Security Basics mailing list archives
Re: Bulk encryption capabilities of a TPM
From: "Saqib Ali" <docbook.xml () gmail com>
Date: Sun, 7 May 2006 11:02:34 -0700
Hello Alexander, Thanks for the response. Few more questions..
As far as I can guess, it works as follows: ROM code hashes boot sector and reports the result to the TPM, the boot sector hashes the kernel, et cetera. Kernel reads a blob of data from disk (or USB, or whatever) and asks TPM to decrypt the blob. The TPM uses his own key for decryption of the blob, but TPM outputs the key only if the main CPU's software hash matches the value stored in the blob.
Does the blob of data contain the bulk encryption key? If the TPM is doing the decryption, why does the CPU needs to have the key? Or does the the TPM "only" decrypts the bulk encryption key, pass it to the CPU, which CPU uses for decryption the whole HDD?? Thanks again. -- Saqib Ali, CISSP, ISSAP Support http://www.capital-punishment.net ----------- "I fear, if I rebel against my Lord, the retribution of an Awful Day (The Day of Resurrection)" Al-Quran 6:15 -----------
Current thread:
- Bulk encryption capabilities of a TPM Saqib Ali (May 04)
- Re: Bulk encryption capabilities of a TPM Saqib Ali (May 05)
- Re: Bulk encryption capabilities of a TPM Alexander Klimov (May 08)
- Re: Bulk encryption capabilities of a TPM Saqib Ali (May 08)
- Re: Bulk encryption capabilities of a TPM Alexander Klimov (May 08)
- Re: Bulk encryption capabilities of a TPM Alexander Klimov (May 08)
- Re: Bulk encryption capabilities of a TPM Saqib Ali (May 05)