Security Basics mailing list archives
Re: Bulk encryption capabilities of a TPM
From: Alexander Klimov <alserkli () inbox ru>
Date: Mon, 8 May 2006 01:03:49 +0300 (IDT)
Hi. On Sun, 7 May 2006, Saqib Ali wrote:
As far as I can guess, it works as follows: ROM code hashes boot sector and reports the result to the TPM, the boot sector hashes the kernel, et cetera. Kernel reads a blob of data from disk (or USB, or whatever) and asks TPM to decrypt the blob. The TPM uses his own key for decryption of the blob, but TPM outputs the key only if the main CPU's software hash matches the value stored in the blob.Does the blob of data contain the bulk encryption key?
Yes, blob contains (encrypted) key which is used for disk encryption.
Or does the the TPM "only" decrypts the bulk encryption key, pass it to the CPU, which CPU uses for decryption the whole HDD??
Yes, TPM does not decrypt HDD -- it only extracts the key from the blob and sends it to CPU.
Thanks again.
Note again that all this is only an educated guess... -- Regards, ASK
Current thread:
- Bulk encryption capabilities of a TPM Saqib Ali (May 04)
- Re: Bulk encryption capabilities of a TPM Saqib Ali (May 05)
- Re: Bulk encryption capabilities of a TPM Alexander Klimov (May 08)
- Re: Bulk encryption capabilities of a TPM Saqib Ali (May 08)
- Re: Bulk encryption capabilities of a TPM Alexander Klimov (May 08)
- Re: Bulk encryption capabilities of a TPM Alexander Klimov (May 08)
- Re: Bulk encryption capabilities of a TPM Saqib Ali (May 05)