From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1LbAtD-0004j9-Mc for mharc-grub-devel@gnu.org; Sun, 22 Feb 2009 04:44:47 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LbAtB-0004iK-Bu for grub-devel@gnu.org; Sun, 22 Feb 2009 04:44:45 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LbAt9-0004hW-SZ for grub-devel@gnu.org; Sun, 22 Feb 2009 04:44:44 -0500 Received: from [199.232.76.173] (port=53523 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LbAt9-0004hQ-Jt for grub-devel@gnu.org; Sun, 22 Feb 2009 04:44:43 -0500 Received: from fg-out-1718.google.com ([72.14.220.153]:26932) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1LbAt8-0004uR-Ba for grub-devel@gnu.org; Sun, 22 Feb 2009 04:44:43 -0500 Received: by fg-out-1718.google.com with SMTP id l27so1770848fgb.30 for ; Sun, 22 Feb 2009 01:44:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=0MHDYd/GhEQM5yoaEFIa4C48EUPRXvEL7IqQOOvdsh0=; b=lchd/+nCQ1sYVj7OiR4kxZ4OxYGAC9asVSXRdqdgM8/msT/GktteYAnM66IWRIlj0x 1lQWo+E572oNg66UynX88k2RCA9hY4Jwe/TwgNxCrDEECzGszUUetlbtLQamStSSo3YV eOfEJOLVQ8E1n4zF+09j8roGMBgVI+HNzTs4A= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=bReDtppAM+uRpAVMfXiwLGrlT22PdOZ7TV8pd9fQnQIbp9sEsUwIznG+MFD9brJcEs EtmZonF+oe96Yjtxy0CRDca9r7LuIO8B1rDCZSd8nsWKZHtHfSjnvGOQCWEp3ZcX+elh QVIgzLaKUSGpBBxLUojyCfPIQZ2G8yCvkjcxc= Received: by 10.86.31.18 with SMTP id e18mr2178400fge.72.1235295874894; Sun, 22 Feb 2009 01:44:34 -0800 (PST) Received: from ?192.168.1.25? (112-27.1-85.cust.bluewin.ch [85.1.27.112]) by mx.google.com with ESMTPS id 12sm4846971fgg.43.2009.02.22.01.44.34 (version=SSLv3 cipher=RC4-MD5); Sun, 22 Feb 2009 01:44:34 -0800 (PST) Message-ID: <49A11E82.2040909@gmail.com> Date: Sun, 22 Feb 2009 10:44:34 +0100 From: phcoder User-Agent: Thunderbird 2.0.0.19 (X11/20090105) MIME-Version: 1.0 To: The development of GRUB 2 References: <499DB343.9020301@gmail.com> <499DF97E.1080800@student.ethz.ch> <20090221134607.GJ16068@thorin> <49A00DB7.2080003@student.ethz.ch> <20090221143440.GA16682@thorin> <49A0170E.9040908@student.ethz.ch> <20090221200844.GC18492@thorin> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2) Subject: Re: A _good_ and valid use for TPM X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Feb 2009 09:44:45 -0000 >> In any case, if your attacker is that much determined to archieve >> their goal, >> reverse engineering a small chip isn't going to stop them. > Reverse engineering the TPM chip is very costly. And I'm not going to > try to protect data from NSA or CIA or another three-letter agency. On this you have to trust the manufacturer. Actually you can't know how difficult reverse-engineering is before you do. And it's only a matter of time before some crypto-hardware geek reverse-engineers it because he was bored or a crypto-student does it because it gives him an excellent diploma. This is quite possible because universities often have the necessary equipment and diploma works are supposed to be long and difficult. At this point reading a publication and using its results is trivial. And look at reverse-engineered opensource drivers. It's just a matter of obfuscation and we already know that it brings no security. If you want to protect your keys the only ways is to physically protect them like putting concrete around the flash chip Regards Vladimir 'phcoder' Serbinenko