Does not seem to work. [LWN.net]

Does not seem to work.

Posted Dec 4, 2008 12:18 UTC (Thu) by Jonno (subscriber, #49613) [Link]

In a "propperly implemented" TPM, the TPM itself would make the hash check
of the executable code in memory, so passing the wrong hash wouldn't
nessesarily work.

However, with physical access to the computer, you can simply switch out
the motherboard (and possibly other hardware), and thus bypassing the TPM
module completely. Ofcourse, to do so you must replace hardware, which
costs money, and you will probably have to replace the kernel as well, but
you was going to do that anyway. So all this does is brick the *hardware*
if you try to use other software, and makes stealing or modifying your data
slightly more expensive.

But honestly, I'm way more affraid of the rich bad guy than the poor one...

works as intended

Posted Dec 4, 2008 19:45 UTC (Thu) by elanthis (guest, #6227) [Link]

As with all security, it's just risk management and deterrents. No security is 100%. Just doesn't exist. All a security system can do is reduce the risk of a breach by introducing increasingly difficult-to-overcome deterrents.

The classic example is home security. People lock their doors, sometimes with multiple locks. They place shim bars in windows. They buy alarm systems. They get dogs. The rich might even hire guards. But at the end of the day, there is no home that cannot be broken into if the robber has the time, skill, resources, and -- most important of all -- the determination.

Same goes for computers. Sure, you could replace a mobo, or sodder on some different chips, or whatever. But that's a lot of work, requires time, money, and know-how. It also requires "full" physical access vs "partial" physical access. That is, you need access to more than the cd tray and power button, which in a secured server room might require case keys.

Basically, it's easier to reboot to a LiveCD than to modify hardware. Therefor, hardware-assisted security is more powerful and lowers risks beyond what a software-only solution can provide.

Does not seem to work.

Posted Dec 4, 2008 21:52 UTC (Thu) by iabervon (subscriber, #722) [Link]

If you replace the mobo, you'll be installing one that either lacks TPM entirely or lacks the correct private keys in the TPM; then it can't send in proofs that it's running the right code (even if it weren't running the wrong code). Consider the model where there are cash registers out in the main part of the store and a server in the back in some more secure location. An attacker may be able to break in and mess with the registers in the middle of the night. But in the morning, the server will keep insisting to the manager that the cash registers aren't right. The goal here is to make subverting a machine that people may get physical access to as difficult as subverting a better-secured machine or subverting a sealed chip package.

Does not seem to work.

Posted Dec 11, 2008 6:40 UTC (Thu) by jgg (guest, #55211) [Link]

It is not quite that simple.. The TPM systems I've seen implemented all come with the fundamental assumption that the BIOS is trusted, and from there they build a chain of trust down toward the OS. The basic idea is that the BIOS hashes itself, tells the TPM and then permanently locks that portion of the TPM, then it hashes the OS, tells the TPM and locks that portion. Then the OS runs and more stuff is hashed and locked. Once locked you cannot go back.

If you replace the BIOS then you can start the TPM up without locking out any localities and feed it bogus hashes till the cows come home and it will be quite happy to attest that the system is legitimate.

Presumably systems implementing a TPM like this also include a hardware lock to prevent the BIOS flash from being written after the BIOS boots, but there is nothing preventing you from replacing the flash chip entirely. Socketed SPI flash is still pretty common these days for BIOS's :)

So it can be a pretty effective guard against a network compromise but not physical.