| Weekly edition | Kernel | Security | Distributions | Search |
| Archives | Calendar | Subscribe | Write for LWN | LWN.net FAQ |
Isn't this exactly why the TCPA chip was invented ?
Isn't this exactly why the TCPA chip was invented ?
Posted Feb 24, 2008 16:56 UTC (Sun) by ballombe (subscriber, #9523)In reply to: Isn't this exactly why the TCPA chip was invented ? by ernest
Parent article: Cold Reboot Attacks on Disk Encryption
> From the story the TCPA will not give away it's keys. Really ? I rather read it as saying that TCPA does not protect against this attack.
(Log in to post comments)
The TCPA does not address this scenario at all
Posted Feb 26, 2008 17:28 UTC (Tue) by hmh (subscriber, #3838) [Link]
While the TPCA doesn't give away its storage encryption key easily, you still need to have the unwrapped (aka unprotected) session key for your encrypted disk somewhere in main memory to work with it. The complete fix for this problem really goes through extra hardware. Designing extra-volatile memory is easy, but you need to get that memory inside a more protected location (like inside the MCH, CPU, or data storage unit itself). And an attacker with enough resources would still be able to get to it. What we can do easily, is to reduce the windows of opportunity where the keys are available unprotected in RAM, which is good enough for a lot of scenarios. Frankly, if it can be made safe enough that regular laptop and data thieves can't get to the data, I would be personally happy enough.