From: "Jörn Engel" <joern@logfs.org>
To: David Safford <safford@us.ibm.com>
Cc: Andy Lutomirski <luto@amacapital.net>,
"H. Peter Anvin" <hpa@zytor.com>,
Leonidas Da Silva Barbosa <leosilva@linux.vnet.ibm.com>,
Ashley Lai <ashley@ashleylai.com>,
Rajiv Andrade <mail@srajiv.net>,
Marcel Selhorst <tpmdd@selhorst.net>,
Sirrix AG <tpmdd@sirrix.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Jeff Garzik <jgarzik@pobox.com>, "Ted Ts'o" <tytso@mit.edu>,
Kent Yoder <key@linux.vnet.ibm.com>,
David Safford <safford@watson.ibm.com>,
Mimi Zohar <zohar@us.ibm.com>,
"Johnston, DJ" <dj.johnston@intel.com>
Subject: Re: TPMs and random numbers
Date: Thu, 12 Sep 2013 17:57:18 -0400 [thread overview]
Message-ID: <20130912215718.GF3809@logfs.org> (raw)
In-Reply-To: <1378925224.26698.90.camel@localhost>
On Wed, 11 September 2013 14:47:04 -0400, David Safford wrote:
>
> But I also think that the existing (certified) TPMs are good enough
> for direct use.
That is equivalent to trusting the TPM chip not to be malicious. It
requires trusting the chip designer, trusting every single employee of
the chip designer, as some of them may be plants from a random
countries spook organization, trusting the fab where the chip was
manufactured, trusting your local dealer not to replace one chip with
another in a similar packaging, trusting third-party components the
designers may have incorporated, trusting intermediate steps between
designer and fab or fab and local dealer, trusting your own employees,
etc.
If you sum it all up, you quickly depend on hundreds of people in
multiple countries that have the ability to subvert your chips RNG
without you being able to notice any difference.
Or rather, you would only be able to notice the difference if you were
the person that subverted the chip. So the NSA may be able to tell
whether the Chinese have subverted a specific chip. Honi soit...
Jörn
--
"Security vulnerabilities are here to stay."
-- Scott Culp, Manager of the Microsoft Security Response Center, 2001
next prev parent reply other threads:[~2013-09-12 23:32 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-11 17:22 TPMs and random numbers David Safford
2013-09-11 17:49 ` Andy Lutomirski
2013-09-11 18:45 ` Theodore Ts'o
2013-09-11 19:06 ` Jeff Garzik
2013-09-11 19:08 ` Andy Lutomirski
2013-09-11 19:25 ` H. Peter Anvin
2013-09-11 20:28 ` Theodore Ts'o
2013-09-11 20:44 ` H. Peter Anvin
2013-09-11 18:47 ` David Safford
2013-09-12 21:57 ` Jörn Engel [this message]
2013-09-12 23:38 ` Andy Lutomirski
2013-09-12 23:39 ` Jeff Garzik
2013-09-12 22:13 ` Jörn Engel
2013-09-12 23:51 ` Andy Lutomirski
2013-09-12 22:23 ` Jörn Engel
2013-09-13 2:13 ` Theodore Ts'o
2013-09-13 2:22 ` Jörn Engel
2013-09-11 22:08 ` Johnston, DJ
-- strict thread matches above, loose matches on Subject: below --
2013-09-09 21:11 H. Peter Anvin
2013-09-11 1:50 ` Andy Lutomirski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130912215718.GF3809@logfs.org \
--to=joern@logfs.org \
--cc=ashley@ashleylai.com \
--cc=dj.johnston@intel.com \
--cc=hpa@zytor.com \
--cc=jgarzik@pobox.com \
--cc=key@linux.vnet.ibm.com \
--cc=leosilva@linux.vnet.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mail@srajiv.net \
--cc=safford@us.ibm.com \
--cc=safford@watson.ibm.com \
--cc=tpmdd@selhorst.net \
--cc=tpmdd@sirrix.com \
--cc=tytso@mit.edu \
--cc=zohar@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.