Security Basics mailing list archives
Re: Bulk encryption capabilities of a TPM
From: Alexander Klimov <alserkli () inbox ru>
Date: Sun, 7 May 2006 12:24:08 +0300 (IDT)
On Thu, 4 May 2006, Saqib Ali wrote:
Maybe IBM's definition "bulk" is different than Atmel's. When I hear the word "bulk", it means several (100+) GB of data to me.
``Bulk'' may also mean just symmetric cryptography.
One possible solution I forgot to mention in my email was that the ASIC possesses a symmetric key which is used for bulk encryption. Now the TPM has to only decrypt / encrypt this bulk encryption key instead of the decrypting/encrypting the whole HDD. Same thing can be applied to a software based solution. But where does the software store this encrypted bulk encryption key????? You need persistent storage for this key. A software alone can not provide a safe place for this key.
As far as I can guess, it works as follows: ROM code hashes boot sector and reports the result to the TPM, the boot sector hashes the kernel, et cetera. Kernel reads a blob of data from disk (or USB, or whatever) and asks TPM to decrypt the blob. The TPM uses his own key for decryption of the blob, but TPM outputs the key only if the main CPU's software hash matches the value stored in the blob. So, if an attacker takes the disk and put it in a different computer, the TPM will not be able to decrypt the blob because that TPM has a different key. (The same happens if your motherboard dies and you want to recover your data :-).) If an attacker loads another OS then the hashes (reported by ROM, boot sector, etc.) will be different and so the TPM will not release the key ... unless an attacker can change the ROM (which is usually flash) so that it lies to the TPM about the hashes. -- Regards, ASK
Current thread:
- Bulk encryption capabilities of a TPM Saqib Ali (May 04)
- Re: Bulk encryption capabilities of a TPM Saqib Ali (May 05)
- Re: Bulk encryption capabilities of a TPM Alexander Klimov (May 08)
- Re: Bulk encryption capabilities of a TPM Saqib Ali (May 08)
- Re: Bulk encryption capabilities of a TPM Alexander Klimov (May 08)
- Re: Bulk encryption capabilities of a TPM Alexander Klimov (May 08)
- Re: Bulk encryption capabilities of a TPM Saqib Ali (May 05)