The vulnerability should be obvious: at some point in the boot process, the VMK transits unencrypted between the TPM and the CPU. This means that it can be captured and used to decrypt the disk.

  • Merospit@infosec.exchange
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    @nothacking @tedu In the end it is all chips and circuits. But these techniques are still above the general ability so the system wont change just because of the bypass options.

    From my perspective, the circus around ‘trusted computing’ seems to be about businesses preventing people from easily putting their own software into devices so that when new devices are manufactured people need to upgrade.

    It saddens me that cryptography is being used to support this wasteful business cycle.

    • nothacking
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      There are certainly useful uses for trusted computing, like discouraging tampering with distributed computing projects, but they are used much more often to implement DRM and restrict hardware. They don’t it to be impossible, just hard enough that the average user gives up.

      Currently it is possible for an average user to to install Linux, but if that process requires hardware tampering (no normal person will decap chips), almost no one will do it.