxgAVywWita4gGQfQuqnV4QG0qVRuxRhf9ci5inL/Dp0 JyO7dOmkCy7s9iLiilO6rG2kAGAR9PHv/Vh/tDZdK+Mmvr+EnR9TFZwDTd5cvJfm yrxqGBM6fPPYQn0FPNnebhiXm968Z4G3Y9Jv0OK/mQHSAQ218/p3cK9ycGhyLvPP k3vltYTPxTk= =vC6u -END PGP SIGNATURE- -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Vista .. anti-Linux ?
On Sat, April 29, 2006 14:20, [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Benno: On Fri Apr 28, 2006 at 20:18:15 +1000, Malcolm V wrote: On Friday 28 April 2006 19:55, Adam Bogacki wrote: snipped http://www.theregister.co.uk/2006/04/27/schneier_infosec/ Call me cynical (or stupid), but software cannot offer hardware based encryption. Sure, a piece of software can make use of hardware based features, as can other pieces of software. No, I'll just call you smarter than John Leydon :). BitLocker is software. It uses the TPM hardware to verify the boot process. (I'm trying to get more information on that.) There's an awful lot of manufacturers selling hardware RAID cards that have nothing on the card except a CPU and and EEPROM. Usually not a terribly fast CPU (after all RAID-5 requirements are not much more than basic block handling and a fast parity algorithm). Yes I'm looking at you Compaq... and you too IBM. Getting back to the topic, I believe that it is possible for a system to detect whether it has been chain-loaded from some other bootloader and then refuse to run if it detects this. The system only works off the officially sanctioned bootloader and this bootloader never boots anything else -- no more dual boot. Probably makes it harder to use MS libraries in wine, also might kill Xen, VMware and all those handy tools that give you a chance to make a few MS-Windows licenses go a long way... Suppose (for example) that any piece of hardware on the system contains consistent (but unknown) state at boot time and will have this state shuffled by the boot process (e.g. a CRC of the boot sector plus some secret internal machine ID). Further suppose that such hardware allows you to perform cryptographic operations based on the hardware state but did not allow you to discover what the state was. You could now use this hardware to encrypt the hard drive in such a way that another system would have great difficulty emulating the process (booting the other system always corrupts the hardware state and not enough internal information is available to emulate the device to rebuild the correct state). I would guess that TPM hardware contains the necessary ingredients. Does this give any better security than a well-known encryption algorithm (e.g. AES) plus a passphrase plus a key device (e.g. USB, etc)? No it doesn't, it is probably worse because if your motherboard chip dies you won't be able to recover your data on a different motherboard. That means you have to have an unencrypted backup which in turn becomes the weak point. This is all my supposition... with nothing other than gut feeling to back it up. I guess we will find out when the time comes. I think you hypothesis is sound, but I also think the consequences are more dire than you imagine since the TPM hardware is likely to be part of the motherboard, and if *any* component on the mobo fails, necessitating a swap out, then your data is shafted, and given the propensity for mobos to die... -- Howard LANNet Computing Associates http://lannet.com.au When you want a computer system that works, just choose Linux; When you want a computer system that works, just, choose Microsoft. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html