[Dailydave] TPM attacks
Pete Herzog
pete at isecom.org
Tue Jul 3 09:47:44 EDT 2007
Hi,
Following the thread about the BH US presentation on the TPMkit
(http://www.nvlabs.in/?q=node/32) being canceled, the discussion has
entered on the internal list now at www.opentc.net. The idea there is to
build a secure and trusted system using the TPM, virtualization, and open
source software. A good portion of that process requires security testing
of all trusted system components including the TPM software. So talk of
such things like the TPMkit are apt to pop up.
Apparently, there is a TPM attack at the boot process and from the opentc
mailing list the following papers are mentioned:
https://www.cosic.esat.kuleuven.be/publications/article-591.pdf
http://os.inf.tu-dresden.de/papers_ps/kauer07-oslo.pdf
So there is definite truth behind the proposed concept unfortunately it was
already public knowledge. Maybe they had something else in mind? What
makes me suspicious is the pop-star-like hype of their announcement about
TPMkit equating the TPM to DRM in an attempt to make a flashier announcement.
Sincerely,
-pete.
--
Pete Herzog - Managing Director - pete at isecom.org
ISECOM - Institute for Security and Open Methodologies
www.isecom.org - www.osstmm.org
www.hackerhighschool.org - www.isestorm.org
More information about the Dailydave
mailing list