Good article to show people thinking about switching away from M$.
Jason Holt
jason at lunkwill.org
Mon May 8 15:17:01 MDT 2006
On Sun, 7 May 2006, Michael Halcrow wrote:
> On Sun, May 07, 2006 at 05:35:32PM +0000, Jason Holt wrote:
>> I've never been able to nail down a case of a non-evil use of this
>> technology that couldn't be done purely in software or with a much
>> simpler piece of hardware. Could you describe one or two, please?
>> (And as to naming, you have to admit that they've come up with a
>> bewildering number of terms for everyone to keep straight.)
>
> One use I have in mind involves protecting the key that is used to
> encrypt the contents of a device, wherein the data on that device
> should only be accessible on a certain host or set of hosts running a
> particular operating environment. The TPM can be configured to only
> ``release'' a key if the machine is attested with a certain stack
> (bootloader, kernel, modules, etc.). If an attacker gets a hold of the
> storage device and the passphrase, he still cannot decrypt the
> contents without being at the machine, and the machine must be booted
> through a trusted chain in order for the key to be released -- meaning
> that the authentication mechanism enforced in that operating
> environment also protects the data.
Can you make that example more concrete? Are you saying I have a USB disk
encrypted against a key in the TPM module? What attacker am I worried about?
Somebody who steals the disk from my house? From my luggage? (Is it even
useful to take it in my luggage? IE., can anybody else even use the disk?)
-J
More information about the PLUG
mailing list