User: Password:
|
|
Subscribe / Log in / New account

Does not seem to work.

Does not seem to work.

Posted Dec 4, 2008 21:52 UTC (Thu) by iabervon (subscriber, #722)
In reply to: Does not seem to work. by Jonno
Parent article: System integrity in Linux

If you replace the mobo, you'll be installing one that either lacks TPM entirely or lacks the correct private keys in the TPM; then it can't send in proofs that it's running the right code (even if it weren't running the wrong code). Consider the model where there are cash registers out in the main part of the store and a server in the back in some more secure location. An attacker may be able to break in and mess with the registers in the middle of the night. But in the morning, the server will keep insisting to the manager that the cash registers aren't right. The goal here is to make subverting a machine that people may get physical access to as difficult as subverting a better-secured machine or subverting a sealed chip package.


(Log in to post comments)

Does not seem to work.

Posted Dec 11, 2008 6:40 UTC (Thu) by jgg (guest, #55211) [Link]

It is not quite that simple.. The TPM systems I've seen implemented all come with the fundamental assumption that the BIOS is trusted, and from there they build a chain of trust down toward the OS. The basic idea is that the BIOS hashes itself, tells the TPM and then permanently locks that portion of the TPM, then it hashes the OS, tells the TPM and locks that portion. Then the OS runs and more stuff is hashed and locked. Once locked you cannot go back.

If you replace the BIOS then you can start the TPM up without locking out any localities and feed it bogus hashes till the cows come home and it will be quite happy to attest that the system is legitimate.

Presumably systems implementing a TPM like this also include a hardware lock to prevent the BIOS flash from being written after the BIOS boots, but there is nothing preventing you from replacing the flash chip entirely. Socketed SPI flash is still pretty common these days for BIOS's :)

So it can be a pretty effective guard against a network compromise but not physical.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds