From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1Me2EP-0005sT-20 for mharc-grub-devel@gnu.org; Thu, 20 Aug 2009 03:38:45 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Me2EN-0005s1-Oc for grub-devel@gnu.org; Thu, 20 Aug 2009 03:38:43 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Me2EJ-0005r2-SH for grub-devel@gnu.org; Thu, 20 Aug 2009 03:38:43 -0400 Received: from [199.232.76.173] (port=54375 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Me2EJ-0005qz-NB for grub-devel@gnu.org; Thu, 20 Aug 2009 03:38:39 -0400 Received: from mx20.gnu.org ([199.232.41.8]:31516) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1Me2EJ-0001K2-5J for grub-devel@gnu.org; Thu, 20 Aug 2009 03:38:39 -0400 Received: from mammon.mene.za.net ([78.46.253.195] helo=mail.mene.za.net) by mx20.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1Me2EI-0001ws-9Q for grub-devel@gnu.org; Thu, 20 Aug 2009 03:38:38 -0400 Received: from mail.mene.za.net (localhost [127.0.0.1]) by mail.mene.za.net (Postfix) with ESMTP id AF3CE7E2F6 for ; Thu, 20 Aug 2009 09:38:31 +0200 (SAST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gorven.za.net; h=from:to :subject:date:references:in-reply-to:mime-version:content-type :content-transfer-encoding:message-id; s=alpha; bh=0+aeRRbi5w+Md 3WsMkFqXnLjE48=; b=SIxR2jsNO3kfQCcxbDzXFBg4vDyt7i0+gG7yaY06KweKD 1G04i7vlcyXupOefnIi3MwX6t3hG23k8ABwk/cj7fi+/+QXWNEi7aOSJm2lgBHWG HGhrbPjT8BK4hSQeaX5232nIis2YcGFkR2Rjw10hfDT/cD3MQLOERYij2dC2xM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gorven.za.net; h=from:to :subject:date:references:in-reply-to:mime-version:content-type :content-transfer-encoding:message-id; q=dns; s=alpha; b=zVrA62v vUHSPV+wzDttWAZRd9YSQ0/pd12ghE3QUuhoOSg5E/oDDBblWj98xHZX45hIiEHN k9Fq71/AAkmdFvBWXG6QgsCAzOwhNdGr/tJIci3ZWEG/dMd/JqgbQkPmk30+4LEs cvE8L4bpihw77xeTh+l2PC1eRw80e8AiG/DY= Received: from molech (dsl-241-125-225.telkomadsl.co.za [41.241.125.225]) by mail.mene.za.net (Postfix) with ESMTPSA id D45707E2EE for ; Thu, 20 Aug 2009 09:38:30 +0200 (SAST) From: Michael Gorven To: The development of GRUB 2 Date: Thu, 20 Aug 2009 09:38:14 +0200 User-Agent: KMail/1.9.10 References: <4A8BDB5B.5000407@labri.fr> <20090819201340.GG3561@mammon.mene.za.net> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart3710035.Ff5i1uI910"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200908200938.26095.michael@gorven.za.net> X-Detected-Operating-System: by mx20.gnu.org: GNU/Linux 2.6 (newer, 2) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) Subject: Re: TPM support status ? X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Aug 2009 07:38:44 -0000 --nextPart3710035.Ff5i1uI910 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Wednesday 19 August 2009 22:25:00 Vladimir 'phcoder' Serbinenko wrote: > > 99% of people with this use case are not going to put their BIOS chip in > > concrete. Configuring a TPM chip a lot easier. > > 98% of people in this case don't really care if they are secure or not. I said "with this use case". > >> Then I wait that you enter you password and leave machine unattended > >> and execute my cold boot attack. If you never left machine unattended > >> you don't need a chip to ensure the integrity. > > > > That's a completely different issue which you don't have a solution to > > either. > > And which makes all the hassle around TPM worth nothing Cold boot attacks can be mitigated somewhat because the BIOS would be=20 configured to only boot from the harddrive. The BIOS would have to be reset= =20 before booting from another device, but this would break the trusted path=20 which means that it has to happen during the attack itself. Michael =2D-=20 http://michael.gorven.za.net PGP Key ID 1E016BE8 S/MIME Key ID AAF09E0E --nextPart3710035.Ff5i1uI910 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQIVAwUASoz9cYOxIz1l+OmhAQptVg//TwrUr4+TRWLPgcB2gGxnwrAQcSMUy3da GHl7sLqIxmsSWagvEOSJgSGJU3brxXNjkw38o4JR3n8jeQJPmQeBzRaHt99CLFz2 Uk74ZcvuKb5JaqkOFH0SzgacPpnyV3oqKtqJ7a2eh7P/5neP7KiSkWiaK7lG95oo 54LSZ5rbhepgfGpDzOHNDT5CSXbiDSN0e30PRUHaLgZGvXrgSWKtKGqeL0jz3q81 QpBrGKy9lSwKxxWy19gkXl1gA+810KOJV/0OloMPOoeTDj4jwGMOgxZCLvcfj9E/ B0ZS6+FiPlqge65CkhNRSR2+N1ktTS411wOhRW2Ba6mnMnJKoA6dmxI7GUQ4ibWQ 88BRdmU16YUg2ykLvVOQN/yVAgiQWShorHBEgiXz6El0xhrYbVJdKQd8SDwZ8vq6 IqovUcRYCCOEuzcP5QNvCjDwr7e2mTaotKVr/6uJ9hajuOk0LImWTg8tbE8oSlFi likXN27jH0vaDfNjK1ZXbVG1RnU7/D0fKoCK9+UAjrh5Xt6QwtpSyoRl95cSjBHs mnTRH9G5ctQ2uByNL+dTVfG65HIoMDF6AaCBgS4CuPVaW2N+vzFrzpVwd9VmrZul Cx0osFRRJcFGPjs8KP0FQoux7/GmnZ1vKvQ4dtFvcZgS58w9USm6awMzPtrDHabD QjawIcfrb7Q= =a4hD -----END PGP SIGNATURE----- --nextPart3710035.Ff5i1uI910--