Dave Korn wrote:
Ian Farquhar wrote:
Maybe I am showing my eternal optimist side here, but to me, this is
how TPM's should be used, as opposed to the way their backers
originally wanted them used. A removable module whose connection to a
device I establish (and can de-establish, assuming
http://www.nvlabs.in/?q=node/32
Vipin Kumar of of NVLabs had announced a break of TPM and a
demonstration of a break into Bitlocker, (presumably using TPM) to be
presented at Black Hat 2007. The presentation has been pulled.
Significance to the exchanges on cryptography under this subject stem
Looking for TPM enterprise adoption.
The current version of TPM was adopted in March o f 2006, which should
have limited TPM up take.
There's an article in Network World
http://www.networkworld.com/allstar/2006/092506-chip-security-papa-gino.html
from September 2006 talking about a restaurant
Jon Callas wrote:
On Jun 25, 2007, at 7:23 PM, Matt Johnston wrote:
On Mon, Jun 25, 2007 at 04:42:56PM +1200, David G. Koontz wrote:
Apple (mis)uses
TPM to unsuccessfully prevent OS X from running on non-Apple Hardware.
All Apple on Intel machines have TPM, that's what 6 percent of new
i'd also scrawled:
my understanding from a person active in the NEA working group [1] (IETF)
is that TPMs these days come along for free because they're included on-die
in at least one of said chips.
[EMAIL PROTECTED] said:
Check again. A few months ago I was chatting with someone who
Peter Gutmann writes:
BitLocker just uses the TPM as a glorified USB key (sealing a key in a TPM is
functionally equivalent to encrypting it on a USB key). Since BitLocker isn't
tied to a TPM in any way (I'm sure Microsoft's managers could see which way
the wind was blowing when they designed
[EMAIL PROTECTED] (Hal Finney) writes:
The idea of putting a TPM on a smart card or other removable device is even
more questionable from this perspective.
It's not just questionable, it's a really, really bad idea. TPMs are
fundamentally just severely feature-crippled smart cards. That is,
Peter Gutmann wrote:
David G. Koontz [EMAIL PROTECTED] writes:
There are third party TPM modules, which could allow some degree of
standardization:
As I said in my previous message, just because they exist doesn't mean they'll
do anything if you plug them into a MB with the necessary
Ian Farquhar writes:
[Hal Finney wrote:]
It seems odd for the TPM of all devices to be put on a pluggable module as
shown here. The whole point of the chip is to be bound tightly to the
motherboard and to observe the boot and initial program load sequence.
Maybe I am showing my eternal
On 26 June 2007 00:51, Ian Farquhar (ifarquha) wrote:
It seems odd for the TPM of all devices to be put on a pluggable module as
shown here. The whole point of the chip is to be bound tightly to the
motherboard and to observe the boot and initial program load sequence.
Maybe I am showing
David G. Koontz wrote:
I picked on one motherboard, a Gigabyte GA-P3-DQ6 which has the 20 pin
header for the IEI TPM pluggable. After an extensive investigation I
found no direct evidence you can actually do as Peter states and roll
your own building a TPM enabled system. That includes
On Mon, 25 Jun 2007, Hal Finney wrote:
The idea of putting a TPM on a smart card or other removable device is
even more questionable from this perspective. A TPM which communicates
via an easily accessible and tamperable bus is almost useless for the
security concepts behind the Trusted
On Jun 25, 2007, at 7:23 PM, Matt Johnston wrote:
On Mon, Jun 25, 2007 at 04:42:56PM +1200, David G. Koontz wrote:
Apple (mis)uses
TPM to unsuccessfully prevent OS X from running on non-Apple
Hardware.
All Apple on Intel machines have TPM, that's what 6 percent of new
PCs?
To nit
Peter Gutmann wrote:
Ian Farquhar (ifarquha) [EMAIL PROTECTED] writes:
For example: the Gigabyte GA-965QM-DS2 (rev 2.0) which features security
enhancement by TPM. More common (ASUS, Foxconn) was the TPM Connector,
which seemed to be a hedged bet, by replacing the cost of the TPM chip with
David G. Koontz [EMAIL PROTECTED] writes:
There are third party TPM modules, which could allow some degree of
standardization:
As I said in my previous message, just because they exist doesn't mean they'll
do anything if you plug them into a MB with the necessary header (assuming you
have a MB
| ...Apple is one vendor who I gather does include a TPM chip on their
| systems, I gather, but that wasn't useful for me.
Apple included TPM chips on their first round of Intel-based Macs.
Back in 2005, there were all sorts of stories floating around the net
about how Apple would use TPM to
David G. Koontz writes:
There are third party TPM modules, which could allow some degree of
standardization:
http://www.ieiworld.com/en/news_content.asp?id=erbium/projectOBJ00244201news_cate=Newsnews_sub_cate=Product
The IEI TPM module is used in their own motherboards and some VIA
It seems odd for the TPM of all devices to be put on a pluggable module as
shown here. The whole point of the chip is to be bound tightly to the
motherboard and to observe the boot and initial program load sequence.
Maybe I am showing my eternal optimist side here, but to me, this is how
On Mon, Jun 25, 2007 at 04:42:56PM +1200, David G. Koontz wrote:
Apple (mis)uses
TPM to unsuccessfully prevent OS X from running on non-Apple Hardware.
All Apple on Intel machines have TPM, that's what 6 percent of new PCs?
To nit pick, the TPM is only present in some Apple Intel
machines
2007 10:49 PM
To: [EMAIL PROTECTED]
Cc: cryptography@metzdowd.com
Subject: Re: Free Rootkit with Every New Intel Machine
[EMAIL PROTECTED] writes:
my understanding from a person active in the NEA working group (IETF)
is that TPMs these days come along for free because they're included
on-die
Ian Farquhar (ifarquha) [EMAIL PROTECTED] writes:
For example: the Gigabyte GA-965QM-DS2 (rev 2.0) which features security
enhancement by TPM. More common (ASUS, Foxconn) was the TPM Connector,
which seemed to be a hedged bet, by replacing the cost of the TPM chip with
the cost of a socket.
[EMAIL PROTECTED] writes:
my understanding from a person active in the NEA working group (IETF) is that
TPMs these days come along for free because they're included on-die in at
least one of said chips.
Check again. A few months ago I was chatting with someone who works for a
large US computer
Peter Gutmann wrote:
I've seen all sorts of *claims* of TPM support, but try going out and buying a
PC with one
Of the 25 business laptop models that HP offers on its site right now,
only 5 don't have a TPM installed.
--
Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D
[EMAIL PROTECTED] said:
With TPMs it's a bit different, they're absent from the hardware by default
in case you're referring to the TCPA (trusted computing platform alliance)
TPM..
my understanding from a person active in the NEA working group (IETF) is that
TPMs these days come along for
Peter Gutmann wrote:
-- Snip --
This is very scary. I bet that our Minister of the Interior would love
it, though, since he has been pushing a scheme for stealth examination
of suspects' computers (called Federal Trojan). Technology like this
would be a large first step towards making
Peter Gutmann wrote:
[...] a register article saying Intel released its new platform Centrino Pro
which includes Intel Active Management 2.5. An article with some more info is
here:
It appears Active Management is a setting that can be disabled normally
from the BIOS, like with TPMs today:
of potential related interest is..
Network Endpoint Assessment (NEA): Overview and Requirements
http://www.ietf.org/internet-drafts/draft-ietf-nea-requirements-02.txt
note term remediate/remediation.
relevant snippage below. see also..
=?UTF-8?B?SXZhbiBLcnN0acSH?= [EMAIL PROTECTED] writes:
It appears Active Management is a setting that can be disabled normally from
the BIOS, like with TPMs today:
http://support.intel.com/support/motherboards/desktop/sb/cs-020837.htm
With TPMs it's a bit different, they're absent from the
Initially I did not believe it, thought it must be hype or hoax.
Nope, it is a rootkit in hardware.
http://www.intel.com/business/vpro/index.htm
: : Isolate security tasks—in a separate
: : environment that is hidden to the user
: :
: : [...]
: :
: : Perform hardware and
(Forwarded with permission from a NZ security mailing list, some portions
anonymised)
-- Snip --
[...] a register article saying Intel released its new platform Centrino Pro
which includes Intel Active Management 2.5. An article with some more info is
here:
30 matches
Mail list logo
