From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1LaBMU-00044P-4X for mharc-grub-devel@gnu.org; Thu, 19 Feb 2009 11:02:54 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LaBMS-00042y-P7 for grub-devel@gnu.org; Thu, 19 Feb 2009 11:02:52 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LaBMR-00041m-I0 for grub-devel@gnu.org; Thu, 19 Feb 2009 11:02:51 -0500 Received: from [199.232.76.173] (port=52038 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LaBMR-00041a-AM for grub-devel@gnu.org; Thu, 19 Feb 2009 11:02:51 -0500 Received: from fg-out-1718.google.com ([72.14.220.159]:48084) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1LaBMQ-0005K4-Np for grub-devel@gnu.org; Thu, 19 Feb 2009 11:02:50 -0500 Received: by fg-out-1718.google.com with SMTP id l27so1147208fgb.30 for ; Thu, 19 Feb 2009 08:02:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=yPaTVbbZ/usdOJhZYwlWQmpOLhDs1n+1737IYQPi67w=; b=skP0YTY0TKreVeDLJxG5+tGqCBPaEZiAiaGVAykGB5tzHD+ObPceJQxR2l6cEjdn0E Uv+3OM3UrM1NRFMv/F+Xb6kUkpMP6HQ9Sv5Go7w79yp3QOdFcPR06DR2g1kuPiFDwyAn JVk6EA/JyTKCIAw/3WvHGVLyY0qhw6Btjld38= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=iIaoGoHjDw+bPesAWDncwYdeIRL94tzSIJ63dlZOGQvD/uwCW09MTJwbRUqx9sCfhQ 6XhSzT+0WAJhYVjYzWjf9tj/ZsUSNBl5wsmqiidO0nA+kQ31IpBAVUh4Kgz0veb0gF+6 Mo5R/wO+l8MOHMNcB93eFaneqGII0yNZPp3N8= Received: by 10.86.73.1 with SMTP id v1mr407103fga.52.1235059369771; Thu, 19 Feb 2009 08:02:49 -0800 (PST) Received: from ?192.168.1.2? (140-13.3-85.cust.bluewin.ch [85.3.13.140]) by mx.google.com with ESMTPS id 3sm5027094fge.52.2009.02.19.08.02.49 (version=SSLv3 cipher=RC4-MD5); Thu, 19 Feb 2009 08:02:49 -0800 (PST) Message-ID: <499D82A8.90108@gmail.com> Date: Thu, 19 Feb 2009 17:02:48 +0100 From: phcoder User-Agent: Thunderbird 2.0.0.19 (X11/20090105) MIME-Version: 1.0 To: The development of GRUB 2 References: <499C7809.6030203@student.ethz.ch> <499D7526.70907@gmail.com> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2) Subject: Re: A _good_ and valid use for TPM X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Feb 2009 16:02:53 -0000 > The hard part is initializing the hardware without the use of the > original BIOS - the specifics of initializing various chips are not > public, and probably depend on companion hardware and/or trace length > on the particular board as well. It's not actually needed. If one can nop tpm code in bios then he can boot from anything and read tpm keys. You don't need to understand the whole bios to do it. Of course it's obfuscated but obfuscation isn't a security in any way. Also if you write completely different code to flash bios you don't need to be able to initialise the whole hardware all you need is being able to read tpm and write to serial port. Then you can simply read the key at your serial console. Actually bios isn't protected. It's just obfuscated. Regards Vladimir 'phcoder' Serbinenko